https://perl5.git.perl.org / perl5.git / blame
| Commit | Line | Data |
|---|---|---|
| eaf7bcbf RS |
1 | =encoding utf8 |
| 2 | ||
| 3 | =head1 NAME | |
| 4 | ||
| 5 | perl5163delta - what is new for perl v5.16.3 | |
| 6 | ||
| 7 | =head1 DESCRIPTION | |
| 8 | ||
| 9 | This document describes differences between the 5.16.2 release and | |
| 10 | the 5.16.3 release. | |
| 11 | ||
| 12 | If you are upgrading from an earlier release such as 5.16.1, first read | |
| 13 | L<perl5162delta>, which describes differences between 5.16.1 and | |
| 14 | 5.16.2. | |
| 15 | ||
| 16 | =head1 Core Enhancements | |
| 17 | ||
| 18 | No changes since 5.16.0. | |
| 19 | ||
| 20 | =head1 Security | |
| 21 | ||
| 22 | This release contains one major and a number of minor security fixes. | |
| 23 | These latter are included mainly to allow the test suite to pass cleanly | |
| 24 | with the clang compiler's address sanitizer facility. | |
| 25 | ||
| 26 | =head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys | |
| 27 | ||
| 28 | With a carefully crafted set of hash keys (for example arguments on a | |
| 29 | URL), it is possible to cause a hash to consume a large amount of memory | |
| 30 | and CPU, and thus possibly to achieve a Denial-of-Service. | |
| 31 | ||
| 32 | This problem has been fixed. | |
| 33 | ||
| 34 | =head2 wrap-around with IO on long strings | |
| 35 | ||
| 36 | Reading or writing strings greater than 2**31 bytes in size could segfault | |
| 37 | due to integer wraparound. | |
| 38 | ||
| 39 | This problem has been fixed. | |
| 40 | ||
| 41 | =head2 memory leak in Encode | |
| 42 | ||
| 43 | The UTF-8 encoding implementation in Encode.xs had a memory leak which has been | |
| 44 | fixed. | |
| 45 | ||
| 46 | =head1 Incompatible Changes | |
| 47 | ||
| 48 | There are no changes intentionally incompatible with 5.16.0. If any | |
| 49 | exist, they are bugs and reports are welcome. | |
| 50 | ||
| 51 | =head1 Deprecations | |
| 52 | ||
| 53 | There have been no deprecations since 5.16.0. | |
| 54 | ||
| 55 | =head1 Modules and Pragmata | |
| 56 | ||
| 57 | =head2 Updated Modules and Pragmata | |
| 58 | ||
| 59 | =over 4 | |
| 60 | ||
| 61 | =item * | |
| 62 | ||
| 63 | L<Encode> has been upgraded from version 2.44 to version 2.44_01. | |
| 64 | ||
| 65 | =item * | |
| 66 | ||
| 67 | L<Module::CoreList> has been upgraded from version 2.76 to version 2.76_02. | |
| 68 | ||
| 69 | =item * | |
| 70 | ||
| 71 | L<XS::APItest> has been upgraded from version 0.38 to version 0.39. | |
| 72 | ||
| 73 | =back | |
| 74 | ||
| 75 | =head1 Known Problems | |
| 76 | ||
| 77 | None. | |
| 78 | ||
| 79 | =head1 Acknowledgements | |
| 80 | ||
| 81 | Perl 5.16.3 represents approximately 4 months of development since Perl 5.16.2 | |
| 82 | and contains approximately 870 lines of changes across 39 files from 7 authors. | |
| 83 | ||
| 84 | Perl continues to flourish into its third decade thanks to a vibrant community | |
| 85 | of users and developers. The following people are known to have contributed the | |
| 86 | improvements that became Perl 5.16.3: | |
| 87 | ||
| 88 | Andy Dougherty, Chris 'BinGOs' Williams, Dave Rolsky, David Mitchell, Michael | |
| 89 | Schroeder, Ricardo Signes, Yves Orton. | |
| 90 | ||
| 91 | The list above is almost certainly incomplete as it is automatically generated | |
| 92 | from version control history. In particular, it does not include the names of | |
| 93 | the (very much appreciated) contributors who reported issues to the Perl bug | |
| 94 | tracker. | |
| 95 | ||
| 96 | For a more complete list of all of Perl's historical contributors, please see | |
| 97 | the F<AUTHORS> file in the Perl source distribution. | |
| 98 | ||
| 99 | =head1 Reporting Bugs | |
| 100 | ||
| 101 | If you find what you think is a bug, you might check the articles | |
| 102 | recently posted to the comp.lang.perl.misc newsgroup and the perl | |
| 103 | bug database at http://rt.perl.org/perlbug/ . There may also be | |
| 104 | information at http://www.perl.org/ , the Perl Home Page. | |
| 105 | ||
| 106 | If you believe you have an unreported bug, please run the L<perlbug> | |
| 107 | program included with your release. Be sure to trim your bug down | |
| 108 | to a tiny but sufficient test case. Your bug report, along with the | |
| 109 | output of C<perl -V>, will be sent off to perlbug@perl.org to be | |
| 110 | analysed by the Perl porting team. | |
| 111 | ||
| 112 | If the bug you are reporting has security implications, which make it | |
| 113 | inappropriate to send to a publicly archived mailing list, then please | |
| 114 | send it to perl5-security-report@perl.org. This points to a closed | |
| 115 | subscription unarchived mailing list, which includes all the core | |
| 116 | committers, who will be able to help assess the impact of issues, figure | |
| 117 | out a resolution, and help co-ordinate the release of patches to | |
| 118 | mitigate or fix the problem across all platforms on which Perl is | |
| 119 | supported. Please only use this address for security issues in the Perl | |
| 120 | core, not for modules independently distributed on CPAN. | |
| 121 | ||
| 122 | =head1 SEE ALSO | |
| 123 | ||
| 124 | The F<Changes> file for an explanation of how to view exhaustive details | |
| 125 | on what changed. | |
| 126 | ||
| 127 | The F<INSTALL> file for how to build Perl. | |
| 128 | ||
| 129 | The F<README> file for general stuff. | |
| 130 | ||
| 131 | The F<Artistic> and F<Copying> files for copyright information. | |
| 132 | ||
| 133 | =cut |