| 1 | =encoding utf8 |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | perl5142delta - what is new for perl v5.14.2 |
| 6 | |
| 7 | =head1 DESCRIPTION |
| 8 | |
| 9 | This document describes differences between the 5.14.1 release and |
| 10 | the 5.14.2 release. |
| 11 | |
| 12 | If you are upgrading from an earlier release such as 5.14.0, first read |
| 13 | L<perl5141delta>, which describes differences between 5.14.0 and |
| 14 | 5.14.1. |
| 15 | |
| 16 | =head1 Core Enhancements |
| 17 | |
| 18 | No changes since 5.14.0. |
| 19 | |
| 20 | =head1 Security |
| 21 | |
| 22 | =head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728). |
| 23 | |
| 24 | Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would |
| 25 | cause an access violation / segfault. A Perl program that accepts a flags value from |
| 26 | an external source could expose itself to denial of service or arbitrary code |
| 27 | execution attacks. There are no known exploits in the wild. The problem has been |
| 28 | corrected by explicitly disabling all unsupported flags and setting unused function |
| 29 | pointers to null. Bug reported by Clément Lecigne. |
| 30 | |
| 31 | =head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939) |
| 32 | |
| 33 | A bug in C<Encode> could, on certain inputs, cause the heap to overflow. |
| 34 | This problem has been corrected. Bug reported by Robert Zacek. |
| 35 | |
| 36 | =head1 Incompatible Changes |
| 37 | |
| 38 | There are no changes intentionally incompatible with 5.14.0. If any |
| 39 | exist, they are bugs and reports are welcome. |
| 40 | |
| 41 | =head1 Deprecations |
| 42 | |
| 43 | There have been no deprecations since 5.14.0. |
| 44 | |
| 45 | =head1 Modules and Pragmata |
| 46 | |
| 47 | =head2 New Modules and Pragmata |
| 48 | |
| 49 | None |
| 50 | |
| 51 | =head2 Updated Modules and Pragmata |
| 52 | |
| 53 | =over 4 |
| 54 | |
| 55 | =item * |
| 56 | |
| 57 | L<CPAN> has been upgraded from version 1.9600 to version 1.9600_01. |
| 58 | |
| 59 | L<CPAN::Distribution> has been upgraded from version 1.9602 to 1.9602_01. |
| 60 | |
| 61 | Backported bugfixes from CPAN version 1.9800. Ensures proper |
| 62 | detection of C<configure_requires> prerequisites from CPAN Meta files |
| 63 | in the case where C<dynamic_config> is true. [rt.cpan.org #68835] |
| 64 | |
| 65 | Also ensures that C<configure_requires> is only checked in META files, |
| 66 | not MYMETA files, so protect against MYMETA generation that drops |
| 67 | C<configure_requires>. |
| 68 | |
| 69 | =item * |
| 70 | |
| 71 | L<Encode> has been upgraded from version 2.42 to 2.42_01. |
| 72 | |
| 73 | See L</Security>. |
| 74 | |
| 75 | =item * |
| 76 | |
| 77 | L<File::Glob> has been upgraded from version 1.12 to version 1.13. |
| 78 | |
| 79 | See L</Security>. |
| 80 | |
| 81 | =item * |
| 82 | |
| 83 | L<PerlIO::scalar> has been upgraded from version 0.11 to 0.11_01. |
| 84 | |
| 85 | It fixes a problem with C<< open my $fh, ">", \$scalar >> not working if |
| 86 | C<$scalar> is a copy-on-write scalar. |
| 87 | |
| 88 | =back |
| 89 | |
| 90 | =head2 Removed Modules and Pragmata |
| 91 | |
| 92 | None |
| 93 | |
| 94 | =head1 Platform Support |
| 95 | |
| 96 | =head2 New Platforms |
| 97 | |
| 98 | None |
| 99 | |
| 100 | =head2 Discontinued Platforms |
| 101 | |
| 102 | None |
| 103 | |
| 104 | =head2 Platform-Specific Notes |
| 105 | |
| 106 | =over 4 |
| 107 | |
| 108 | =item HP-UX PA-RISC/64 now supports gcc-4.x |
| 109 | |
| 110 | A fix to correct the socketsize now makes the test suite pass on HP-UX |
| 111 | PA-RISC for 64bitall builds. |
| 112 | |
| 113 | =item Building on OS X 10.7 Lion and Xcode 4 works again |
| 114 | |
| 115 | The build system has been updated to work with the build tools under Mac OS X |
| 116 | 10.7. |
| 117 | |
| 118 | =back |
| 119 | |
| 120 | =head1 Bug Fixes |
| 121 | |
| 122 | =over 4 |
| 123 | |
| 124 | =item * |
| 125 | |
| 126 | In @INC filters (subroutines returned by subroutines in @INC), $_ used to |
| 127 | misbehave: If returned from a subroutine, it would not be copied, but the |
| 128 | variable itself would be returned; and freeing $_ (e.g., with C<undef *_>) |
| 129 | would cause perl to crash. This has been fixed [perl #91880]. |
| 130 | |
| 131 | =item * |
| 132 | |
| 133 | Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of |
| 134 | a pack template equivalent to "U0" if the input string was empty. This has |
| 135 | been fixed [perl #90160]. |
| 136 | |
| 137 | =item * |
| 138 | |
| 139 | C<caller> no longer leaks memory when called from the DB package if |
| 140 | C<@DB::args> was assigned to after the first call to C<caller>. L<Carp> |
| 141 | was triggering this bug [perl #97010]. |
| 142 | |
| 143 | =item * |
| 144 | |
| 145 | C<utf8::decode> had a nasty bug that would modify copy-on-write scalars' |
| 146 | string buffers in place (i.e., skipping the copy). This could result in |
| 147 | hashes having two elements with the same key [perl #91834]. |
| 148 | |
| 149 | =item * |
| 150 | |
| 151 | Localising a tied variable used to make it read-only if it contained a |
| 152 | copy-on-write string. |
| 153 | |
| 154 | =item * |
| 155 | |
| 156 | Elements of restricted hashes (see the L<fields> pragma) containing |
| 157 | copy-on-write values couldn't be deleted, nor could such hashes be cleared |
| 158 | (C<%hash = ()>). |
| 159 | |
| 160 | =item * |
| 161 | |
| 162 | Locking a hash element that is a glob copy no longer causes subsequent |
| 163 | assignment to it to corrupt the glob. |
| 164 | |
| 165 | =item * |
| 166 | |
| 167 | A panic involving the combination of the regular expression modifiers |
| 168 | C</aa> introduced in 5.14.0 and the C<\b> escape sequence has been |
| 169 | fixed [perl #95964]. |
| 170 | |
| 171 | =back |
| 172 | |
| 173 | =head1 Known Problems |
| 174 | |
| 175 | This is a list of some significant unfixed bugs, which are regressions |
| 176 | from 5.12.0. |
| 177 | |
| 178 | =over 4 |
| 179 | |
| 180 | =item * |
| 181 | |
| 182 | C<PERL_GLOBAL_STRUCT> is broken. |
| 183 | |
| 184 | Since perl 5.14.0, building with C<-DPERL_GLOBAL_STRUCT> hasn't been |
| 185 | possible. This means that perl currently doesn't work on any platforms that |
| 186 | require it to be built this way, including Symbian. |
| 187 | |
| 188 | While C<PERL_GLOBAL_STRUCT> now works again on recent development versions of |
| 189 | perl, it actually working on Symbian again hasn't been verified. |
| 190 | |
| 191 | We'd be very interested in hearing from anyone working with Perl on Symbian. |
| 192 | |
| 193 | =back |
| 194 | |
| 195 | =head1 Acknowledgements |
| 196 | |
| 197 | Perl 5.14.2 represents approximately three months of development since |
| 198 | Perl 5.14.1 and contains approximately 1200 lines of changes |
| 199 | across 61 files from 9 authors. |
| 200 | |
| 201 | Perl continues to flourish into its third decade thanks to a vibrant |
| 202 | community of users and developers. The following people are known to |
| 203 | have contributed the improvements that became Perl 5.14.2: |
| 204 | |
| 205 | Craig A. Berry, David Golden, Father Chrysostomos, Florian Ragwitz, H.Merijn |
| 206 | Brand, Karl Williamson, Nicholas Clark, Pau Amma and Ricardo Signes. |
| 207 | |
| 208 | =head1 Reporting Bugs |
| 209 | |
| 210 | If you find what you think is a bug, you might check the articles |
| 211 | recently posted to the comp.lang.perl.misc newsgroup and the perl |
| 212 | bug database at http://rt.perl.org/perlbug/ . There may also be |
| 213 | information at http://www.perl.org/ , the Perl Home Page. |
| 214 | |
| 215 | If you believe you have an unreported bug, please run the L<perlbug> |
| 216 | program included with your release. Be sure to trim your bug down |
| 217 | to a tiny but sufficient test case. Your bug report, along with the |
| 218 | output of C<perl -V>, will be sent off to perlbug@perl.org to be |
| 219 | analysed by the Perl porting team. |
| 220 | |
| 221 | If the bug you are reporting has security implications, which make it |
| 222 | inappropriate to send to a publicly archived mailing list, then please send |
| 223 | it to perl5-security-report@perl.org. This points to a closed subscription |
| 224 | unarchived mailing list, which includes all the core committers, who be able |
| 225 | to help assess the impact of issues, figure out a resolution, and help |
| 226 | co-ordinate the release of patches to mitigate or fix the problem across all |
| 227 | platforms on which Perl is supported. Please only use this address for |
| 228 | security issues in the Perl core, not for modules independently |
| 229 | distributed on CPAN. |
| 230 | |
| 231 | =head1 SEE ALSO |
| 232 | |
| 233 | The F<Changes> file for an explanation of how to view exhaustive details |
| 234 | on what changed. |
| 235 | |
| 236 | The F<INSTALL> file for how to build Perl. |
| 237 | |
| 238 | The F<README> file for general stuff. |
| 239 | |
| 240 | The F<Artistic> and F<Copying> files for copyright information. |
| 241 | |
| 242 | =cut |