Commit | Line | Data |
---|---|---|
a5caed3e DH |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
292a315f | 5 | perl5125delta - what is new for perl v5.12.5 |
a5caed3e DH |
6 | |
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.12.4 release and | |
10 | the 5.12.5 release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.12.3, first read | |
13 | L<perl5124delta>, which describes differences between 5.12.3 and | |
14 | 5.12.4. | |
15 | ||
16 | =head1 Security | |
17 | ||
18 | =head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939) | |
19 | ||
20 | A bug in C<Encode> could, on certain inputs, cause the heap to overflow. | |
21 | This problem has been corrected. Bug reported by Robert Zacek. | |
22 | ||
23 | =head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728). | |
24 | ||
25 | Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would | |
26 | cause an access violation / segfault. A Perl program that accepts a flags value from | |
27 | an external source could expose itself to denial of service or arbitrary code | |
28 | execution attacks. There are no known exploits in the wild. The problem has been | |
29 | corrected by explicitly disabling all unsupported flags and setting unused function | |
30 | pointers to null. Bug reported by Clément Lecigne. | |
31 | ||
32 | =head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195) | |
33 | ||
34 | Poorly written perl code that allows an attacker to specify the count to | |
35 | perl's 'x' string repeat operator can already cause a memory exhaustion | |
36 | denial-of-service attack. A flaw in versions of perl before 5.15.5 can | |
37 | escalate that into a heap buffer overrun; coupled with versions of glibc | |
38 | before 2.16, it possibly allows the execution of arbitrary code. | |
39 | ||
40 | This problem has been fixed. | |
41 | ||
42 | =head1 Incompatible Changes | |
43 | ||
44 | There are no changes intentionally incompatible with 5.12.4. If any | |
45 | exist, they are bugs and reports are welcome. | |
46 | ||
47 | =head1 Modules and Pragmata | |
48 | ||
49 | =head2 Updated Modules | |
50 | ||
51 | =head3 L<B::Concise> | |
52 | ||
53 | L<B::Concise> no longer produces mangled output with the B<-tree> option | |
54 | [perl #80632]. | |
55 | ||
56 | =head3 L<charnames> | |
57 | ||
58 | A regression introduced in Perl 5.8.8 has been fixed, that caused | |
59 | C<charnames::viacode(0)> to return C<undef> instead of the string "NULL" | |
60 | [perl #72624]. | |
61 | ||
62 | =head3 L<Encode> has been upgraded from version 2.39 to version 2.39_01. | |
63 | ||
64 | See L</Security>. | |
65 | ||
66 | =head3 L<File::Glob> has been upgraded from version 1.07 to version 1.07_01. | |
67 | ||
68 | See L</Security>. | |
69 | ||
70 | =head3 L<Unicode::UCD> | |
71 | ||
72 | The documentation for the C<upper> function now actually says "upper", not | |
73 | "lower". | |
74 | ||
75 | =head3 L<Module::CoreList> | |
76 | ||
77 | L<Module::CoreList> has been updated to version 2.50_02 to add data for | |
78 | this release. | |
79 | ||
80 | =head1 Changes to Existing Documentation | |
81 | ||
82 | =head2 L<perlebcdic> | |
83 | ||
84 | The L<perlebcdic> document contains a helpful table to use in C<tr///> to | |
85 | convert between EBCDIC and Latin1/ASCII. Unfortunately, the table was the | |
86 | inverse of the one it describes. This has been corrected. | |
87 | ||
88 | =head2 L<perlunicode> | |
89 | ||
90 | The section on | |
91 | L<User-Defined Case Mappings|perlunicode/User-Defined Case Mappings> had | |
92 | some bad markup and unclear sentences, making parts of it unreadable. This | |
93 | has been rectified. | |
94 | ||
95 | =head2 L<perluniprops> | |
96 | ||
97 | This document has been corrected to take non-ASCII platforms into account. | |
98 | ||
99 | =head1 Installation and Configuration Improvements | |
100 | ||
101 | =head2 Platform Specific Changes | |
102 | ||
103 | =over 4 | |
104 | ||
105 | =item Mac OS X | |
106 | ||
107 | There have been configuration and test fixes to make Perl build cleanly on | |
108 | Lion and Mountain Lion. | |
109 | ||
110 | =item NetBSD | |
111 | ||
112 | The NetBSD hints file was corrected to be compatible with NetBSD 6.* | |
113 | ||
114 | =back | |
115 | ||
116 | =head1 Selected Bug Fixes | |
117 | ||
118 | =over 4 | |
119 | ||
120 | =item * | |
121 | ||
122 | C<chop> now correctly handles characters above "\x{7fffffff}" | |
123 | [perl #73246]. | |
124 | ||
125 | =item * | |
126 | ||
127 | C<< ($<,$>) = (...) >> stopped working properly in 5.12.0. It is supposed | |
128 | to make a single C<setreuid()> call, rather than calling C<setruid()> and | |
129 | C<seteuid()> separately. Consequently it did not work properly. This has | |
130 | been fixed [perl #75212]. | |
131 | ||
132 | =item * | |
133 | ||
134 | Fixed a regression of kill() when a match variable is used for the | |
135 | process ID to kill [perl #75812]. | |
136 | ||
137 | =item * | |
138 | ||
139 | C<UNIVERSAL::VERSION> no longer leaks memory. It started leaking in Perl | |
140 | 5.10.0. | |
141 | ||
142 | =item * | |
143 | ||
144 | The C-level C<my_strftime> functions no longer leaks memory. This fixes a | |
145 | memory leak in C<POSIX::strftime> [perl #73520]. | |
146 | ||
147 | =item * | |
148 | ||
149 | C<caller> no longer leaks memory when called from the DB package if | |
150 | C<@DB::args> was assigned to after the first call to C<caller>. L<Carp> | |
151 | was triggering this bug [perl #97010]. | |
152 | ||
153 | =item * | |
154 | ||
155 | Passing to C<index> an offset beyond the end of the string when the string | |
156 | is encoded internally in UTF8 no longer causes panics [perl #75898]. | |
157 | ||
158 | =item * | |
159 | ||
160 | Syntax errors in C<< (?{...}) >> blocks in regular expressions no longer | |
161 | cause panic messages [perl #2353]. | |
162 | ||
163 | =item * | |
164 | ||
165 | Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of | |
166 | a pack template equivalent to "U0" if the input string was empty. This has | |
167 | been fixed [perl #90160]. | |
168 | ||
169 | =back | |
170 | ||
171 | =head1 Errata | |
172 | ||
173 | =head2 split() and C<@_> | |
174 | ||
175 | split() no longer modifies C<@_> when called in scalar or void context. | |
176 | In void context it now produces a "Useless use of split" warning. | |
177 | This is actually a change introduced in perl 5.12.0, but it was missed from | |
178 | that release's L<perl5120delta>. | |
179 | ||
180 | =head1 Acknowledgements | |
181 | ||
182 | Perl 5.12.5 represents approximately 17 months of development since Perl 5.12.4 | |
183 | and contains approximately 1,900 lines of changes across 64 files from 18 | |
184 | authors. | |
185 | ||
186 | Perl continues to flourish into its third decade thanks to a vibrant community | |
187 | of users and developers. The following people are known to have contributed the | |
188 | improvements that became Perl 5.12.5: | |
189 | ||
190 | Andy Dougherty, Chris 'BinGOs' Williams, Craig A. Berry, David Mitchell, | |
191 | Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, George Greer, Goro | |
192 | Fuji, Jesse Vincent, Karl Williamson, Leon Brocard, Nicholas Clark, Rafael | |
193 | Garcia-Suarez, Reini Urban, Ricardo Signes, Steve Hay, Tony Cook. | |
194 | ||
195 | The list above is almost certainly incomplete as it is automatically generated | |
196 | from version control history. In particular, it does not include the names of | |
197 | the (very much appreciated) contributors who reported issues to the Perl bug | |
198 | tracker. | |
199 | ||
200 | Many of the changes included in this version originated in the CPAN modules | |
201 | included in Perl's core. We're grateful to the entire CPAN community for | |
202 | helping Perl to flourish. | |
203 | ||
204 | For a more complete list of all of Perl's historical contributors, please see | |
205 | the F<AUTHORS> file in the Perl source distribution. | |
206 | ||
207 | =head1 Reporting Bugs | |
208 | ||
209 | If you find what you think is a bug, you might check the articles | |
210 | recently posted to the comp.lang.perl.misc newsgroup and the perl | |
211 | bug database at http://rt.perl.org/perlbug/ . There may also be | |
212 | information at http://www.perl.org/ , the Perl Home Page. | |
213 | ||
214 | If you believe you have an unreported bug, please run the B<perlbug> | |
215 | program included with your release. Be sure to trim your bug down | |
216 | to a tiny but sufficient test case. Your bug report, along with the | |
217 | output of C<perl -V>, will be sent off to perlbug@perl.org to be | |
218 | analysed by the Perl porting team. | |
219 | ||
220 | If the bug you are reporting has security implications, which make it | |
221 | inappropriate to send to a publicly archived mailing list, then please send | |
222 | it to perl5-security-report@perl.org. This points to a closed subscription | |
223 | unarchived mailing list, which includes all the core committers, who be able | |
224 | to help assess the impact of issues, figure out a resolution, and help | |
225 | co-ordinate the release of patches to mitigate or fix the problem across all | |
226 | platforms on which Perl is supported. Please only use this address for | |
227 | security issues in the Perl core, not for modules independently | |
228 | distributed on CPAN. | |
229 | ||
230 | =head1 SEE ALSO | |
231 | ||
232 | The F<Changes> file for an explanation of how to view exhaustive details | |
233 | on what changed. | |
234 | ||
235 | The F<INSTALL> file for how to build Perl. | |
236 | ||
237 | The F<README> file for general stuff. | |
238 | ||
239 | The F<Artistic> and F<Copying> files for copyright information. | |
240 | ||
241 | =cut |