Commit | Line | Data |
---|---|---|
262514fd SL |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | perl5255delta - what is new for perl v5.25.5 | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.25.4 release and the 5.25.5 | |
10 | release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.25.3, first read | |
13 | L<perl5254delta>, which describes differences between 5.25.3 and 5.25.4. | |
14 | ||
15 | =head1 Security | |
16 | ||
17 | =head2 "Escaped" colons and relative paths in PATH | |
18 | ||
19 | On Unix systems, Perl treats any relative paths in the PATH environment | |
20 | variable as tainted when starting a new process. Previously, it was | |
21 | allowing a backslash to escape a colon (unlike the OS), consequently | |
22 | allowing relative paths to be considered safe if the PATH was set to | |
23 | something like C</\:.>. The check has been fixed to treat C<.> as tainted | |
24 | in that example. | |
25 | ||
26 | =head1 Modules and Pragmata | |
27 | ||
28 | =head2 Updated Modules and Pragmata | |
29 | ||
30 | =over 4 | |
31 | ||
32 | =item * | |
33 | ||
34 | L<Filter::Simple> has been upgraded from version 0.92 to 0.93. | |
35 | ||
36 | It no longer treats C<no MyFilter> immediately following C<use MyFilter> as | |
37 | end-of-file. [perl #107726] | |
38 | ||
39 | =item * | |
40 | ||
41 | L<Locale::Codes> has been upgraded from 3.39 to 3.40. | |
42 | ||
43 | =item * | |
44 | ||
45 | L<Module::CoreList> has been upgraded from version 5.20160820 to 5.20160920. | |
46 | ||
47 | =item * | |
48 | ||
49 | L<POSIX> has been upgraded from version 1.71 to 1.72. | |
50 | ||
51 | =item * | |
52 | ||
53 | L<Sys::Syslog> has been upgraded from version 0.34_01 to 0.35. | |
54 | ||
55 | =item * | |
56 | ||
57 | L<Test::Simple> has been upgraded from version 1.302052 to 1.302056. | |
58 | ||
59 | =item * | |
60 | ||
61 | L<Thread::Semaphore> has been upgraded from 2.12 to 2.13. | |
62 | ||
63 | Added the C<down_timed> method. | |
64 | ||
65 | =item * | |
66 | ||
67 | L<XSLoader> has been upgraded from version 0.22 to 0.24. | |
68 | ||
69 | =back | |
70 | ||
71 | =head1 Documentation | |
72 | ||
73 | =head2 Changes to Existing Documentation | |
74 | ||
75 | =head3 L<perlinterp> | |
76 | ||
77 | =over 4 | |
78 | ||
79 | =item * | |
80 | ||
81 | L<perlinterp> has been expanded to give a more detailed example of how to | |
82 | hunt around in the parser for how a given operator is handled. | |
83 | ||
84 | =back | |
85 | ||
86 | =head1 Testing | |
87 | ||
88 | =over 4 | |
89 | ||
90 | =item * | |
91 | ||
92 | F<t/re/regexp_nonull.t> has been added to test that the regular expression | |
93 | engine can handle scalars that do not have a null byte just past the end of | |
94 | the string. | |
95 | ||
96 | =back | |
97 | ||
98 | =head1 Platform Support | |
99 | ||
100 | =head2 Platform-Specific Notes | |
101 | ||
102 | =over 4 | |
103 | ||
104 | =item VMS | |
105 | ||
106 | =over 4 | |
107 | ||
108 | =item * | |
109 | ||
110 | The path separator for the C<PERL5LIB> and C<PERLLIB> environment entries is | |
111 | now a colon (C<:>) when running under a Unix shell. There is no change when | |
112 | running under DCL (it's still C<|>). | |
113 | ||
114 | =item * | |
115 | ||
116 | Remove some VMS-specific hacks from C<showlex.t>. These were added 15 years | |
117 | ago, and are no longer necessary for any VMS version now supported. | |
118 | ||
119 | =back | |
120 | ||
121 | =back | |
122 | ||
123 | =over 4 | |
124 | ||
125 | =item Win32 | |
126 | ||
127 | =over 4 | |
128 | ||
129 | =item * | |
130 | ||
131 | Tweaks for Win32 VC vs GCC detection makefile code. This fixes issue that CCHOME | |
132 | depends on CCTYPE, which in auto detect mode is set after CCHOME, so CCHOME uses | |
133 | the uninit CCTYPE var. Also fix else vs .ELSE in makefile.mk | |
134 | ||
135 | =back | |
136 | ||
137 | =back | |
138 | ||
139 | =head1 Internal Changes | |
140 | ||
141 | =over 4 | |
142 | ||
143 | =item * | |
144 | ||
145 | Several macros and functions have been added to the public API for | |
146 | dealing with Unicode and UTF-8-encoded strings. See | |
147 | L<perlapi/Unicode Support>. | |
148 | ||
149 | =item * | |
150 | ||
151 | Use C<my_strlcat()> in C<locale.c>. While C<strcat()> is safe in this context, | |
152 | some compilers were optimizing this to C<strcpy()> causing a porting test to | |
153 | fail that looks for unsafe code. Rather than fighting this, we just use | |
154 | C<my_strlcat()> instead. | |
155 | ||
156 | =back | |
157 | ||
158 | =head1 Selected Bug Fixes | |
159 | ||
160 | =over 4 | |
161 | ||
162 | =item * | |
163 | ||
164 | Invalid assignments to a reference constructor (e.g., C<\eval=time>) could | |
165 | sometimes crash in addition to giving a syntax error. [perl #125679] | |
166 | ||
167 | =item * | |
168 | ||
169 | The parser could sometimes crash if a bareword came after C<evalbytes>. | |
170 | [perl #129196] | |
171 | ||
172 | =item * | |
173 | ||
174 | Autoloading via a method call would warn erroneously ("Use of inherited | |
175 | AUTOLOAD for non-method") if there was a stub present in the package into | |
176 | which the invocant had been blessed. The warning is no longer emitted in | |
177 | such circumstances. [perl #47047] | |
178 | ||
179 | =item * | |
180 | ||
181 | A sub containing with a "forward" declaration with the same name (e.g., | |
182 | C<sub c { sub c; }>) could sometimes crash or loop infinitely. [perl | |
183 | #129090] | |
184 | ||
185 | =item * | |
186 | ||
187 | The use of C<splice> on arrays with nonexistent elements could cause other | |
188 | operators to crash. [perl #129164] | |
189 | ||
190 | =item * | |
191 | ||
192 | Fixed case where C<re_untuit_start> will overshoot the length of a utf8 | |
193 | string. [perl #129012] | |
194 | ||
195 | =item * | |
196 | ||
197 | Handle C<CXt_SUBST> better in C<Perl_deb_stack_all>, previously it wasn't | |
198 | checking that the I<current> C<cx> is the right type, and instead was always | |
199 | checking the base C<cx> (effectively a noop). [perl #129029] | |
200 | ||
201 | =item * | |
202 | ||
203 | Fixed two possible use-after-free bugs in C<Perl_yylex>. C<Perl_yylex> | |
204 | maintains up to two pointers into the parser buffer, one of which can | |
205 | become stale under the right conditions. [perl #129069] | |
206 | ||
207 | =item * | |
208 | ||
209 | Fixed a crash with C<s///l> where it thought it was dealing with UTF-8 | |
210 | when it wasn't. [perl #129038] | |
211 | ||
212 | =item * | |
213 | ||
214 | Fixed place where regex was not setting the syntax error correctly. | |
215 | [perl #129122] | |
216 | ||
217 | =item * | |
218 | ||
219 | The C<&.> operator (and the C<&> operator, when it treats its arguments as | |
220 | strings) were failing to append a trailing null byte if at least one string | |
221 | was marked as utf8 internally. Many code paths (system calls, regexp | |
222 | compilation) still expect there to be a null byte in the string buffer | |
223 | just past the end of the logical string. An assertion failure was the | |
224 | result. [perl #129287] | |
225 | ||
226 | =item * | |
227 | ||
228 | Check C<pack_sockaddr_un()>'s return value because C<pack_sockaddr_un()> | |
229 | silently truncates the supplied path if it won't fit into the C<sun_path> | |
230 | member of C<sockaddr_un>. This may change in the future, but for now | |
231 | check the path in theC<sockaddr> matches the desired path, and skip if | |
232 | it doesn't. [perl #128095] | |
233 | ||
234 | =item * | |
235 | ||
236 | Make sure C<PL_oldoldbufptr> is preserved in C<scan_heredoc()>. In some | |
237 | cases this is used in building error messages. [perl #128988] | |
238 | ||
239 | =item * | |
240 | ||
241 | Check for null PL_curcop in IN_LC() [perl #129106] | |
242 | ||
243 | =item * | |
244 | ||
245 | Fixed the parser error handling for an 'C<:attr(foo>' that does not have | |
246 | an ending 'C<)>'. | |
247 | ||
248 | =item * | |
249 | ||
250 | Fix C<Perl_delimcpy()> to handle a backslash as last char, this | |
251 | actually fixed two bugs, [perl #129064] and [perl #129176]. | |
252 | ||
253 | =item * | |
254 | ||
255 | [perl #129267] rework gv_fetchmethod_pvn_flags separator parsing to | |
256 | prevent possible string overrun with invalid len in gv.c | |
257 | ||
258 | =back | |
259 | ||
260 | =head1 Obituary | |
261 | ||
262 | Jon Portnoy (AVENJ), a prolific Perl author and admired Gentoo community | |
263 | member, has passed away on August 10, 2016. He will be remembered and | |
264 | missed by all those with which he came in contact and enriched with his | |
265 | intellect, wit, and spirit. | |
266 | ||
267 | =head1 Acknowledgements | |
268 | ||
269 | Perl 5.25.5 represents approximately 4 weeks of development since Perl 5.25.4 | |
270 | and contains approximately 67,000 lines of changes across 230 files from 25 | |
271 | authors. | |
272 | ||
273 | Excluding auto-generated files, documentation and release tools, there were | |
274 | approximately 62,000 lines of changes to 160 .pm, .t, .c and .h files. | |
275 | ||
276 | Perl continues to flourish into its third decade thanks to a vibrant community | |
277 | of users and developers. The following people are known to have contributed the | |
278 | improvements that became Perl 5.25.5: | |
279 | ||
280 | Aaron Crane, Aristotle Pagaltzis, Chris 'BinGOs' Williams, Craig A. Berry, | |
281 | Dagfinn Ilmari Mannsåker, Dan Collins, Daniel Dragan, Dave Cross, David | |
282 | Mitchell, E. Choroba, Father Chrysostomos, James E Keenan, Jerry D. Hedden, | |
283 | Karl Williamson, Lukas Mai, Ricardo Signes, Rick Delaney, Sawyer X, Stevan | |
284 | Little, Steve Hay, Sullivan Beck, Theo Buehler, Tony Cook, Yaroslav Kuzmin, | |
285 | Yves Orton. | |
286 | ||
287 | The list above is almost certainly incomplete as it is automatically generated | |
288 | from version control history. In particular, it does not include the names of | |
289 | the (very much appreciated) contributors who reported issues to the Perl bug | |
290 | tracker. | |
291 | ||
292 | Many of the changes included in this version originated in the CPAN modules | |
293 | included in Perl's core. We're grateful to the entire CPAN community for | |
294 | helping Perl to flourish. | |
295 | ||
296 | For a more complete list of all of Perl's historical contributors, please see | |
297 | the F<AUTHORS> file in the Perl source distribution. | |
298 | ||
299 | =head1 Reporting Bugs | |
300 | ||
301 | If you find what you think is a bug, you might check the perl bug database | |
302 | at L<https://rt.perl.org/> . There may also be information at | |
303 | L<http://www.perl.org/> , the Perl Home Page. | |
304 | ||
305 | If you believe you have an unreported bug, please run the L<perlbug> program | |
306 | included with your release. Be sure to trim your bug down to a tiny but | |
307 | sufficient test case. Your bug report, along with the output of C<perl -V>, | |
308 | will be sent off to perlbug@perl.org to be analysed by the Perl porting team. | |
309 | ||
310 | If the bug you are reporting has security implications which make it | |
311 | inappropriate to send to a publicly archived mailing list, then see | |
312 | L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> | |
313 | for details of how to report the issue. | |
314 | ||
315 | =head1 SEE ALSO | |
316 | ||
317 | The F<Changes> file for an explanation of how to view exhaustive details on | |
318 | what changed. | |
319 | ||
320 | The F<INSTALL> file for how to build Perl. | |
321 | ||
322 | The F<README> file for general stuff. | |
323 | ||
324 | The F<Artistic> and F<Copying> files for copyright information. | |
325 | ||
326 | =cut |