Commit | Line | Data |
---|---|---|
c592f515 SH |
1 | =encoding utf8 |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | perl5243delta - what is new for perl v5.24.3 | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | This document describes differences between the 5.24.2 release and the 5.24.3 | |
10 | release. | |
11 | ||
12 | If you are upgrading from an earlier release such as 5.24.1, first read | |
13 | L<perl5242delta>, which describes differences between 5.24.1 and 5.24.2. | |
14 | ||
15 | =head1 Security | |
16 | ||
17 | =head2 [CVE-2017-12837] Heap buffer overflow in regular expression compiler | |
18 | ||
19 | Compiling certain regular expression patterns with the case-insensitive | |
20 | modifier could cause a heap buffer overflow and crash perl. This has now been | |
21 | fixed. | |
22 | L<[perl #131582]|https://rt.perl.org/Public/Bug/Display.html?id=131582> | |
23 | ||
24 | =head2 [CVE-2017-12883] Buffer over-read in regular expression parser | |
25 | ||
26 | For certain types of syntax error in a regular expression pattern, the error | |
27 | message could either contain the contents of a random, possibly large, chunk of | |
28 | memory, or could crash perl. This has now been fixed. | |
29 | L<[perl #131598]|https://rt.perl.org/Public/Bug/Display.html?id=131598> | |
30 | ||
31 | =head2 [CVE-2017-12814] C<$ENV{$key}> stack buffer overflow on Windows | |
32 | ||
33 | A possible stack buffer overflow in the C<%ENV> code on Windows has been fixed | |
34 | by removing the buffer completely since it was superfluous anyway. | |
35 | L<[perl #131665]|https://rt.perl.org/Public/Bug/Display.html?id=131665> | |
36 | ||
37 | =head1 Incompatible Changes | |
38 | ||
39 | There are no changes intentionally incompatible with 5.24.2. If any exist, | |
40 | they are bugs, and we request that you submit a report. See L</Reporting | |
41 | Bugs> below. | |
42 | ||
43 | =head1 Modules and Pragmata | |
44 | ||
45 | =head2 Updated Modules and Pragmata | |
46 | ||
47 | =over 4 | |
48 | ||
49 | =item * | |
50 | ||
51 | L<Module::CoreList> has been upgraded from version 5.20170715_24 to | |
52 | 5.20170922_24. | |
53 | ||
54 | =item * | |
55 | ||
56 | L<POSIX> has been upgraded from version 1.65 to 1.65_01. | |
57 | ||
58 | =item * | |
59 | ||
60 | L<Time::HiRes> has been upgraded from version 1.9733 to 1.9741. | |
61 | ||
62 | L<[perl #128427]|https://rt.perl.org/Public/Bug/Display.html?id=128427> | |
63 | L<[perl #128445]|https://rt.perl.org/Public/Bug/Display.html?id=128445> | |
64 | L<[perl #128972]|https://rt.perl.org/Public/Bug/Display.html?id=128972> | |
65 | L<[cpan #120032]|https://rt.cpan.org/Public/Bug/Display.html?id=120032> | |
66 | ||
67 | =back | |
68 | ||
69 | =head1 Configuration and Compilation | |
70 | ||
71 | =over 4 | |
72 | ||
73 | =item * | |
74 | ||
75 | When building with GCC 6 and link-time optimization (the B<-flto> option to | |
76 | B<gcc>), F<Configure> was treating all probed symbols as present on the system, | |
77 | regardless of whether they actually exist. This has been fixed. | |
78 | L<[perl #128131]|https://rt.perl.org/Public/Bug/Display.html?id=128131> | |
79 | ||
80 | =item * | |
81 | ||
82 | F<Configure> now aborts if both C<-Duselongdouble> and C<-Dusequadmath> are | |
83 | requested. | |
84 | L<[perl #126203]|https://rt.perl.org/Public/Bug/Display.html?id=126203> | |
85 | ||
86 | =item * | |
87 | ||
88 | Fixed a bug in which F<Configure> could append C<-quadmath> to the archname | |
89 | even if it was already present. | |
90 | L<[perl #128538]|https://rt.perl.org/Public/Bug/Display.html?id=128538> | |
91 | ||
92 | =item * | |
93 | ||
94 | Clang builds with C<-DPERL_GLOBAL_STRUCT> or C<-DPERL_GLOBAL_STRUCT_PRIVATE> | |
95 | have been fixed (by disabling Thread Safety Analysis for these configurations). | |
96 | ||
97 | =back | |
98 | ||
99 | =head1 Platform Support | |
100 | ||
101 | =head2 Platform-Specific Notes | |
102 | ||
103 | =over 4 | |
104 | ||
105 | =item VMS | |
106 | ||
107 | =over 4 | |
108 | ||
109 | =item * | |
110 | ||
111 | C<configure.com> now recognizes the VSI-branded C compiler. | |
112 | ||
113 | =back | |
114 | ||
115 | =item Windows | |
116 | ||
117 | =over 4 | |
118 | ||
119 | =item * | |
120 | ||
121 | Building XS modules with GCC 6 in a 64-bit build of Perl failed due to | |
122 | incorrect mapping of C<strtoll> and C<strtoull>. This has now been fixed. | |
123 | L<[perl #131726]|https://rt.perl.org/Public/Bug/Display.html?id=131726> | |
124 | L<[cpan #121683]|https://rt.cpan.org/Public/Bug/Display.html?id=121683> | |
125 | L<[cpan #122353]|https://rt.cpan.org/Public/Bug/Display.html?id=122353> | |
126 | ||
127 | =back | |
128 | ||
129 | =back | |
130 | ||
131 | =head1 Selected Bug Fixes | |
132 | ||
133 | =over 4 | |
134 | ||
135 | =item * | |
136 | ||
137 | C<< /@0{0*-E<gt>@*/*0 >> and similar contortions used to crash, but no longer | |
138 | do, but merely produce a syntax error. | |
139 | L<[perl #128171]|https://rt.perl.org/Public/Bug/Display.html?id=128171> | |
140 | ||
141 | =item * | |
142 | ||
143 | C<do> or C<require> with an argument which is a reference or typeglob which, | |
144 | when stringified, contains a null character, started crashing in Perl 5.20, but | |
145 | has now been fixed. | |
146 | L<[perl #128182]|https://rt.perl.org/Public/Bug/Display.html?id=128182> | |
147 | ||
148 | =item * | |
149 | ||
150 | Expressions containing an C<&&> or C<||> operator (or their synonyms C<and> and | |
151 | C<or>) were being compiled incorrectly in some cases. If the left-hand side | |
152 | consisted of either a negated bareword constant or a negated C<do {}> block | |
153 | containing a constant expression, and the right-hand side consisted of a | |
154 | negated non-foldable expression, one of the negations was effectively ignored. | |
155 | The same was true of C<if> and C<unless> statement modifiers, though with the | |
156 | left-hand and right-hand sides swapped. This long-standing bug has now been | |
157 | fixed. | |
158 | L<[perl #127952]|https://rt.perl.org/Public/Bug/Display.html?id=127952> | |
159 | ||
160 | =item * | |
161 | ||
162 | C<reset> with an argument no longer crashes when encountering stash entries | |
163 | other than globs. | |
164 | L<[perl #128106]|https://rt.perl.org/Public/Bug/Display.html?id=128106> | |
165 | ||
166 | =item * | |
167 | ||
168 | Assignment of hashes to, and deletion of, typeglobs named C<*::::::> no longer | |
169 | causes crashes. | |
170 | L<[perl #128086]|https://rt.perl.org/Public/Bug/Display.html?id=128086> | |
171 | ||
172 | =item * | |
173 | ||
174 | Assignment variants of any bitwise ops under the C<bitwise> feature would crash | |
175 | if the left-hand side was an array or hash. | |
176 | L<[perl #128204]|https://rt.perl.org/Public/Bug/Display.html?id=128204> | |
177 | ||
178 | =item * | |
179 | ||
180 | C<socket> now leaves the error code returned by the system in C<$!> on failure. | |
181 | L<[perl #128316]|https://rt.perl.org/Public/Bug/Display.html?id=128316> | |
182 | ||
183 | =item * | |
184 | ||
185 | Parsing bad POSIX charclasses no longer leaks memory. | |
186 | L<[perl #128313]|https://rt.perl.org/Public/Bug/Display.html?id=128313> | |
187 | ||
188 | =item * | |
189 | ||
190 | Since Perl 5.20, line numbers have been off by one when perl is invoked with | |
191 | the B<-x> switch. This has been fixed. | |
192 | L<[perl #128508]|https://rt.perl.org/Public/Bug/Display.html?id=128508> | |
193 | ||
194 | =item * | |
195 | ||
196 | Some obscure cases of subroutines and file handles being freed at the same time | |
197 | could result in crashes, but have been fixed. The crash was introduced in Perl | |
198 | 5.22. | |
199 | L<[perl #128597]|https://rt.perl.org/Public/Bug/Display.html?id=128597> | |
200 | ||
201 | =item * | |
202 | ||
203 | Some regular expression parsing glitches could lead to assertion failures with | |
204 | regular expressions such as C</(?E<lt>=/> and C</(?E<lt>!/>. This has now been | |
205 | fixed. | |
206 | L<[perl #128170]|https://rt.perl.org/Public/Bug/Display.html?id=128170> | |
207 | ||
208 | =item * | |
209 | ||
210 | C<gethostent> and similar functions now perform a null check internally, to | |
211 | avoid crashing with the torsocks library. This was a regression from Perl | |
212 | 5.22. | |
213 | L<[perl #128740]|https://rt.perl.org/Public/Bug/Display.html?id=128740> | |
214 | ||
215 | =item * | |
216 | ||
217 | Mentioning the same constant twice in a row (which is a syntax error) no longer | |
218 | fails an assertion under debugging builds. This was a regression from Perl | |
219 | 5.20. | |
220 | L<[perl #126482]|https://rt.perl.org/Public/Bug/Display.html?id=126482> | |
221 | ||
222 | =item * | |
223 | ||
224 | In Perl 5.24 C<fchown> was changed not to accept negative one as an argument | |
225 | because in some platforms that is an error. However, in some other platforms | |
226 | that is an acceptable argument. This change has been reverted. | |
227 | L<[perl #128967]|https://rt.perl.org/Public/Bug/Display.html?id=128967>. | |
228 | ||
229 | =item * | |
230 | ||
231 | C<@{x> followed by a newline where C<"x"> represents a control or non-ASCII | |
232 | character no longer produces a garbled syntax error message or a crash. | |
233 | L<[perl #128951]|https://rt.perl.org/Public/Bug/Display.html?id=128951> | |
234 | ||
235 | =item * | |
236 | ||
237 | A regression in Perl 5.24 with C<tr/\N{U+...}/foo/> when the code point was | |
238 | between 128 and 255 has been fixed. | |
239 | L<[perl #128734]|https://rt.perl.org/Public/Bug/Display.html?id=128734>. | |
240 | ||
241 | =item * | |
242 | ||
243 | Many issues relating to C<printf "%a"> of hexadecimal floating point were | |
244 | fixed. In addition, the "subnormals" (formerly known as "denormals") floating | |
245 | point numbers are now supported both with the plain IEEE 754 floating point | |
246 | numbers (64-bit or 128-bit) and the x86 80-bit "extended precision". Note that | |
247 | subnormal hexadecimal floating point literals will give a warning about | |
248 | "exponent underflow". | |
249 | L<[perl #128843]|https://rt.perl.org/Public/Bug/Display.html?id=128843> | |
250 | L<[perl #128888]|https://rt.perl.org/Public/Bug/Display.html?id=128888> | |
251 | L<[perl #128889]|https://rt.perl.org/Public/Bug/Display.html?id=128889> | |
252 | L<[perl #128890]|https://rt.perl.org/Public/Bug/Display.html?id=128890> | |
253 | L<[perl #128893]|https://rt.perl.org/Public/Bug/Display.html?id=128893> | |
254 | L<[perl #128909]|https://rt.perl.org/Public/Bug/Display.html?id=128909> | |
255 | L<[perl #128919]|https://rt.perl.org/Public/Bug/Display.html?id=128919> | |
256 | ||
257 | =item * | |
258 | ||
259 | The parser could sometimes crash if a bareword came after C<evalbytes>. | |
260 | L<[perl #129196]|https://rt.perl.org/Public/Bug/Display.html?id=129196> | |
261 | ||
262 | =item * | |
263 | ||
264 | Fixed a place where the regex parser was not setting the syntax error correctly | |
265 | on a syntactically incorrect pattern. | |
266 | L<[perl #129122]|https://rt.perl.org/Public/Bug/Display.html?id=129122> | |
267 | ||
268 | =item * | |
269 | ||
270 | A vulnerability in Perl's C<sprintf> implementation has been fixed by avoiding | |
271 | a possible memory wrap. | |
272 | L<[perl #131260]|https://rt.perl.org/Public/Bug/Display.html?id=131260> | |
273 | ||
274 | =back | |
275 | ||
276 | =head1 Acknowledgements | |
277 | ||
278 | Perl 5.24.3 represents approximately 2 months of development since Perl 5.24.2 | |
279 | and contains approximately 3,200 lines of changes across 120 files from 23 | |
280 | authors. | |
281 | ||
282 | Excluding auto-generated files, documentation and release tools, there were | |
283 | approximately 1,600 lines of changes to 56 .pm, .t, .c and .h files. | |
284 | ||
285 | Perl continues to flourish into its third decade thanks to a vibrant community | |
286 | of users and developers. The following people are known to have contributed | |
287 | the improvements that became Perl 5.24.3: | |
288 | ||
289 | Aaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsåker, Dan Collins, Daniel | |
290 | Dragan, Dave Cross, David Mitchell, Eric Herman, Father Chrysostomos, H.Merijn | |
291 | Brand, Hugo van der Sanden, James E Keenan, Jarkko Hietaniemi, John SJ | |
292 | Anderson, Karl Williamson, Ken Brown, Lukas Mai, Matthew Horsfall, Stevan | |
293 | Little, Steve Hay, Steven Humphrey, Tony Cook, Yves Orton. | |
294 | ||
295 | The list above is almost certainly incomplete as it is automatically generated | |
296 | from version control history. In particular, it does not include the names of | |
297 | the (very much appreciated) contributors who reported issues to the Perl bug | |
298 | tracker. | |
299 | ||
300 | Many of the changes included in this version originated in the CPAN modules | |
301 | included in Perl's core. We're grateful to the entire CPAN community for | |
302 | helping Perl to flourish. | |
303 | ||
304 | For a more complete list of all of Perl's historical contributors, please see | |
305 | the F<AUTHORS> file in the Perl source distribution. | |
306 | ||
307 | =head1 Reporting Bugs | |
308 | ||
309 | If you find what you think is a bug, you might check the articles recently | |
310 | posted to the comp.lang.perl.misc newsgroup and the perl bug database at | |
311 | L<https://rt.perl.org/> . There may also be information at | |
312 | L<http://www.perl.org/> , the Perl Home Page. | |
313 | ||
314 | If you believe you have an unreported bug, please run the L<perlbug> program | |
315 | included with your release. Be sure to trim your bug down to a tiny but | |
316 | sufficient test case. Your bug report, along with the output of C<perl -V>, | |
317 | will be sent off to perlbug@perl.org to be analysed by the Perl porting team. | |
318 | ||
319 | If the bug you are reporting has security implications which make it | |
320 | inappropriate to send to a publicly archived mailing list, then see | |
321 | L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to | |
322 | report the issue. | |
323 | ||
324 | =head1 SEE ALSO | |
325 | ||
326 | The F<Changes> file for an explanation of how to view exhaustive details on | |
327 | what changed. | |
328 | ||
329 | The F<INSTALL> file for how to build Perl. | |
330 | ||
331 | The F<README> file for general stuff. | |
332 | ||
333 | The F<Artistic> and F<Copying> files for copyright information. | |
334 | ||
335 | =cut |