https://perl5.git.perl.org / perl5.git / blame
| Commit | Line | Data |
|---|---|---|
| 77efd0f7 FR |
1 | =encoding utf8 |
| 2 | ||
| 3 | =head1 NAME | |
| 4 | ||
| 5 | perl5142delta - what is new for perl v5.14.2 | |
| 6 | ||
| 7 | =head1 DESCRIPTION | |
| 8 | ||
| 9 | This document describes differences between the 5.14.1 release and | |
| 10 | the 5.14.2 release. | |
| 11 | ||
| 12 | If you are upgrading from an earlier release such as 5.14.0, first read | |
| 13 | L<perl5141delta>, which describes differences between 5.14.0 and | |
| 14 | 5.14.1. | |
| 15 | ||
| 16 | =head1 Core Enhancements | |
| 17 | ||
| 18 | No changes since 5.14.0. | |
| 19 | ||
| 20 | =head1 Security | |
| 21 | ||
| 22 | =head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728). | |
| 23 | ||
| 24 | Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would | |
| 25 | cause an access violation / segfault. A Perl program that accepts a flags value from | |
| 26 | an external source could expose itself to denial of service or arbitrary code | |
| 27 | execution attacks. There are no known exploits in the wild. The problem has been | |
| 28 | corrected by explicitly disabling all unsupported flags and setting unused function | |
| 29 | pointers to null. Bug reported by Clément Lecigne. | |
| 30 | ||
| 31 | =head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939) | |
| 32 | ||
| 33 | A bug in C<Encode> could, on certain inputs, cause the heap to overflow. | |
| 34 | This problem has been corrected. Bug reported by Robert Zacek. | |
| 35 | ||
| 36 | =head1 Incompatible Changes | |
| 37 | ||
| 38 | There are no changes intentionally incompatible with 5.14.0. If any | |
| 39 | exist, they are bugs and reports are welcome. | |
| 40 | ||
| 41 | =head1 Deprecations | |
| 42 | ||
| 43 | There have been no deprecations since 5.14.0. | |
| 44 | ||
| 45 | =head1 Modules and Pragmata | |
| 46 | ||
| 47 | =head2 New Modules and Pragmata | |
| 48 | ||
| 49 | None | |
| 50 | ||
| 51 | =head2 Updated Modules and Pragmata | |
| 52 | ||
| 53 | =over 4 | |
| 54 | ||
| 55 | =item * | |
| 56 | ||
| 57 | L<CPAN> has been upgraded from version 1.9600 to version 1.9600_01. | |
| 58 | ||
| 59 | L<CPAN::Distribution> has been upgraded from version 1.9602 to 1.9602_01. | |
| 60 | ||
| 61 | Backported bugfixes from CPAN version 1.9800. Ensures proper | |
| 62 | detection of C<configure_requires> prerequisites from CPAN Meta files | |
| 63 | in the case where C<dynamic_config> is true. [rt.cpan.org #68835] | |
| 64 | ||
| 65 | Also ensures that C<configure_requires> is only checked in META files, | |
| 66 | not MYMETA files, so protect against MYMETA generation that drops | |
| 67 | C<configure_requires>. | |
| 68 | ||
| 69 | =item * | |
| 70 | ||
| 71 | L<Encode> has been upgraded from version 2.42 to 2.42_01. | |
| 72 | ||
| 73 | See L</Security>. | |
| 74 | ||
| 75 | =item * | |
| 76 | ||
| 77 | L<File::Glob> has been upgraded from version 1.12 to version 1.13. | |
| 78 | ||
| 79 | See L</Security>. | |
| 80 | ||
| 81 | =item * | |
| 82 | ||
| 83 | L<PerlIO::scalar> has been upgraded from version 0.11 to 0.11_01. | |
| 84 | ||
| 85 | It fixes a problem with C<< open my $fh, ">", \$scalar >> not working if | |
| 86 | C<$scalar> is a copy-on-write scalar. | |
| 87 | ||
| 88 | =back | |
| 89 | ||
| 90 | =head2 Removed Modules and Pragmata | |
| 91 | ||
| 92 | None | |
| 93 | ||
| 94 | =head1 Platform Support | |
| 95 | ||
| 96 | =head2 New Platforms | |
| 97 | ||
| 98 | None | |
| 99 | ||
| 100 | =head2 Discontinued Platforms | |
| 101 | ||
| 102 | None | |
| 103 | ||
| 104 | =head2 Platform-Specific Notes | |
| 105 | ||
| 106 | =over 4 | |
| 107 | ||
| 108 | =item HP-UX PA-RISC/64 now supports gcc-4.x | |
| 109 | ||
| 110 | A fix to correct the socketsize now makes the test suite pass on HP-UX | |
| 111 | PA-RISC for 64bitall builds. | |
| 112 | ||
| 113 | =item Building on OS X 10.7 Lion and Xcode 4 works again | |
| 114 | ||
| 115 | The build system has been updated to work with the build tools under Mac OS X | |
| 116 | 10.7. | |
| 117 | ||
| 118 | =back | |
| 119 | ||
| 120 | =head1 Bug Fixes | |
| 121 | ||
| 122 | =over 4 | |
| 123 | ||
| 124 | =item * | |
| 125 | ||
| 126 | In @INC filters (subroutines returned by subroutines in @INC), $_ used to | |
| 127 | misbehave: If returned from a subroutine, it would not be copied, but the | |
| 128 | variable itself would be returned; and freeing $_ (e.g., with C<undef *_>) | |
| 129 | would cause perl to crash. This has been fixed [perl #91880]. | |
| 130 | ||
| 131 | =item * | |
| 132 | ||
| 133 | Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of | |
| 134 | a pack template equivalent to "U0" if the input string was empty. This has | |
| 135 | been fixed [perl #90160]. | |
| 136 | ||
| 137 | =item * | |
| 138 | ||
| 139 | C<caller> no longer leaks memory when called from the DB package if | |
| 140 | C<@DB::args> was assigned to after the first call to C<caller>. L<Carp> | |
| 141 | was triggering this bug [perl #97010]. | |
| 142 | ||
| 143 | =item * | |
| 144 | ||
| 145 | C<utf8::decode> had a nasty bug that would modify copy-on-write scalars' | |
| 146 | string buffers in place (i.e., skipping the copy). This could result in | |
| 147 | hashes having two elements with the same key [perl #91834]. | |
| 148 | ||
| 149 | =item * | |
| 150 | ||
| 151 | Localising a tied variable used to make it read-only if it contained a | |
| 152 | copy-on-write string. | |
| 153 | ||
| 154 | =item * | |
| 155 | ||
| 156 | Elements of restricted hashes (see the L<fields> pragma) containing | |
| 157 | copy-on-write values couldn't be deleted, nor could such hashes be cleared | |
| 158 | (C<%hash = ()>). | |
| 159 | ||
| 160 | =item * | |
| 161 | ||
| 162 | Locking a hash element that is a glob copy no longer causes subsequent | |
| 163 | assignment to it to corrupt the glob. | |
| 164 | ||
| 165 | =item * | |
| 166 | ||
| 167 | A panic involving the combination of the regular expression modifiers | |
| 168 | C</aa> introduced in 5.14.0 and the C<\b> escape sequence has been | |
| 169 | fixed [perl #95964]. | |
| 170 | ||
| 171 | =back | |
| 172 | ||
| 173 | =head1 Known Problems | |
| 174 | ||
| 175 | This is a list of some significant unfixed bugs, which are regressions | |
| 176 | from 5.12.0. | |
| 177 | ||
| 178 | =over 4 | |
| 179 | ||
| 180 | =item * | |
| 181 | ||
| 182 | C<PERL_GLOBAL_STRUCT> is broken. | |
| 183 | ||
| 184 | Since perl 5.14.0, building with C<-DPERL_GLOBAL_STRUCT> hasn't been | |
| 185 | possible. This means that perl currently doesn't work on any platforms that | |
| 186 | require it to be built this way, including Symbian. | |
| 187 | ||
| 188 | While C<PERL_GLOBAL_STRUCT> now works again on recent development versions of | |
| 189 | perl, it actually working on Symbian again hasn't been verified. | |
| 190 | ||
| 191 | We'd be very interested in hearing from anyone working with Perl on Symbian. | |
| 192 | ||
| 193 | =back | |
| 194 | ||
| 195 | =head1 Acknowledgements | |
| 196 | ||
| 197 | Perl 5.14.2 represents approximately three months of development since | |
| 198 | Perl 5.14.1 and contains approximately 1200 lines of changes | |
| 199 | across 61 files from 9 authors. | |
| 200 | ||
| 201 | Perl continues to flourish into its third decade thanks to a vibrant | |
| 202 | community of users and developers. The following people are known to | |
| 203 | have contributed the improvements that became Perl 5.14.2: | |
| 204 | ||
| 205 | Craig A. Berry, David Golden, Father Chrysostomos, Florian Ragwitz, H.Merijn | |
| 206 | Brand, Karl Williamson, Nicholas Clark, Pau Amma and Ricardo Signes. | |
| 207 | ||
| 208 | =head1 Reporting Bugs | |
| 209 | ||
| 210 | If you find what you think is a bug, you might check the articles | |
| 211 | recently posted to the comp.lang.perl.misc newsgroup and the perl | |
| 212 | bug database at http://rt.perl.org/perlbug/ . There may also be | |
| 213 | information at http://www.perl.org/ , the Perl Home Page. | |
| 214 | ||
| 215 | If you believe you have an unreported bug, please run the L<perlbug> | |
| 216 | program included with your release. Be sure to trim your bug down | |
| 217 | to a tiny but sufficient test case. Your bug report, along with the | |
| 218 | output of C<perl -V>, will be sent off to perlbug@perl.org to be | |
| 219 | analysed by the Perl porting team. | |
| 220 | ||
| 221 | If the bug you are reporting has security implications, which make it | |
| 222 | inappropriate to send to a publicly archived mailing list, then please send | |
| 223 | it to perl5-security-report@perl.org. This points to a closed subscription | |
| 224 | unarchived mailing list, which includes all the core committers, who be able | |
| 225 | to help assess the impact of issues, figure out a resolution, and help | |
| 226 | co-ordinate the release of patches to mitigate or fix the problem across all | |
| 227 | platforms on which Perl is supported. Please only use this address for | |
| 228 | security issues in the Perl core, not for modules independently | |
| 229 | distributed on CPAN. | |
| 230 | ||
| 231 | =head1 SEE ALSO | |
| 232 | ||
| 233 | The F<Changes> file for an explanation of how to view exhaustive details | |
| 234 | on what changed. | |
| 235 | ||
| 236 | The F<INSTALL> file for how to build Perl. | |
| 237 | ||
| 238 | The F<README> file for general stuff. | |
| 239 | ||
| 240 | The F<Artistic> and F<Copying> files for copyright information. | |
| 241 | ||
| 242 | =cut |