| 1 | =encoding utf8 |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | perl5163delta - what is new for perl v5.16.3 |
| 6 | |
| 7 | =head1 DESCRIPTION |
| 8 | |
| 9 | This document describes differences between the 5.16.2 release and |
| 10 | the 5.16.3 release. |
| 11 | |
| 12 | If you are upgrading from an earlier release such as 5.16.1, first read |
| 13 | L<perl5162delta>, which describes differences between 5.16.1 and |
| 14 | 5.16.2. |
| 15 | |
| 16 | =head1 Core Enhancements |
| 17 | |
| 18 | No changes since 5.16.0. |
| 19 | |
| 20 | =head1 Security |
| 21 | |
| 22 | This release contains one major and a number of minor security fixes. |
| 23 | These latter are included mainly to allow the test suite to pass cleanly |
| 24 | with the clang compiler's address sanitizer facility. |
| 25 | |
| 26 | =head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys |
| 27 | |
| 28 | With a carefully crafted set of hash keys (for example arguments on a |
| 29 | URL), it is possible to cause a hash to consume a large amount of memory |
| 30 | and CPU, and thus possibly to achieve a Denial-of-Service. |
| 31 | |
| 32 | This problem has been fixed. |
| 33 | |
| 34 | =head2 wrap-around with IO on long strings |
| 35 | |
| 36 | Reading or writing strings greater than 2**31 bytes in size could segfault |
| 37 | due to integer wraparound. |
| 38 | |
| 39 | This problem has been fixed. |
| 40 | |
| 41 | =head2 memory leak in Encode |
| 42 | |
| 43 | The UTF-8 encoding implementation in Encode.xs had a memory leak which has been |
| 44 | fixed. |
| 45 | |
| 46 | =head1 Incompatible Changes |
| 47 | |
| 48 | There are no changes intentionally incompatible with 5.16.0. If any |
| 49 | exist, they are bugs and reports are welcome. |
| 50 | |
| 51 | =head1 Deprecations |
| 52 | |
| 53 | There have been no deprecations since 5.16.0. |
| 54 | |
| 55 | =head1 Modules and Pragmata |
| 56 | |
| 57 | =head2 Updated Modules and Pragmata |
| 58 | |
| 59 | =over 4 |
| 60 | |
| 61 | =item * |
| 62 | |
| 63 | L<Encode> has been upgraded from version 2.44 to version 2.44_01. |
| 64 | |
| 65 | =item * |
| 66 | |
| 67 | L<Module::CoreList> has been upgraded from version 2.76 to version 2.76_02. |
| 68 | |
| 69 | =item * |
| 70 | |
| 71 | L<XS::APItest> has been upgraded from version 0.38 to version 0.39. |
| 72 | |
| 73 | =back |
| 74 | |
| 75 | =head1 Known Problems |
| 76 | |
| 77 | None. |
| 78 | |
| 79 | =head1 Acknowledgements |
| 80 | |
| 81 | Perl 5.16.3 represents approximately 4 months of development since Perl 5.16.2 |
| 82 | and contains approximately 870 lines of changes across 39 files from 7 authors. |
| 83 | |
| 84 | Perl continues to flourish into its third decade thanks to a vibrant community |
| 85 | of users and developers. The following people are known to have contributed the |
| 86 | improvements that became Perl 5.16.3: |
| 87 | |
| 88 | Andy Dougherty, Chris 'BinGOs' Williams, Dave Rolsky, David Mitchell, Michael |
| 89 | Schroeder, Ricardo Signes, Yves Orton. |
| 90 | |
| 91 | The list above is almost certainly incomplete as it is automatically generated |
| 92 | from version control history. In particular, it does not include the names of |
| 93 | the (very much appreciated) contributors who reported issues to the Perl bug |
| 94 | tracker. |
| 95 | |
| 96 | For a more complete list of all of Perl's historical contributors, please see |
| 97 | the F<AUTHORS> file in the Perl source distribution. |
| 98 | |
| 99 | =head1 Reporting Bugs |
| 100 | |
| 101 | If you find what you think is a bug, you might check the articles |
| 102 | recently posted to the comp.lang.perl.misc newsgroup and the perl |
| 103 | bug database at http://rt.perl.org/perlbug/ . There may also be |
| 104 | information at http://www.perl.org/ , the Perl Home Page. |
| 105 | |
| 106 | If you believe you have an unreported bug, please run the L<perlbug> |
| 107 | program included with your release. Be sure to trim your bug down |
| 108 | to a tiny but sufficient test case. Your bug report, along with the |
| 109 | output of C<perl -V>, will be sent off to perlbug@perl.org to be |
| 110 | analysed by the Perl porting team. |
| 111 | |
| 112 | If the bug you are reporting has security implications, which make it |
| 113 | inappropriate to send to a publicly archived mailing list, then please |
| 114 | send it to perl5-security-report@perl.org. This points to a closed |
| 115 | subscription unarchived mailing list, which includes all the core |
| 116 | committers, who will be able to help assess the impact of issues, figure |
| 117 | out a resolution, and help co-ordinate the release of patches to |
| 118 | mitigate or fix the problem across all platforms on which Perl is |
| 119 | supported. Please only use this address for security issues in the Perl |
| 120 | core, not for modules independently distributed on CPAN. |
| 121 | |
| 122 | =head1 SEE ALSO |
| 123 | |
| 124 | The F<Changes> file for an explanation of how to view exhaustive details |
| 125 | on what changed. |
| 126 | |
| 127 | The F<INSTALL> file for how to build Perl. |
| 128 | |
| 129 | The F<README> file for general stuff. |
| 130 | |
| 131 | The F<Artistic> and F<Copying> files for copyright information. |
| 132 | |
| 133 | =cut |