5 perl5125delta - what is new for perl v5.12.5
9 This document describes differences between the 5.12.4 release and
12 If you are upgrading from an earlier release such as 5.12.3, first read
13 L<perl5124delta>, which describes differences between 5.12.3 and
18 =head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939)
20 A bug in C<Encode> could, on certain inputs, cause the heap to overflow.
21 This problem has been corrected. Bug reported by Robert Zacek.
23 =head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728).
25 Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would
26 cause an access violation / segfault. A Perl program that accepts a flags value from
27 an external source could expose itself to denial of service or arbitrary code
28 execution attacks. There are no known exploits in the wild. The problem has been
29 corrected by explicitly disabling all unsupported flags and setting unused function
30 pointers to null. Bug reported by Clément Lecigne.
32 =head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195)
34 Poorly written perl code that allows an attacker to specify the count to
35 perl's 'x' string repeat operator can already cause a memory exhaustion
36 denial-of-service attack. A flaw in versions of perl before 5.15.5 can
37 escalate that into a heap buffer overrun; coupled with versions of glibc
38 before 2.16, it possibly allows the execution of arbitrary code.
40 This problem has been fixed.
42 =head1 Incompatible Changes
44 There are no changes intentionally incompatible with 5.12.4. If any
45 exist, they are bugs and reports are welcome.
47 =head1 Modules and Pragmata
49 =head2 Updated Modules
53 L<B::Concise> no longer produces mangled output with the B<-tree> option
58 A regression introduced in Perl 5.8.8 has been fixed, that caused
59 C<charnames::viacode(0)> to return C<undef> instead of the string "NULL"
62 =head3 L<Encode> has been upgraded from version 2.39 to version 2.39_01.
66 =head3 L<File::Glob> has been upgraded from version 1.07 to version 1.07_01.
70 =head3 L<Unicode::UCD>
72 The documentation for the C<upper> function now actually says "upper", not
75 =head3 L<Module::CoreList>
77 L<Module::CoreList> has been updated to version 2.50_02 to add data for
80 =head1 Changes to Existing Documentation
84 The L<perlebcdic> document contains a helpful table to use in C<tr///> to
85 convert between EBCDIC and Latin1/ASCII. Unfortunately, the table was the
86 inverse of the one it describes. This has been corrected.
91 L<User-Defined Case Mappings|perlunicode/User-Defined Case Mappings> had
92 some bad markup and unclear sentences, making parts of it unreadable. This
95 =head2 L<perluniprops>
97 This document has been corrected to take non-ASCII platforms into account.
99 =head1 Installation and Configuration Improvements
101 =head2 Platform Specific Changes
107 There have been configuration and test fixes to make Perl build cleanly on
108 Lion and Mountain Lion.
112 The NetBSD hints file was corrected to be compatible with NetBSD 6.*
116 =head1 Selected Bug Fixes
122 C<chop> now correctly handles characters above "\x{7fffffff}"
127 C<< ($<,$>) = (...) >> stopped working properly in 5.12.0. It is supposed
128 to make a single C<setreuid()> call, rather than calling C<setruid()> and
129 C<seteuid()> separately. Consequently it did not work properly. This has
130 been fixed [perl #75212].
134 Fixed a regression of kill() when a match variable is used for the
135 process ID to kill [perl #75812].
139 C<UNIVERSAL::VERSION> no longer leaks memory. It started leaking in Perl
144 The C-level C<my_strftime> functions no longer leaks memory. This fixes a
145 memory leak in C<POSIX::strftime> [perl #73520].
149 C<caller> no longer leaks memory when called from the DB package if
150 C<@DB::args> was assigned to after the first call to C<caller>. L<Carp>
151 was triggering this bug [perl #97010].
155 Passing to C<index> an offset beyond the end of the string when the string
156 is encoded internally in UTF8 no longer causes panics [perl #75898].
160 Syntax errors in C<< (?{...}) >> blocks in regular expressions no longer
161 cause panic messages [perl #2353].
165 Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of
166 a pack template equivalent to "U0" if the input string was empty. This has
167 been fixed [perl #90160].
173 =head2 split() and C<@_>
175 split() no longer modifies C<@_> when called in scalar or void context.
176 In void context it now produces a "Useless use of split" warning.
177 This is actually a change introduced in perl 5.12.0, but it was missed from
178 that release's L<perl5120delta>.
180 =head1 Acknowledgements
182 Perl 5.12.5 represents approximately 17 months of development since Perl 5.12.4
183 and contains approximately 1,900 lines of changes across 64 files from 18
186 Perl continues to flourish into its third decade thanks to a vibrant community
187 of users and developers. The following people are known to have contributed the
188 improvements that became Perl 5.12.5:
190 Andy Dougherty, Chris 'BinGOs' Williams, Craig A. Berry, David Mitchell,
191 Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, George Greer, Goro
192 Fuji, Jesse Vincent, Karl Williamson, Leon Brocard, Nicholas Clark, Rafael
193 Garcia-Suarez, Reini Urban, Ricardo Signes, Steve Hay, Tony Cook.
195 The list above is almost certainly incomplete as it is automatically generated
196 from version control history. In particular, it does not include the names of
197 the (very much appreciated) contributors who reported issues to the Perl bug
200 Many of the changes included in this version originated in the CPAN modules
201 included in Perl's core. We're grateful to the entire CPAN community for
202 helping Perl to flourish.
204 For a more complete list of all of Perl's historical contributors, please see
205 the F<AUTHORS> file in the Perl source distribution.
207 =head1 Reporting Bugs
209 If you find what you think is a bug, you might check the articles
210 recently posted to the comp.lang.perl.misc newsgroup and the perl
211 bug database at http://rt.perl.org/perlbug/ . There may also be
212 information at http://www.perl.org/ , the Perl Home Page.
214 If you believe you have an unreported bug, please run the B<perlbug>
215 program included with your release. Be sure to trim your bug down
216 to a tiny but sufficient test case. Your bug report, along with the
217 output of C<perl -V>, will be sent off to perlbug@perl.org to be
218 analysed by the Perl porting team.
220 If the bug you are reporting has security implications, which make it
221 inappropriate to send to a publicly archived mailing list, then please send
222 it to perl5-security-report@perl.org. This points to a closed subscription
223 unarchived mailing list, which includes all the core committers, who be able
224 to help assess the impact of issues, figure out a resolution, and help
225 co-ordinate the release of patches to mitigate or fix the problem across all
226 platforms on which Perl is supported. Please only use this address for
227 security issues in the Perl core, not for modules independently
232 The F<Changes> file for an explanation of how to view exhaustive details
235 The F<INSTALL> file for how to build Perl.
237 The F<README> file for general stuff.
239 The F<Artistic> and F<Copying> files for copyright information.