5 perl5243delta - what is new for perl v5.24.3
9 This document describes differences between the 5.24.2 release and the 5.24.3
12 If you are upgrading from an earlier release such as 5.24.1, first read
13 L<perl5242delta>, which describes differences between 5.24.1 and 5.24.2.
17 =head2 [CVE-2017-12837] Heap buffer overflow in regular expression compiler
19 Compiling certain regular expression patterns with the case-insensitive
20 modifier could cause a heap buffer overflow and crash perl. This has now been
22 L<[GH #16021]|https://github.com/Perl/perl5/issues/16021>
24 =head2 [CVE-2017-12883] Buffer over-read in regular expression parser
26 For certain types of syntax error in a regular expression pattern, the error
27 message could either contain the contents of a random, possibly large, chunk of
28 memory, or could crash perl. This has now been fixed.
29 L<[GH #16025]|https://github.com/Perl/perl5/issues/16025>
31 =head2 [CVE-2017-12814] C<$ENV{$key}> stack buffer overflow on Windows
33 A possible stack buffer overflow in the C<%ENV> code on Windows has been fixed
34 by removing the buffer completely since it was superfluous anyway.
35 L<[GH #16051]|https://github.com/Perl/perl5/issues/16051>
37 =head1 Incompatible Changes
39 There are no changes intentionally incompatible with 5.24.2. If any exist,
40 they are bugs, and we request that you submit a report. See L</Reporting
43 =head1 Modules and Pragmata
45 =head2 Updated Modules and Pragmata
51 L<Module::CoreList> has been upgraded from version 5.20170715_24 to
56 L<POSIX> has been upgraded from version 1.65 to 1.65_01.
60 L<Time::HiRes> has been upgraded from version 1.9733 to 1.9741.
62 L<[GH #15396]|https://github.com/Perl/perl5/issues/15396>
63 L<[GH #15401]|https://github.com/Perl/perl5/issues/15401>
64 L<[GH #15524]|https://github.com/Perl/perl5/issues/15524>
65 L<[cpan #120032]|https://rt.cpan.org/Public/Bug/Display.html?id=120032>
69 =head1 Configuration and Compilation
75 When building with GCC 6 and link-time optimization (the B<-flto> option to
76 B<gcc>), F<Configure> was treating all probed symbols as present on the system,
77 regardless of whether they actually exist. This has been fixed.
78 L<[GH #15322]|https://github.com/Perl/perl5/issues/15322>
82 F<Configure> now aborts if both C<-Duselongdouble> and C<-Dusequadmath> are
84 L<[GH #14944]|https://github.com/Perl/perl5/issues/14944>
88 Fixed a bug in which F<Configure> could append C<-quadmath> to the archname
89 even if it was already present.
90 L<[GH #15423]|https://github.com/Perl/perl5/issues/15423>
94 Clang builds with C<-DPERL_GLOBAL_STRUCT> or C<-DPERL_GLOBAL_STRUCT_PRIVATE>
95 have been fixed (by disabling Thread Safety Analysis for these configurations).
99 =head1 Platform Support
101 =head2 Platform-Specific Notes
111 C<configure.com> now recognizes the VSI-branded C compiler.
121 Building XS modules with GCC 6 in a 64-bit build of Perl failed due to
122 incorrect mapping of C<strtoll> and C<strtoull>. This has now been fixed.
123 L<[GH #16074]|https://github.com/Perl/perl5/issues/16074>
124 L<[cpan #121683]|https://rt.cpan.org/Public/Bug/Display.html?id=121683>
125 L<[cpan #122353]|https://rt.cpan.org/Public/Bug/Display.html?id=122353>
131 =head1 Selected Bug Fixes
137 C<< /@0{0*-E<gt>@*/*0 >> and similar contortions used to crash, but no longer
138 do, but merely produce a syntax error.
139 L<[GH #15333]|https://github.com/Perl/perl5/issues/15333>
143 C<do> or C<require> with an argument which is a reference or typeglob which,
144 when stringified, contains a null character, started crashing in Perl 5.20, but
146 L<[GH #15337]|https://github.com/Perl/perl5/issues/15337>
150 Expressions containing an C<&&> or C<||> operator (or their synonyms C<and> and
151 C<or>) were being compiled incorrectly in some cases. If the left-hand side
152 consisted of either a negated bareword constant or a negated C<do {}> block
153 containing a constant expression, and the right-hand side consisted of a
154 negated non-foldable expression, one of the negations was effectively ignored.
155 The same was true of C<if> and C<unless> statement modifiers, though with the
156 left-hand and right-hand sides swapped. This long-standing bug has now been
158 L<[GH #15285]|https://github.com/Perl/perl5/issues/15285>
162 C<reset> with an argument no longer crashes when encountering stash entries
164 L<[GH #15314]|https://github.com/Perl/perl5/issues/15314>
168 Assignment of hashes to, and deletion of, typeglobs named C<*::::::> no longer
170 L<[GH #15307]|https://github.com/Perl/perl5/issues/15307>
174 Assignment variants of any bitwise ops under the C<bitwise> feature would crash
175 if the left-hand side was an array or hash.
176 L<[GH #15346]|https://github.com/Perl/perl5/issues/15346>
180 C<socket> now leaves the error code returned by the system in C<$!> on failure.
181 L<[GH #15383]|https://github.com/Perl/perl5/issues/15383>
185 Parsing bad POSIX charclasses no longer leaks memory.
186 L<[GH #15382]|https://github.com/Perl/perl5/issues/15382>
190 Since Perl 5.20, line numbers have been off by one when perl is invoked with
191 the B<-x> switch. This has been fixed.
192 L<[GH #15413]|https://github.com/Perl/perl5/issues/15413>
196 Some obscure cases of subroutines and file handles being freed at the same time
197 could result in crashes, but have been fixed. The crash was introduced in Perl
199 L<[GH #15435]|https://github.com/Perl/perl5/issues/15435>
203 Some regular expression parsing glitches could lead to assertion failures with
204 regular expressions such as C</(?E<lt>=/> and C</(?E<lt>!/>. This has now been
206 L<[GH #15332]|https://github.com/Perl/perl5/issues/15332>
210 C<gethostent> and similar functions now perform a null check internally, to
211 avoid crashing with the torsocks library. This was a regression from Perl
213 L<[GH #15478]|https://github.com/Perl/perl5/issues/15478>
217 Mentioning the same constant twice in a row (which is a syntax error) no longer
218 fails an assertion under debugging builds. This was a regression from Perl
220 L<[GH #15017]|https://github.com/Perl/perl5/issues/15017>
224 In Perl 5.24 C<fchown> was changed not to accept negative one as an argument
225 because in some platforms that is an error. However, in some other platforms
226 that is an acceptable argument. This change has been reverted.
227 L<[GH #15523]|https://github.com/Perl/perl5/issues/15523>.
231 C<@{x> followed by a newline where C<"x"> represents a control or non-ASCII
232 character no longer produces a garbled syntax error message or a crash.
233 L<[GH #15518]|https://github.com/Perl/perl5/issues/15518>
237 A regression in Perl 5.24 with C<tr/\N{U+...}/foo/> when the code point was
238 between 128 and 255 has been fixed.
239 L<[GH #15475]|https://github.com/Perl/perl5/issues/15475>.
243 Many issues relating to C<printf "%a"> of hexadecimal floating point were
244 fixed. In addition, the "subnormals" (formerly known as "denormals") floating
245 point numbers are now supported both with the plain IEEE 754 floating point
246 numbers (64-bit or 128-bit) and the x86 80-bit "extended precision". Note that
247 subnormal hexadecimal floating point literals will give a warning about
248 "exponent underflow".
249 L<[GH #15495]|https://github.com/Perl/perl5/issues/15495>
250 L<[GH #15502]|https://github.com/Perl/perl5/issues/15502>
251 L<[GH #15503]|https://github.com/Perl/perl5/issues/15503>
252 L<[GH #15504]|https://github.com/Perl/perl5/issues/15504>
253 L<[GH #15505]|https://github.com/Perl/perl5/issues/15505>
254 L<[GH #15510]|https://github.com/Perl/perl5/issues/15510>
255 L<[GH #15512]|https://github.com/Perl/perl5/issues/15512>
259 The parser could sometimes crash if a bareword came after C<evalbytes>.
260 L<[GH #15586]|https://github.com/Perl/perl5/issues/15586>
264 Fixed a place where the regex parser was not setting the syntax error correctly
265 on a syntactically incorrect pattern.
266 L<[GH #15565]|https://github.com/Perl/perl5/issues/15565>
270 A vulnerability in Perl's C<sprintf> implementation has been fixed by avoiding
271 a possible memory wrap.
272 L<[GH #15970]|https://github.com/Perl/perl5/issues/15970>
276 =head1 Acknowledgements
278 Perl 5.24.3 represents approximately 2 months of development since Perl 5.24.2
279 and contains approximately 3,200 lines of changes across 120 files from 23
282 Excluding auto-generated files, documentation and release tools, there were
283 approximately 1,600 lines of changes to 56 .pm, .t, .c and .h files.
285 Perl continues to flourish into its third decade thanks to a vibrant community
286 of users and developers. The following people are known to have contributed
287 the improvements that became Perl 5.24.3:
289 Aaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsåker, Dan Collins, Daniel
290 Dragan, Dave Cross, David Mitchell, Eric Herman, Father Chrysostomos, H.Merijn
291 Brand, Hugo van der Sanden, James E Keenan, Jarkko Hietaniemi, John SJ
292 Anderson, Karl Williamson, Ken Brown, Lukas Mai, Matthew Horsfall, Stevan
293 Little, Steve Hay, Steven Humphrey, Tony Cook, Yves Orton.
295 The list above is almost certainly incomplete as it is automatically generated
296 from version control history. In particular, it does not include the names of
297 the (very much appreciated) contributors who reported issues to the Perl bug
300 Many of the changes included in this version originated in the CPAN modules
301 included in Perl's core. We're grateful to the entire CPAN community for
302 helping Perl to flourish.
304 For a more complete list of all of Perl's historical contributors, please see
305 the F<AUTHORS> file in the Perl source distribution.
307 =head1 Reporting Bugs
309 If you find what you think is a bug, you might check the articles recently
310 posted to the comp.lang.perl.misc newsgroup and the perl bug database at
311 L<https://rt.perl.org/> . There may also be information at
312 L<http://www.perl.org/> , the Perl Home Page.
314 If you believe you have an unreported bug, please run the L<perlbug> program
315 included with your release. Be sure to trim your bug down to a tiny but
316 sufficient test case. Your bug report, along with the output of C<perl -V>,
317 will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
319 If the bug you are reporting has security implications which make it
320 inappropriate to send to a publicly archived mailing list, then see
321 L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to
326 The F<Changes> file for an explanation of how to view exhaustive details on
329 The F<INSTALL> file for how to build Perl.
331 The F<README> file for general stuff.
333 The F<Artistic> and F<Copying> files for copyright information.