Commit | Line | Data |
---|---|---|
877744bd DH |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | perl5143delta - what is new for perl v5.14.3 | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.14.2 release and | |
10 | the 5.14.3 release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.12.0, first read | |
13 | L<perl5140delta>, which describes differences between 5.12.0 and | |
14 | 5.14.0. | |
15 | ||
16 | =head1 Core Enhancements | |
17 | ||
18 | No changes since 5.14.0. | |
19 | ||
20 | =head1 Security | |
21 | ||
22 | =head2 C<Digest> unsafe use of eval (CVE-2011-3597) | |
23 | ||
24 | The C<Digest-E<gt>new()> function did not properly sanitize input before | |
25 | using it in an eval() call, which could lead to the injection of arbitrary | |
26 | Perl code. | |
27 | ||
28 | In order to exploit this flaw, the attacker would need to be able to set | |
29 | the algorithm name used, or be able to execute arbitrary Perl code already. | |
30 | ||
31 | This problem has been fixed. | |
32 | ||
33 | =head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195) | |
34 | ||
35 | Poorly written perl code that allows an attacker to specify the count to | |
36 | perl's 'x' string repeat operator can already cause a memory exhaustion | |
37 | denial-of-service attack. A flaw in versions of perl before 5.15.5 can | |
38 | escalate that into a heap buffer overrun; coupled with versions of glibc | |
39 | before 2.16, it possibly allows the execution of arbitrary code. | |
40 | ||
41 | This problem has been fixed. | |
42 | ||
43 | =head1 Incompatible Changes | |
44 | ||
45 | There are no changes intentionally incompatible with 5.14.0. If any | |
46 | exist, they are bugs and reports are welcome. | |
47 | ||
48 | =head1 Deprecations | |
49 | ||
50 | There have been no deprecations since 5.14.0. | |
51 | ||
52 | =head1 Modules and Pragmata | |
53 | ||
54 | =head2 New Modules and Pragmata | |
55 | ||
56 | None | |
57 | ||
58 | =head2 Updated Modules and Pragmata | |
59 | ||
60 | =over 4 | |
61 | ||
62 | =item * | |
63 | ||
64 | L<PerlIO::scalar> was updated to fix a bug in which opening a filehandle to | |
65 | a glob copy caused assertion failures (under debugging) or hangs or other | |
66 | erratic behaviour without debugging. | |
67 | ||
68 | =item * | |
69 | ||
70 | L<ODBM_File> and L<NDBM_File> were updated to allow building on GNU/Hurd. | |
71 | ||
72 | =item * | |
73 | ||
74 | L<IPC::Open3> has been updated to fix a regression introduced in perl | |
75 | 5.12, which broke C<IPC::Open3::open3($in, $out, $err, '-')>. | |
76 | [perl #95748] | |
77 | ||
78 | =item * | |
79 | ||
80 | L<Digest> has been upgraded from version 1.16 to 1.16_01. | |
81 | ||
82 | See L</Security>. | |
83 | ||
84 | =item * | |
85 | ||
86 | L<Module::CoreList> has been updated to version 2.49_04 to add data for | |
87 | this release. | |
88 | ||
89 | =back | |
90 | ||
91 | =head2 Removed Modules and Pragmata | |
92 | ||
93 | None | |
94 | ||
95 | =head1 Documentation | |
96 | ||
97 | =head2 New Documentation | |
98 | ||
99 | None | |
100 | ||
101 | =head2 Changes to Existing Documentation | |
102 | ||
103 | =head3 L<perlcheat> | |
104 | ||
105 | =over 4 | |
106 | ||
107 | =item * | |
108 | ||
109 | L<perlcheat> was updated to 5.14. | |
110 | ||
111 | =back | |
112 | ||
113 | =head1 Configuration and Compilation | |
114 | ||
115 | =over 4 | |
116 | ||
117 | =item * | |
118 | ||
119 | h2ph was updated to search correctly gcc include directories on platforms | |
120 | such as Debian with multi-architecture support. | |
121 | ||
122 | =item * | |
123 | ||
124 | In Configure, the test for procselfexe was refactored into a loop. | |
125 | ||
126 | =back | |
127 | ||
128 | =head1 Platform Support | |
129 | ||
130 | =head2 New Platforms | |
131 | ||
132 | None | |
133 | ||
134 | =head2 Discontinued Platforms | |
135 | ||
136 | None | |
137 | ||
138 | =head2 Platform-Specific Notes | |
139 | ||
140 | =over 4 | |
141 | ||
142 | =item FreeBSD | |
143 | ||
144 | The FreeBSD hints file was corrected to be compatible with FreeBSD 10.0. | |
145 | ||
146 | =item Solaris and NetBSD | |
147 | ||
148 | Configure was updated for "procselfexe" support on Solaris and NetBSD. | |
149 | ||
150 | =item HP-UX | |
151 | ||
152 | README.hpux was updated to note the existence of a broken header in | |
153 | HP-UX 11.00. | |
154 | ||
155 | =item Linux | |
156 | ||
157 | libutil is no longer used when compiling on Linux platforms, which avoids | |
158 | warnings being emitted. | |
159 | ||
160 | The system gcc (rather than any other gcc which might be in the compiling | |
161 | user's path) is now used when searching for libraries such as C<-lm>. | |
162 | ||
163 | =item Mac OS X | |
164 | ||
165 | The locale tests were updated to reflect the behaviour of locales in | |
166 | Mountain Lion. | |
167 | ||
168 | =item GNU/Hurd | |
169 | ||
170 | Various build and test fixes were included for GNU/Hurd. | |
171 | ||
172 | LFS support was enabled in GNU/Hurd. | |
173 | ||
174 | =item NetBSD | |
175 | ||
176 | The NetBSD hints file was corrected to be compatible with NetBSD 6.* | |
177 | ||
178 | =back | |
179 | ||
180 | =head1 Bug Fixes | |
181 | ||
182 | =over 4 | |
183 | ||
184 | =item * | |
185 | ||
186 | A regression has been fixed that was introduced in 5.14, in C</i> | |
187 | regular expression matching, in which a match improperly fails if the | |
188 | pattern is in UTF-8, the target string is not, and a Latin-1 character | |
189 | precedes a character in the string that should match the pattern. [perl | |
190 | #101710] | |
191 | ||
192 | =item * | |
193 | ||
194 | In case-insensitive regular expression pattern matching, no longer on | |
195 | UTF-8 encoded strings does the scan for the start of match only look at | |
196 | the first possible position. This caused matches such as | |
197 | C<"f\x{FB00}" =~ /ff/i> to fail. | |
198 | ||
199 | =item * | |
200 | ||
201 | The sitecustomize support was made relocatableinc aware, so that | |
202 | -Dusesitecustomize and -Duserelocatableinc may be used together. | |
203 | ||
204 | =item * | |
205 | ||
206 | The smartmatch operator (C<~~>) was changed so that the right-hand side | |
207 | takes precedence during C<Any ~~ Object> operations. | |
208 | ||
209 | =item * | |
210 | ||
211 | A bug has been fixed in the tainting support, in which an C<index()> | |
212 | operation on a tainted constant would cause all other constants to become | |
213 | tainted. [perl #64804] | |
214 | ||
215 | =item * | |
216 | ||
217 | A regression has been fixed that was introduced in perl 5.12, whereby | |
218 | tainting errors were not correctly propagated through C<die()>. | |
219 | [perl #111654] | |
220 | ||
221 | =item * | |
222 | ||
223 | A regression has been fixed that was introduced in perl 5.14, in which | |
224 | C</[[:lower:]]/i> and C</[[:upper:]]/i> no longer matched the opposite case. | |
225 | [perl #101970] | |
226 | ||
227 | =back | |
228 | ||
229 | =head1 Acknowledgements | |
230 | ||
231 | Perl 5.14.3 represents approximately 12 months of development since Perl 5.14.2 | |
232 | and contains approximately 2,300 lines of changes across 64 files from 22 | |
233 | authors. | |
234 | ||
235 | Perl continues to flourish into its third decade thanks to a vibrant community | |
236 | of users and developers. The following people are known to have contributed the | |
237 | improvements that became Perl 5.14.3: | |
238 | ||
239 | Abigail, Andy Dougherty, Carl Hayter, Chris 'BinGOs' Williams, Dave Rolsky, | |
240 | David Mitchell, Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, | |
241 | H.Merijn Brand, Jilles Tjoelker, Karl Williamson, Leon Timmermans, Michael G | |
242 | Schwern, Nicholas Clark, Niko Tyni, Pino Toscano, Ricardo Signes, Salvador | |
243 | FandiƱo, Samuel Thibault, Steve Hay, Tony Cook. | |
244 | ||
245 | The list above is almost certainly incomplete as it is automatically generated | |
246 | from version control history. In particular, it does not include the names of | |
247 | the (very much appreciated) contributors who reported issues to the Perl bug | |
248 | tracker. | |
249 | ||
250 | Many of the changes included in this version originated in the CPAN modules | |
251 | included in Perl's core. We're grateful to the entire CPAN community for | |
252 | helping Perl to flourish. | |
253 | ||
254 | For a more complete list of all of Perl's historical contributors, please see | |
255 | the F<AUTHORS> file in the Perl source distribution. | |
256 | ||
257 | =head1 Reporting Bugs | |
258 | ||
259 | If you find what you think is a bug, you might check the articles | |
260 | recently posted to the comp.lang.perl.misc newsgroup and the perl | |
261 | bug database at http://rt.perl.org/perlbug/ . There may also be | |
262 | information at http://www.perl.org/ , the Perl Home Page. | |
263 | ||
264 | If you believe you have an unreported bug, please run the L<perlbug> | |
265 | program included with your release. Be sure to trim your bug down | |
266 | to a tiny but sufficient test case. Your bug report, along with the | |
267 | output of C<perl -V>, will be sent off to perlbug@perl.org to be | |
268 | analysed by the Perl porting team. | |
269 | ||
270 | If the bug you are reporting has security implications, which make it | |
271 | inappropriate to send to a publicly archived mailing list, then please send | |
272 | it to perl5-security-report@perl.org. This points to a closed subscription | |
273 | unarchived mailing list, which includes all the core committers, who be able | |
274 | to help assess the impact of issues, figure out a resolution, and help | |
275 | co-ordinate the release of patches to mitigate or fix the problem across all | |
276 | platforms on which Perl is supported. Please only use this address for | |
277 | security issues in the Perl core, not for modules independently | |
278 | distributed on CPAN. | |
279 | ||
280 | =head1 SEE ALSO | |
281 | ||
282 | The F<Changes> file for an explanation of how to view exhaustive details | |
283 | on what changed. | |
284 | ||
285 | The F<INSTALL> file for how to build Perl. | |
286 | ||
287 | The F<README> file for general stuff. | |
288 | ||
289 | The F<Artistic> and F<Copying> files for copyright information. | |
290 | ||
291 | =cut |