| 1 | =encoding utf8 |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | perl5143delta - what is new for perl v5.14.3 |
| 6 | |
| 7 | =head1 DESCRIPTION |
| 8 | |
| 9 | This document describes differences between the 5.14.2 release and |
| 10 | the 5.14.3 release. |
| 11 | |
| 12 | If you are upgrading from an earlier release such as 5.12.0, first read |
| 13 | L<perl5140delta>, which describes differences between 5.12.0 and |
| 14 | 5.14.0. |
| 15 | |
| 16 | =head1 Core Enhancements |
| 17 | |
| 18 | No changes since 5.14.0. |
| 19 | |
| 20 | =head1 Security |
| 21 | |
| 22 | =head2 C<Digest> unsafe use of eval (CVE-2011-3597) |
| 23 | |
| 24 | The C<Digest-E<gt>new()> function did not properly sanitize input before |
| 25 | using it in an eval() call, which could lead to the injection of arbitrary |
| 26 | Perl code. |
| 27 | |
| 28 | In order to exploit this flaw, the attacker would need to be able to set |
| 29 | the algorithm name used, or be able to execute arbitrary Perl code already. |
| 30 | |
| 31 | This problem has been fixed. |
| 32 | |
| 33 | =head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195) |
| 34 | |
| 35 | Poorly written perl code that allows an attacker to specify the count to |
| 36 | perl's 'x' string repeat operator can already cause a memory exhaustion |
| 37 | denial-of-service attack. A flaw in versions of perl before 5.15.5 can |
| 38 | escalate that into a heap buffer overrun; coupled with versions of glibc |
| 39 | before 2.16, it possibly allows the execution of arbitrary code. |
| 40 | |
| 41 | This problem has been fixed. |
| 42 | |
| 43 | =head1 Incompatible Changes |
| 44 | |
| 45 | There are no changes intentionally incompatible with 5.14.0. If any |
| 46 | exist, they are bugs and reports are welcome. |
| 47 | |
| 48 | =head1 Deprecations |
| 49 | |
| 50 | There have been no deprecations since 5.14.0. |
| 51 | |
| 52 | =head1 Modules and Pragmata |
| 53 | |
| 54 | =head2 New Modules and Pragmata |
| 55 | |
| 56 | None |
| 57 | |
| 58 | =head2 Updated Modules and Pragmata |
| 59 | |
| 60 | =over 4 |
| 61 | |
| 62 | =item * |
| 63 | |
| 64 | L<PerlIO::scalar> was updated to fix a bug in which opening a filehandle to |
| 65 | a glob copy caused assertion failures (under debugging) or hangs or other |
| 66 | erratic behaviour without debugging. |
| 67 | |
| 68 | =item * |
| 69 | |
| 70 | L<ODBM_File> and L<NDBM_File> were updated to allow building on GNU/Hurd. |
| 71 | |
| 72 | =item * |
| 73 | |
| 74 | L<IPC::Open3> has been updated to fix a regression introduced in perl |
| 75 | 5.12, which broke C<IPC::Open3::open3($in, $out, $err, '-')>. |
| 76 | [perl #95748] |
| 77 | |
| 78 | =item * |
| 79 | |
| 80 | L<Digest> has been upgraded from version 1.16 to 1.16_01. |
| 81 | |
| 82 | See L</Security>. |
| 83 | |
| 84 | =item * |
| 85 | |
| 86 | L<Module::CoreList> has been updated to version 2.49_04 to add data for |
| 87 | this release. |
| 88 | |
| 89 | =back |
| 90 | |
| 91 | =head2 Removed Modules and Pragmata |
| 92 | |
| 93 | None |
| 94 | |
| 95 | =head1 Documentation |
| 96 | |
| 97 | =head2 New Documentation |
| 98 | |
| 99 | None |
| 100 | |
| 101 | =head2 Changes to Existing Documentation |
| 102 | |
| 103 | =head3 L<perlcheat> |
| 104 | |
| 105 | =over 4 |
| 106 | |
| 107 | =item * |
| 108 | |
| 109 | L<perlcheat> was updated to 5.14. |
| 110 | |
| 111 | =back |
| 112 | |
| 113 | =head1 Configuration and Compilation |
| 114 | |
| 115 | =over 4 |
| 116 | |
| 117 | =item * |
| 118 | |
| 119 | h2ph was updated to search correctly gcc include directories on platforms |
| 120 | such as Debian with multi-architecture support. |
| 121 | |
| 122 | =item * |
| 123 | |
| 124 | In Configure, the test for procselfexe was refactored into a loop. |
| 125 | |
| 126 | =back |
| 127 | |
| 128 | =head1 Platform Support |
| 129 | |
| 130 | =head2 New Platforms |
| 131 | |
| 132 | None |
| 133 | |
| 134 | =head2 Discontinued Platforms |
| 135 | |
| 136 | None |
| 137 | |
| 138 | =head2 Platform-Specific Notes |
| 139 | |
| 140 | =over 4 |
| 141 | |
| 142 | =item FreeBSD |
| 143 | |
| 144 | The FreeBSD hints file was corrected to be compatible with FreeBSD 10.0. |
| 145 | |
| 146 | =item Solaris and NetBSD |
| 147 | |
| 148 | Configure was updated for "procselfexe" support on Solaris and NetBSD. |
| 149 | |
| 150 | =item HP-UX |
| 151 | |
| 152 | README.hpux was updated to note the existence of a broken header in |
| 153 | HP-UX 11.00. |
| 154 | |
| 155 | =item Linux |
| 156 | |
| 157 | libutil is no longer used when compiling on Linux platforms, which avoids |
| 158 | warnings being emitted. |
| 159 | |
| 160 | The system gcc (rather than any other gcc which might be in the compiling |
| 161 | user's path) is now used when searching for libraries such as C<-lm>. |
| 162 | |
| 163 | =item Mac OS X |
| 164 | |
| 165 | The locale tests were updated to reflect the behaviour of locales in |
| 166 | Mountain Lion. |
| 167 | |
| 168 | =item GNU/Hurd |
| 169 | |
| 170 | Various build and test fixes were included for GNU/Hurd. |
| 171 | |
| 172 | LFS support was enabled in GNU/Hurd. |
| 173 | |
| 174 | =item NetBSD |
| 175 | |
| 176 | The NetBSD hints file was corrected to be compatible with NetBSD 6.* |
| 177 | |
| 178 | =back |
| 179 | |
| 180 | =head1 Bug Fixes |
| 181 | |
| 182 | =over 4 |
| 183 | |
| 184 | =item * |
| 185 | |
| 186 | A regression has been fixed that was introduced in 5.14, in C</i> |
| 187 | regular expression matching, in which a match improperly fails if the |
| 188 | pattern is in UTF-8, the target string is not, and a Latin-1 character |
| 189 | precedes a character in the string that should match the pattern. [perl |
| 190 | #101710] |
| 191 | |
| 192 | =item * |
| 193 | |
| 194 | In case-insensitive regular expression pattern matching, no longer on |
| 195 | UTF-8 encoded strings does the scan for the start of match only look at |
| 196 | the first possible position. This caused matches such as |
| 197 | C<"f\x{FB00}" =~ /ff/i> to fail. |
| 198 | |
| 199 | =item * |
| 200 | |
| 201 | The sitecustomize support was made relocatableinc aware, so that |
| 202 | -Dusesitecustomize and -Duserelocatableinc may be used together. |
| 203 | |
| 204 | =item * |
| 205 | |
| 206 | The smartmatch operator (C<~~>) was changed so that the right-hand side |
| 207 | takes precedence during C<Any ~~ Object> operations. |
| 208 | |
| 209 | =item * |
| 210 | |
| 211 | A bug has been fixed in the tainting support, in which an C<index()> |
| 212 | operation on a tainted constant would cause all other constants to become |
| 213 | tainted. [perl #64804] |
| 214 | |
| 215 | =item * |
| 216 | |
| 217 | A regression has been fixed that was introduced in perl 5.12, whereby |
| 218 | tainting errors were not correctly propagated through C<die()>. |
| 219 | [perl #111654] |
| 220 | |
| 221 | =item * |
| 222 | |
| 223 | A regression has been fixed that was introduced in perl 5.14, in which |
| 224 | C</[[:lower:]]/i> and C</[[:upper:]]/i> no longer matched the opposite case. |
| 225 | [perl #101970] |
| 226 | |
| 227 | =back |
| 228 | |
| 229 | =head1 Acknowledgements |
| 230 | |
| 231 | Perl 5.14.3 represents approximately 12 months of development since Perl 5.14.2 |
| 232 | and contains approximately 2,300 lines of changes across 64 files from 22 |
| 233 | authors. |
| 234 | |
| 235 | Perl continues to flourish into its third decade thanks to a vibrant community |
| 236 | of users and developers. The following people are known to have contributed the |
| 237 | improvements that became Perl 5.14.3: |
| 238 | |
| 239 | Abigail, Andy Dougherty, Carl Hayter, Chris 'BinGOs' Williams, Dave Rolsky, |
| 240 | David Mitchell, Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, |
| 241 | H.Merijn Brand, Jilles Tjoelker, Karl Williamson, Leon Timmermans, Michael G |
| 242 | Schwern, Nicholas Clark, Niko Tyni, Pino Toscano, Ricardo Signes, Salvador |
| 243 | FandiƱo, Samuel Thibault, Steve Hay, Tony Cook. |
| 244 | |
| 245 | The list above is almost certainly incomplete as it is automatically generated |
| 246 | from version control history. In particular, it does not include the names of |
| 247 | the (very much appreciated) contributors who reported issues to the Perl bug |
| 248 | tracker. |
| 249 | |
| 250 | Many of the changes included in this version originated in the CPAN modules |
| 251 | included in Perl's core. We're grateful to the entire CPAN community for |
| 252 | helping Perl to flourish. |
| 253 | |
| 254 | For a more complete list of all of Perl's historical contributors, please see |
| 255 | the F<AUTHORS> file in the Perl source distribution. |
| 256 | |
| 257 | =head1 Reporting Bugs |
| 258 | |
| 259 | If you find what you think is a bug, you might check the articles |
| 260 | recently posted to the comp.lang.perl.misc newsgroup and the perl |
| 261 | bug database at http://rt.perl.org/perlbug/ . There may also be |
| 262 | information at http://www.perl.org/ , the Perl Home Page. |
| 263 | |
| 264 | If you believe you have an unreported bug, please run the L<perlbug> |
| 265 | program included with your release. Be sure to trim your bug down |
| 266 | to a tiny but sufficient test case. Your bug report, along with the |
| 267 | output of C<perl -V>, will be sent off to perlbug@perl.org to be |
| 268 | analysed by the Perl porting team. |
| 269 | |
| 270 | If the bug you are reporting has security implications, which make it |
| 271 | inappropriate to send to a publicly archived mailing list, then please send |
| 272 | it to perl5-security-report@perl.org. This points to a closed subscription |
| 273 | unarchived mailing list, which includes all the core committers, who be able |
| 274 | to help assess the impact of issues, figure out a resolution, and help |
| 275 | co-ordinate the release of patches to mitigate or fix the problem across all |
| 276 | platforms on which Perl is supported. Please only use this address for |
| 277 | security issues in the Perl core, not for modules independently |
| 278 | distributed on CPAN. |
| 279 | |
| 280 | =head1 SEE ALSO |
| 281 | |
| 282 | The F<Changes> file for an explanation of how to view exhaustive details |
| 283 | on what changed. |
| 284 | |
| 285 | The F<INSTALL> file for how to build Perl. |
| 286 | |
| 287 | The F<README> file for general stuff. |
| 288 | |
| 289 | The F<Artistic> and F<Copying> files for copyright information. |
| 290 | |
| 291 | =cut |