Commit | Line | Data |
---|---|---|
eaf7bcbf RS |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | perl5163delta - what is new for perl v5.16.3 | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.16.2 release and | |
10 | the 5.16.3 release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.16.1, first read | |
13 | L<perl5162delta>, which describes differences between 5.16.1 and | |
14 | 5.16.2. | |
15 | ||
16 | =head1 Core Enhancements | |
17 | ||
18 | No changes since 5.16.0. | |
19 | ||
20 | =head1 Security | |
21 | ||
22 | This release contains one major and a number of minor security fixes. | |
23 | These latter are included mainly to allow the test suite to pass cleanly | |
24 | with the clang compiler's address sanitizer facility. | |
25 | ||
26 | =head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys | |
27 | ||
28 | With a carefully crafted set of hash keys (for example arguments on a | |
29 | URL), it is possible to cause a hash to consume a large amount of memory | |
30 | and CPU, and thus possibly to achieve a Denial-of-Service. | |
31 | ||
32 | This problem has been fixed. | |
33 | ||
34 | =head2 wrap-around with IO on long strings | |
35 | ||
36 | Reading or writing strings greater than 2**31 bytes in size could segfault | |
37 | due to integer wraparound. | |
38 | ||
39 | This problem has been fixed. | |
40 | ||
41 | =head2 memory leak in Encode | |
42 | ||
43 | The UTF-8 encoding implementation in Encode.xs had a memory leak which has been | |
44 | fixed. | |
45 | ||
46 | =head1 Incompatible Changes | |
47 | ||
48 | There are no changes intentionally incompatible with 5.16.0. If any | |
49 | exist, they are bugs and reports are welcome. | |
50 | ||
51 | =head1 Deprecations | |
52 | ||
53 | There have been no deprecations since 5.16.0. | |
54 | ||
55 | =head1 Modules and Pragmata | |
56 | ||
57 | =head2 Updated Modules and Pragmata | |
58 | ||
59 | =over 4 | |
60 | ||
61 | =item * | |
62 | ||
63 | L<Encode> has been upgraded from version 2.44 to version 2.44_01. | |
64 | ||
65 | =item * | |
66 | ||
67 | L<Module::CoreList> has been upgraded from version 2.76 to version 2.76_02. | |
68 | ||
69 | =item * | |
70 | ||
71 | L<XS::APItest> has been upgraded from version 0.38 to version 0.39. | |
72 | ||
73 | =back | |
74 | ||
75 | =head1 Known Problems | |
76 | ||
77 | None. | |
78 | ||
79 | =head1 Acknowledgements | |
80 | ||
81 | Perl 5.16.3 represents approximately 4 months of development since Perl 5.16.2 | |
82 | and contains approximately 870 lines of changes across 39 files from 7 authors. | |
83 | ||
84 | Perl continues to flourish into its third decade thanks to a vibrant community | |
85 | of users and developers. The following people are known to have contributed the | |
86 | improvements that became Perl 5.16.3: | |
87 | ||
88 | Andy Dougherty, Chris 'BinGOs' Williams, Dave Rolsky, David Mitchell, Michael | |
89 | Schroeder, Ricardo Signes, Yves Orton. | |
90 | ||
91 | The list above is almost certainly incomplete as it is automatically generated | |
92 | from version control history. In particular, it does not include the names of | |
93 | the (very much appreciated) contributors who reported issues to the Perl bug | |
94 | tracker. | |
95 | ||
96 | For a more complete list of all of Perl's historical contributors, please see | |
97 | the F<AUTHORS> file in the Perl source distribution. | |
98 | ||
99 | =head1 Reporting Bugs | |
100 | ||
101 | If you find what you think is a bug, you might check the articles | |
102 | recently posted to the comp.lang.perl.misc newsgroup and the perl | |
103 | bug database at http://rt.perl.org/perlbug/ . There may also be | |
104 | information at http://www.perl.org/ , the Perl Home Page. | |
105 | ||
106 | If you believe you have an unreported bug, please run the L<perlbug> | |
107 | program included with your release. Be sure to trim your bug down | |
108 | to a tiny but sufficient test case. Your bug report, along with the | |
109 | output of C<perl -V>, will be sent off to perlbug@perl.org to be | |
110 | analysed by the Perl porting team. | |
111 | ||
112 | If the bug you are reporting has security implications, which make it | |
113 | inappropriate to send to a publicly archived mailing list, then please | |
114 | send it to perl5-security-report@perl.org. This points to a closed | |
115 | subscription unarchived mailing list, which includes all the core | |
116 | committers, who will be able to help assess the impact of issues, figure | |
117 | out a resolution, and help co-ordinate the release of patches to | |
118 | mitigate or fix the problem across all platforms on which Perl is | |
119 | supported. Please only use this address for security issues in the Perl | |
120 | core, not for modules independently distributed on CPAN. | |
121 | ||
122 | =head1 SEE ALSO | |
123 | ||
124 | The F<Changes> file for an explanation of how to view exhaustive details | |
125 | on what changed. | |
126 | ||
127 | The F<INSTALL> file for how to build Perl. | |
128 | ||
129 | The F<README> file for general stuff. | |
130 | ||
131 | The F<Artistic> and F<Copying> files for copyright information. | |
132 | ||
133 | =cut |