| 1 | =encoding utf8 |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | perl5261delta - what is new for perl v5.26.1 |
| 6 | |
| 7 | =head1 DESCRIPTION |
| 8 | |
| 9 | This document describes differences between the 5.26.0 release and the 5.26.1 |
| 10 | release. |
| 11 | |
| 12 | If you are upgrading from an earlier release such as 5.24.0, first read |
| 13 | L<perl5260delta>, which describes differences between 5.24.0 and 5.26.0. |
| 14 | |
| 15 | =head1 Security |
| 16 | |
| 17 | =head2 [CVE-2017-12837] Heap buffer overflow in regular expression compiler |
| 18 | |
| 19 | Compiling certain regular expression patterns with the case-insensitive |
| 20 | modifier could cause a heap buffer overflow and crash perl. This has now been |
| 21 | fixed. |
| 22 | L<[perl #131582]|https://rt.perl.org/Public/Bug/Display.html?id=131582> |
| 23 | |
| 24 | =head2 [CVE-2017-12883] Buffer over-read in regular expression parser |
| 25 | |
| 26 | For certain types of syntax error in a regular expression pattern, the error |
| 27 | message could either contain the contents of a random, possibly large, chunk of |
| 28 | memory, or could crash perl. This has now been fixed. |
| 29 | L<[perl #131598]|https://rt.perl.org/Public/Bug/Display.html?id=131598> |
| 30 | |
| 31 | =head2 [CVE-2017-12814] C<$ENV{$key}> stack buffer overflow on Windows |
| 32 | |
| 33 | A possible stack buffer overflow in the C<%ENV> code on Windows has been fixed |
| 34 | by removing the buffer completely since it was superfluous anyway. |
| 35 | L<[perl #131665]|https://rt.perl.org/Public/Bug/Display.html?id=131665> |
| 36 | |
| 37 | =head1 Incompatible Changes |
| 38 | |
| 39 | There are no changes intentionally incompatible with 5.26.0. If any exist, |
| 40 | they are bugs, and we request that you submit a report. See L</Reporting |
| 41 | Bugs> below. |
| 42 | |
| 43 | =head1 Modules and Pragmata |
| 44 | |
| 45 | =head2 Updated Modules and Pragmata |
| 46 | |
| 47 | =over 4 |
| 48 | |
| 49 | =item * |
| 50 | |
| 51 | L<base> has been upgraded from version 2.25 to 2.26. |
| 52 | |
| 53 | The effects of dotless C<@INC> on this module have been limited by the |
| 54 | introduction of a more refined and accurate solution for removing C<'.'> from |
| 55 | C<@INC> while reducing the false positives. |
| 56 | |
| 57 | =item * |
| 58 | |
| 59 | L<charnames> has been upgraded from version 1.44 to 1.45. |
| 60 | |
| 61 | =item * |
| 62 | |
| 63 | L<Module::CoreList> has been upgraded from version 5.20170530 to 5.20170922_26. |
| 64 | |
| 65 | =back |
| 66 | |
| 67 | =head1 Platform Support |
| 68 | |
| 69 | =head2 Platform-Specific Notes |
| 70 | |
| 71 | =over 4 |
| 72 | |
| 73 | =item FreeBSD |
| 74 | |
| 75 | =over 4 |
| 76 | |
| 77 | =item * |
| 78 | |
| 79 | Building with B<g++> on FreeBSD-11.0 has been fixed. |
| 80 | L<[perl #131337]|https://rt.perl.org/Public/Bug/Display.html?id=131337> |
| 81 | |
| 82 | =back |
| 83 | |
| 84 | =item Windows |
| 85 | |
| 86 | =over 4 |
| 87 | |
| 88 | =item * |
| 89 | |
| 90 | Support for compiling perl on Windows using Microsoft Visual Studio 2017 |
| 91 | (containing Visual C++ 14.1) has been added. |
| 92 | |
| 93 | =item * |
| 94 | |
| 95 | Building XS modules with GCC 6 in a 64-bit build of Perl failed due to |
| 96 | incorrect mapping of C<strtoll> and C<strtoull>. This has now been fixed. |
| 97 | L<[perl #131726]|https://rt.perl.org/Public/Bug/Display.html?id=131726> |
| 98 | L<[cpan #121683]|https://rt.cpan.org/Public/Bug/Display.html?id=121683> |
| 99 | L<[cpan #122353]|https://rt.cpan.org/Public/Bug/Display.html?id=122353> |
| 100 | |
| 101 | =back |
| 102 | |
| 103 | =back |
| 104 | |
| 105 | =head1 Selected Bug Fixes |
| 106 | |
| 107 | =over 4 |
| 108 | |
| 109 | =item * |
| 110 | |
| 111 | Several built-in functions previously had bugs that could cause them to write |
| 112 | to the internal stack without allocating room for the item being written. In |
| 113 | rare situations, this could have led to a crash. These bugs have now been |
| 114 | fixed, and if any similar bugs are introduced in future, they will be detected |
| 115 | automatically in debugging builds. |
| 116 | L<[perl #131732]|https://rt.perl.org/Public/Bug/Display.html?id=131732> |
| 117 | |
| 118 | =item * |
| 119 | |
| 120 | Using a symbolic ref with postderef syntax as the key in a hash lookup was |
| 121 | yielding an assertion failure on debugging builds. |
| 122 | L<[perl #131627]|https://rt.perl.org/Public/Bug/Display.html?id=131627> |
| 123 | |
| 124 | =item * |
| 125 | |
| 126 | List assignment (C<aassign>) could in some rare cases allocate an entry on the |
| 127 | mortal stack and leave the entry uninitialized. |
| 128 | L<[perl #131570]|https://rt.perl.org/Public/Bug/Display.html?id=131570> |
| 129 | |
| 130 | =item * |
| 131 | |
| 132 | Attempting to apply an attribute to an C<our> variable where a function of that |
| 133 | name already exists could result in a NULL pointer being supplied where an SV |
| 134 | was expected, crashing perl. |
| 135 | L<[perl #131597]|https://rt.perl.org/Public/Bug/Display.html?id=131597> |
| 136 | |
| 137 | =item * |
| 138 | |
| 139 | The code that vivifies a typeglob out of a code ref made some false assumptions |
| 140 | that could lead to a crash in cases such as C<< $::{"A"} = sub {}; \&{"A"} >>. |
| 141 | This has now been fixed. |
| 142 | L<[perl #131085]|https://rt.perl.org/Public/Bug/Display.html?id=131085> |
| 143 | |
| 144 | =item * |
| 145 | |
| 146 | C<my_atof2> no longer reads beyond the terminating NUL, which previously |
| 147 | occurred if the decimal point is immediately before the NUL. |
| 148 | L<[perl #131526]|https://rt.perl.org/Public/Bug/Display.html?id=131526> |
| 149 | |
| 150 | =item * |
| 151 | |
| 152 | Occasional "Malformed UTF-8 character" crashes in C<s//> on utf8 strings have |
| 153 | been fixed. |
| 154 | L<[perl #131575]|https://rt.perl.org/Public/Bug/Display.html?id=131575> |
| 155 | |
| 156 | =item * |
| 157 | |
| 158 | C<perldoc -f s> now finds C<s///>. |
| 159 | L<[perl #131371]|https://rt.perl.org/Public/Bug/Display.html?id=131371> |
| 160 | |
| 161 | =item * |
| 162 | |
| 163 | Some erroneous warnings after utf8 conversion have been fixed. |
| 164 | L<[perl #131190]|https://rt.perl.org/Public/Bug/Display.html?id=131190> |
| 165 | |
| 166 | =item * |
| 167 | |
| 168 | The C<jmpenv> frame to catch Perl exceptions is set up lazily, and this used to |
| 169 | be a bit too lazy. The catcher is now set up earlier, preventing some possible |
| 170 | crashes. |
| 171 | L<[perl #105930]|https://rt.perl.org/Public/Bug/Display.html?id=105930> |
| 172 | |
| 173 | =item * |
| 174 | |
| 175 | Spurious "Assuming NOT a POSIX class" warnings have been removed. |
| 176 | L<[perl #131522]|https://rt.perl.org/Public/Bug/Display.html?id=131522> |
| 177 | |
| 178 | =back |
| 179 | |
| 180 | =head1 Acknowledgements |
| 181 | |
| 182 | Perl 5.26.1 represents approximately 4 months of development since Perl 5.26.0 |
| 183 | and contains approximately 8,900 lines of changes across 85 files from 23 |
| 184 | authors. |
| 185 | |
| 186 | Excluding auto-generated files, documentation and release tools, there were |
| 187 | approximately 990 lines of changes to 38 .pm, .t, .c and .h files. |
| 188 | |
| 189 | Perl continues to flourish into its third decade thanks to a vibrant community |
| 190 | of users and developers. The following people are known to have contributed |
| 191 | the improvements that became Perl 5.26.1: |
| 192 | |
| 193 | Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs' Williams, |
| 194 | Craig A. Berry, Dagfinn Ilmari Mannsåker, David Mitchell, E. Choroba, Eric |
| 195 | Herman, Father Chrysostomos, Jacques Germishuys, James E Keenan, John SJ |
| 196 | Anderson, Karl Williamson, Ken Brown, Lukas Mai, Matthew Horsfall, Ricardo |
| 197 | Signes, Sawyer X, Steve Hay, Tony Cook, Yves Orton, Zefram. |
| 198 | |
| 199 | The list above is almost certainly incomplete as it is automatically generated |
| 200 | from version control history. In particular, it does not include the names of |
| 201 | the (very much appreciated) contributors who reported issues to the Perl bug |
| 202 | tracker. |
| 203 | |
| 204 | Many of the changes included in this version originated in the CPAN modules |
| 205 | included in Perl's core. We're grateful to the entire CPAN community for |
| 206 | helping Perl to flourish. |
| 207 | |
| 208 | For a more complete list of all of Perl's historical contributors, please see |
| 209 | the F<AUTHORS> file in the Perl source distribution. |
| 210 | |
| 211 | =head1 Reporting Bugs |
| 212 | |
| 213 | If you find what you think is a bug, you might check the perl bug database |
| 214 | at L<https://rt.perl.org/> . There may also be information at |
| 215 | L<http://www.perl.org/> , the Perl Home Page. |
| 216 | |
| 217 | If you believe you have an unreported bug, please run the L<perlbug> program |
| 218 | included with your release. Be sure to trim your bug down to a tiny but |
| 219 | sufficient test case. Your bug report, along with the output of C<perl -V>, |
| 220 | will be sent off to perlbug@perl.org to be analysed by the Perl porting team. |
| 221 | |
| 222 | If the bug you are reporting has security implications which make it |
| 223 | inappropriate to send to a publicly archived mailing list, then see |
| 224 | L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to |
| 225 | report the issue. |
| 226 | |
| 227 | =head1 Give Thanks |
| 228 | |
| 229 | If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you |
| 230 | can do so by running the C<perlthanks> program: |
| 231 | |
| 232 | perlthanks |
| 233 | |
| 234 | This will send an email to the Perl 5 Porters list with your show of thanks. |
| 235 | |
| 236 | =head1 SEE ALSO |
| 237 | |
| 238 | The F<Changes> file for an explanation of how to view exhaustive details on |
| 239 | what changed. |
| 240 | |
| 241 | The F<INSTALL> file for how to build Perl. |
| 242 | |
| 243 | The F<README> file for general stuff. |
| 244 | |
| 245 | The F<Artistic> and F<Copying> files for copyright information. |
| 246 | |
| 247 | =cut |