| 1 | =encoding utf8 |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | perl5175delta - what is new for perl v5.17.5 |
| 6 | |
| 7 | =head1 DESCRIPTION |
| 8 | |
| 9 | This document describes differences between the 5.17.4 release and the 5.17.5 |
| 10 | release. |
| 11 | |
| 12 | If you are upgrading from an earlier release such as 5.17.3, first read |
| 13 | L<perl5174delta>, which describes differences between 5.17.3 and 5.17.4. |
| 14 | |
| 15 | =head1 Core Enhancements |
| 16 | |
| 17 | =head2 Upgrade to Unicode 6.2 |
| 18 | |
| 19 | Perl now supports the final version of Unicode 6.2. Earlier releases in |
| 20 | the 5.17 series supported Unicode 6.2 beta versions. There were no |
| 21 | substantive changes in the final Unicode 6.2 version from the most |
| 22 | recent beta, included in Perl 5.17.4. A list of changes from Unicode |
| 23 | 6.1 is at L<http://www.unicode.org/versions/Unicode6.2.0>. |
| 24 | |
| 25 | =head1 Security |
| 26 | |
| 27 | =head2 Avoid calling memset with a negative count |
| 28 | |
| 29 | Poorly written perl code that allows an attacker to specify the count to perl's |
| 30 | C<x> string repeat operator can already cause a memory exhaustion |
| 31 | denial-of-service attack. A flaw in versions of perl before 5.15.5 can escalate |
| 32 | that into a heap buffer overrun; coupled with versions of glibc before 2.16, it |
| 33 | possibly allows the execution of arbitrary code. |
| 34 | |
| 35 | The flaw addressed to this commit has been assigned identifier CVE-2012-5195. |
| 36 | |
| 37 | =head1 Incompatible Changes |
| 38 | |
| 39 | =head2 New Restrictions in Multi-Character Case-Insensitive Matching in Regular Expression Bracketed Character Classes |
| 40 | |
| 41 | Unicode has now withdrawn their previous recommendation for regular |
| 42 | expressions to automatically handle cases where a single character can |
| 43 | match multiple characters case-insensitively; for example, the letter |
| 44 | LATIN SMALL LETTER SHARP S and the sequence C<ss>. This is because |
| 45 | it turns out to be impracticable to do this correctly in all |
| 46 | circumstances. Because Perl has tried to do this as best it can, it |
| 47 | will continue to do so. (We are considering an option to turn it off.) |
| 48 | However, a new restriction is being added on such matches when they |
| 49 | occur in [bracketed] character classes. People were specifying |
| 50 | things such as C</[\0-\xff]/i>, and being surprised that it matches the |
| 51 | two character sequence C<ss> (since LATIN SMALL LETTER SHARP S occurs in |
| 52 | this range). This behavior is also inconsistent with the using a |
| 53 | property instead of a range: C<\p{Block=Latin1}> also includes LATIN |
| 54 | SMALL LETTER SHARP S, but C</[\p{Block=Latin1}]/i> does not match C<ss>. |
| 55 | The new rule is that for there to be a multi-character case-insensitive |
| 56 | match within a bracketed character class, the character must be |
| 57 | explicitly listed, and not as an end point of a range. This more |
| 58 | closely obeys the Principle of Least Astonishment. See |
| 59 | L<perlrecharclass/Bracketed Character Classes>. Note that a bug [perl |
| 60 | #89774], now fixed as part of this change, prevented the previous |
| 61 | behavior from working fully. |
| 62 | |
| 63 | =head2 Change to Warnings About Lexical Subroutines |
| 64 | |
| 65 | The warnings category for lexical subroutines is now |
| 66 | "experimental::lexical_subs", with two colons, not |
| 67 | "experimental:lexical_subs"; |
| 68 | |
| 69 | =head1 Modules and Pragmata |
| 70 | |
| 71 | =head2 Updated Modules and Pragmata |
| 72 | |
| 73 | =over 4 |
| 74 | |
| 75 | =item * |
| 76 | |
| 77 | L<AutoLoader> has been upgraded from version 5.72 to 5.73. |
| 78 | |
| 79 | =item * |
| 80 | |
| 81 | L<B::Deparse> has been upgraded from version 1.17 to 1.18. It no longer |
| 82 | dies when deparsing C<sort> without arguments. It now correctly omits the |
| 83 | comma for C<system $prog @args> and C<exec $prog @args>. |
| 84 | |
| 85 | =item * |
| 86 | |
| 87 | L<bignum>, L<bigint> and L<bigrat> have been upgraded from version 0.30 to |
| 88 | 0.31. The overrides for C<hex> and C<oct> have been rewritten, eliminating |
| 89 | several problems, and making one incompatible change: |
| 90 | |
| 91 | =over |
| 92 | |
| 93 | =item * |
| 94 | |
| 95 | Formerly, whichever of C<use bigint> or C<use bigrat> was compiled later |
| 96 | would take precedence over the other, causing C<hex> and C<oct> not to |
| 97 | respect the other pragma when in scope. |
| 98 | |
| 99 | =item * |
| 100 | |
| 101 | Using any of these three pragmata would cause C<hex> and C<oct> anywhere |
| 102 | else in the program to evalute their arguments in list context and prevent |
| 103 | them from inferring $_ when called without arguments. |
| 104 | |
| 105 | =item * |
| 106 | |
| 107 | Using any of these three pragmata would make C<oct("1234")> return 1234 |
| 108 | (for any number not beginning with 0) anywhere in the program. Now "1234" |
| 109 | is translated from octal to decimal, whether within the pragma's scope or |
| 110 | not. |
| 111 | |
| 112 | =item * |
| 113 | |
| 114 | The global overrides that facilitate lexical use of C<hex> and C<oct> now |
| 115 | respect any existing overrides that were in place before the new overrides |
| 116 | were installed, falling back to them outside of the scope of C<use bignum>. |
| 117 | |
| 118 | =item * |
| 119 | |
| 120 | C<use bignum "hex">, C<use bignum "oct"> and similar invocations for bigint |
| 121 | and bigrat now export a C<hex> or C<oct> function, instead of providing a |
| 122 | global override. |
| 123 | |
| 124 | =back |
| 125 | |
| 126 | =item * |
| 127 | |
| 128 | L<Carp> has been upgraded from version 1.26 to 1.27. The C<longmess()> and |
| 129 | C<shortmess()> functions are now documented. |
| 130 | |
| 131 | =item * |
| 132 | |
| 133 | L<CPANPLUS> has been upgraded from version 0.9131 to 0.9133. |
| 134 | |
| 135 | =item * |
| 136 | |
| 137 | L<Data::Dumper> has been upgraded from version 2.135_07 to 2.136. This promotes |
| 138 | the previous development release to a stable release. |
| 139 | |
| 140 | =item * |
| 141 | |
| 142 | L<Digest::SHA> has been upgraded from version 5.71 to 5.72. |
| 143 | |
| 144 | =item * |
| 145 | |
| 146 | L<ExtUtils::CBuilder> has been upgraded from version 0.280208 to 0.280209. A |
| 147 | list of symbols to export can now be passed to C<link()> when on Windows, as on |
| 148 | other OSes [perl #115100]. |
| 149 | |
| 150 | =item * |
| 151 | |
| 152 | L<feature> has been upgraded from version 1.30 to 1.31. |
| 153 | |
| 154 | =item * |
| 155 | |
| 156 | L<File::Glob> has been upgraded from version 1.17 to 1.18. A |
| 157 | space-separated list of patterns return long lists of results no longer |
| 158 | results in memory corruption or crashes. This bug was introduced in Perl |
| 159 | 5.16.0. [perl #114984] |
| 160 | |
| 161 | =item * |
| 162 | |
| 163 | L<HTTP::Tiny> has been upgraded from version 0.022 to 0.024. This improves |
| 164 | SSL support. |
| 165 | |
| 166 | =item * |
| 167 | |
| 168 | L<Module::CoreList> has been upgraded from version 2.73 to 2.75. |
| 169 | |
| 170 | =item * |
| 171 | |
| 172 | L<PerlIO::encoding> has been upgraded from version 0.15 to 0.16. This is |
| 173 | the module implementing the ":encoding(...)" I/O layer. It no longer |
| 174 | corrupts memory or crashes when the encoding back-end reallocates the |
| 175 | buffer or gives it a typeglob or shared hash key scalar. |
| 176 | |
| 177 | =item * |
| 178 | |
| 179 | L<threads::shared> has been upgraded from version 1.41 to 1.42. This adds |
| 180 | support for dual-valued values as created by |
| 181 | L<Scalar::Util::dualvar|Scalar::Util/"dualvar NUM, STRING">. |
| 182 | |
| 183 | =item * |
| 184 | |
| 185 | L<Unicode::Collate> hsa been upgraded from version 0.89 to 0.90. |
| 186 | |
| 187 | =item * |
| 188 | |
| 189 | L<Unicode::Normalize> has been upgraded from version 1.14 to 1.15. |
| 190 | |
| 191 | =item * |
| 192 | |
| 193 | L<warnings> has been upgraded from version 1.14 to 1.15. |
| 194 | |
| 195 | =item * |
| 196 | |
| 197 | L<Win32CORE> has been upgraded from version 0.03 to 0.04. |
| 198 | |
| 199 | =back |
| 200 | |
| 201 | =head1 Diagnostics |
| 202 | |
| 203 | The following additions or changes have been made to diagnostic output, |
| 204 | including warnings and fatal error messages. For the complete list of |
| 205 | diagnostic messages, see L<perldiag>. |
| 206 | |
| 207 | =head2 Changes to Existing Diagnostics |
| 208 | |
| 209 | =over 4 |
| 210 | |
| 211 | =item * |
| 212 | |
| 213 | The error produced when a module cannot be loaded now includes a hint that |
| 214 | the module may need to be installed: "Can't locate hopping.pm in @INC (you |
| 215 | may need to install the hopping module) (@INC contains: ...)" |
| 216 | |
| 217 | =back |
| 218 | |
| 219 | =head1 Utility Changes |
| 220 | |
| 221 | =head3 L<h2xs> |
| 222 | |
| 223 | =over 4 |
| 224 | |
| 225 | =item * |
| 226 | |
| 227 | F<h2xs> no longer produces invalid code for empty defines. [perl #20636] |
| 228 | |
| 229 | =back |
| 230 | |
| 231 | =head1 Platform Support |
| 232 | |
| 233 | =head2 Discontinued Platforms |
| 234 | |
| 235 | =over 4 |
| 236 | |
| 237 | =item MPE/IX |
| 238 | |
| 239 | Support for MPE/IX has been removed. |
| 240 | |
| 241 | =back |
| 242 | |
| 243 | =head2 Platform-Specific Notes |
| 244 | |
| 245 | =over 4 |
| 246 | |
| 247 | =item Win32 |
| 248 | |
| 249 | The option to build without USE_SOCKETS_AS_HANDLES has been removed. |
| 250 | |
| 251 | =back |
| 252 | |
| 253 | =head1 Internal Changes |
| 254 | |
| 255 | =over 4 |
| 256 | |
| 257 | =item * |
| 258 | |
| 259 | Case-insensitive matching inside a [bracketed] character class with a |
| 260 | multi-character fold, no longer excludes one of the possibilities in the |
| 261 | circumstances that it used to. [perl #89774]. |
| 262 | |
| 263 | =item * |
| 264 | |
| 265 | C<PL_formfeed> has been removed. |
| 266 | |
| 267 | =item * |
| 268 | |
| 269 | The regular expression engine no longer reads one byte past the end of the |
| 270 | target string. While for all internally well-formed scalars this should |
| 271 | never have been a problem, this change facilitates clever tricks with |
| 272 | string buffers in CPAN modules. [perl #73542] |
| 273 | |
| 274 | =item * |
| 275 | |
| 276 | Inside a BEGIN block, C<PL_compcv> now points to the currently-compiling |
| 277 | subroutine, rather than the BEGIN block itself. |
| 278 | |
| 279 | =item * |
| 280 | |
| 281 | C<mg_length> has been deprecated. |
| 282 | |
| 283 | =item * |
| 284 | |
| 285 | C<sv_len> now always returns a byte count and C<sv_len_utf8> a character |
| 286 | count. Previously, C<sv_len> and C<sv_len_utf8> were both buggy and would |
| 287 | sometimes returns bytes and sometimes characters. C<sv_len_utf8> no longer |
| 288 | assumes that its argument is in UTF8. Neither of these creates UTF8 caches |
| 289 | for tied or overloaded values or for non-PVs any more. |
| 290 | |
| 291 | =item * |
| 292 | |
| 293 | C<sv_mortalcopy> now copies string buffers of shared hash key scalars when |
| 294 | called from XS modules [perl #79824]. |
| 295 | |
| 296 | =item * |
| 297 | |
| 298 | C<RXf_SPLIT> and C<RXf_SKIPWHITE> are no longer used. They are now |
| 299 | #defined as 0. |
| 300 | |
| 301 | =item * |
| 302 | |
| 303 | The new C<RXf_MODIFIES_VARS> flag can be set by custom regular expression |
| 304 | engines to indicate that the execution of the regular expression may cause |
| 305 | variables to be modified. This lets C<s///> know to skip certain |
| 306 | optimisations. Perl's own regular expression engine sets this flag for the |
| 307 | special backtracking verbs that set $REGMARK and $REGERROR. |
| 308 | |
| 309 | =back |
| 310 | |
| 311 | =head1 Selected Bug Fixes |
| 312 | |
| 313 | =over 4 |
| 314 | |
| 315 | =item * |
| 316 | |
| 317 | A bug, case-insensitive regex with UTF8-flagged strings, introduced |
| 318 | earlier in the 5.17 series has been fixed. [perl #114982] |
| 319 | |
| 320 | =item * |
| 321 | |
| 322 | Attributes applied to lexical variables no longer leak memory. |
| 323 | [perl #114764] |
| 324 | |
| 325 | =item * |
| 326 | |
| 327 | C<dump>, C<goto>, C<last>, C<next>, C<redo> or C<require> followed by a |
| 328 | bareword (or version) and then an infix operator is no longer a syntax |
| 329 | error. It used to be for those infix operators (like C<+>) that have a |
| 330 | different meaning where a term is expected. [perl #105924] |
| 331 | |
| 332 | =item * |
| 333 | |
| 334 | C<require a::b . 1> and C<require a::b + 1> no longer produce erroneous |
| 335 | ambiguity warnings. [perl #107002] |
| 336 | |
| 337 | =item * |
| 338 | |
| 339 | Class method calls are now allowed on any string, and not just strings |
| 340 | beginning with an alphanumeric character. [perl #105922] |
| 341 | |
| 342 | =item * |
| 343 | |
| 344 | An empty pattern created with C<qr//> used in C<m///> no longer triggers |
| 345 | the "empty pattern reuses last pattern" behaviour. [perl #96230] |
| 346 | |
| 347 | =item * |
| 348 | |
| 349 | Tying a hash during iteration no longer results in a memory leak. |
| 350 | |
| 351 | =item * |
| 352 | |
| 353 | Freeing a tied hash during iteration no longer results in a memory leak. |
| 354 | |
| 355 | =item * |
| 356 | |
| 357 | List assignment to a tied array or hash that dies on STORE no longer |
| 358 | results in a memory leak. |
| 359 | |
| 360 | =item * |
| 361 | |
| 362 | If the hint hash (C<%^H>) is tied, compile-time scope entry (which copies |
| 363 | the hint hash) no longer leaks memory if FETCH dies. [perl #107000] |
| 364 | |
| 365 | =item * |
| 366 | |
| 367 | Constant folding no longer inappropriately triggers the special |
| 368 | C<split " "> behaviour. [perl #94490] |
| 369 | |
| 370 | =item * |
| 371 | |
| 372 | C<defined scalar(@array)>, C<defined do { &foo }>, and similar constructs |
| 373 | now treat the argument to C<defined> as a simple scalar. [perl #97466] |
| 374 | |
| 375 | =item * |
| 376 | |
| 377 | Running a custom debugging that defines no C<*DB::DB> glob or provides a |
| 378 | subroutine stub for C<&DB::DB> no longer results in a crash, but an error |
| 379 | instead. [perl #114990] |
| 380 | |
| 381 | =item * |
| 382 | |
| 383 | C<reset ""> now matches its documentation. C<reset> only resets C<m?...?> |
| 384 | patterns when called with no argument. An empty string for an argument now |
| 385 | does nothing. (It used to be treated as no argument.) [perl #97958] |
| 386 | |
| 387 | =item * |
| 388 | |
| 389 | C<printf> with an argument returning an empty list no longer reads past the |
| 390 | end of the stack, resulting in erratic behaviour. [perl #77094] |
| 391 | |
| 392 | =item * |
| 393 | |
| 394 | C<--subname> no longer produces erroneous ambiguity warnings. |
| 395 | [perl #77240] |
| 396 | |
| 397 | =item * |
| 398 | |
| 399 | C<v10> is now allowed as a label or package name. This was inadvertently |
| 400 | broken when v-strings were added in Perl 5.6. [perl #56880] |
| 401 | |
| 402 | =item * |
| 403 | |
| 404 | A regression introduced in 5.17.2 has been fixed, which made C</[\@\\]||/> |
| 405 | result in a "panic" error. [perl #115050] |
| 406 | |
| 407 | =item * |
| 408 | |
| 409 | C<length>, C<pos>, C<substr> and C<sprintf> could be confused by ties, |
| 410 | overloading, references and typeglobs if the stringification of such |
| 411 | changed the internal representation to or from UTF8. [perl #114410] |
| 412 | |
| 413 | =item * |
| 414 | |
| 415 | utf8::encode now calls FETCH and STORE on tied variables. utf8::decode now |
| 416 | calls STORE (it was already calling FETCH). |
| 417 | |
| 418 | =item * |
| 419 | |
| 420 | C<$tied =~ s/$non_utf8/$utf8/> no longer loops infinitely if the tied |
| 421 | variable returns a Latin-1 string, shared hash key scalar, or reference or |
| 422 | typeglob that stringifies as ASCII or Latin-1. This is a regression from |
| 423 | 5.12.x. |
| 424 | |
| 425 | =item * |
| 426 | |
| 427 | C<s///> without /e is now better at detecting when it needs to forego |
| 428 | certain optimisations, fixing some buggy cases: |
| 429 | |
| 430 | =over |
| 431 | |
| 432 | =item * |
| 433 | |
| 434 | Match variables in certain constructs (C<&&>, C<||>, C<..> and others) in |
| 435 | the replacement part; e.g., C<s/(.)/$l{$a||$1}/g>. [perl #26986] |
| 436 | |
| 437 | =item * |
| 438 | |
| 439 | Aliases to match variables in the replacement. |
| 440 | |
| 441 | =item * |
| 442 | |
| 443 | $REGERROR or $REGMARK in the replacement. [perl #49190] |
| 444 | |
| 445 | =item * |
| 446 | |
| 447 | An empty pattern (C<s//$foo/>) that causes the last-successful pattern to |
| 448 | be used, when that pattern contains code blocks that modify the variables |
| 449 | in the replacement. |
| 450 | |
| 451 | =back |
| 452 | |
| 453 | =item * |
| 454 | |
| 455 | The taintedness of the replacement string no longer affects the taintedness |
| 456 | of the return value of C<s///e>. |
| 457 | |
| 458 | =item * |
| 459 | |
| 460 | The C<$|> autoflush variable is created on-the-fly when needed. If this |
| 461 | happened (e.g., if it was mentioned in a module or eval) when the |
| 462 | currently-selected filehandle was a typeglob with an empty IO slot, it used |
| 463 | to crash. [perl #115206] |
| 464 | |
| 465 | =item * |
| 466 | |
| 467 | Line numbers at the end of a string eval are no longer off by one. |
| 468 | [perl #114658] |
| 469 | |
| 470 | =item * |
| 471 | |
| 472 | @INC filters (subroutines returned by subroutines in @INC) that set $_ to a |
| 473 | copy-on-write scalar no longer cause the parser to modify that string |
| 474 | buffer in place. |
| 475 | |
| 476 | =item * |
| 477 | |
| 478 | C<length($object)> no longer returns the undefined value if the object has |
| 479 | string overloading that returns undef. [perl #115260] |
| 480 | |
| 481 | =item * |
| 482 | |
| 483 | The use of C<PL_stashcache>, the stash name lookup cache for method calls, has |
| 484 | been restored, |
| 485 | |
| 486 | Commit da6b625f78f5f133 in August 2011 inadvertently broke the code that looks |
| 487 | up values in C<PL_stashcache>. As it's a only cache, quite correctly everything |
| 488 | carried on working without it. |
| 489 | |
| 490 | =back |
| 491 | |
| 492 | =head1 Acknowledgements |
| 493 | |
| 494 | Perl 5.17.5 represents approximately 4 weeks of development since Perl 5.17.4 |
| 495 | and contains approximately 17,000 lines of changes across 310 files from 32 |
| 496 | authors. |
| 497 | |
| 498 | Perl continues to flourish into its third decade thanks to a vibrant community |
| 499 | of users and developers. The following people are known to have contributed the |
| 500 | improvements that became Perl 5.17.5: |
| 501 | |
| 502 | Aaron Crane, Adrian M. Enache, Andy Dougherty, Brad Gilbert, Chris 'BinGOs' |
| 503 | Williams, Colin Kuskie, Craig A. Berry, Daniel Dragan, David Golden, David |
| 504 | Mitchell, Dominic Hargreaves, Eric Brine, Father Chrysostomos, Florian Ragwitz, |
| 505 | H.Merijn Brand, James E Keenan, Jerry D. Hedden, Jesse Luehrs, Karl Williamson, |
| 506 | Nicholas Clark, Niko Tyni, Paul Johnson, Peter Martini, Reini Urban, Ricardo |
| 507 | Signes, Ruslan Zakirov, Sawyer X, Smylers, Steffen Müller, Steve Hay, Tony |
| 508 | Cook, Yves Orton. |
| 509 | |
| 510 | The list above is almost certainly incomplete as it is automatically generated |
| 511 | from version control history. In particular, it does not include the names of |
| 512 | the (very much appreciated) contributors who reported issues to the Perl bug |
| 513 | tracker. |
| 514 | |
| 515 | Many of the changes included in this version originated in the CPAN modules |
| 516 | included in Perl's core. We're grateful to the entire CPAN community for |
| 517 | helping Perl to flourish. |
| 518 | |
| 519 | For a more complete list of all of Perl's historical contributors, please see |
| 520 | the F<AUTHORS> file in the Perl source distribution. |
| 521 | |
| 522 | =head1 Reporting Bugs |
| 523 | |
| 524 | If you find what you think is a bug, you might check the articles recently |
| 525 | posted to the comp.lang.perl.misc newsgroup and the perl bug database at |
| 526 | http://rt.perl.org/perlbug/ . There may also be information at |
| 527 | http://www.perl.org/ , the Perl Home Page. |
| 528 | |
| 529 | If you believe you have an unreported bug, please run the L<perlbug> program |
| 530 | included with your release. Be sure to trim your bug down to a tiny but |
| 531 | sufficient test case. Your bug report, along with the output of C<perl -V>, |
| 532 | will be sent off to perlbug@perl.org to be analysed by the Perl porting team. |
| 533 | |
| 534 | If the bug you are reporting has security implications, which make it |
| 535 | inappropriate to send to a publicly archived mailing list, then please send it |
| 536 | to perl5-security-report@perl.org. This points to a closed subscription |
| 537 | unarchived mailing list, which includes all the core committers, who will be |
| 538 | able to help assess the impact of issues, figure out a resolution, and help |
| 539 | co-ordinate the release of patches to mitigate or fix the problem across all |
| 540 | platforms on which Perl is supported. Please only use this address for |
| 541 | security issues in the Perl core, not for modules independently distributed on |
| 542 | CPAN. |
| 543 | |
| 544 | =head1 SEE ALSO |
| 545 | |
| 546 | The F<Changes> file for an explanation of how to view exhaustive details on |
| 547 | what changed. |
| 548 | |
| 549 | The F<INSTALL> file for how to build Perl. |
| 550 | |
| 551 | The F<README> file for general stuff. |
| 552 | |
| 553 | The F<Artistic> and F<Copying> files for copyright information. |
| 554 | |
| 555 | =cut |