diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2018-04-14 12:59:41 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2018-04-14 12:59:41 +0100 |
commit | fb51aa58533593dbb99ea302ea22cfff2a0d8b9d (patch) | |
tree | b6f9eddc83cfbd5abd891392f6e5203249984778 /pod/perl5262delta.pod | |
parent | 994c9c8455e5fac563278a15af675ac9b52e92d8 (diff) | |
download | perl-fb51aa58533593dbb99ea302ea22cfff2a0d8b9d.tar.gz |
Import perl5244delta.pod and perl5262delta.pod
Diffstat (limited to 'pod/perl5262delta.pod')
-rw-r--r-- | pod/perl5262delta.pod | 245 |
1 files changed, 245 insertions, 0 deletions
diff --git a/pod/perl5262delta.pod b/pod/perl5262delta.pod new file mode 100644 index 0000000000..5e528ea89f --- /dev/null +++ b/pod/perl5262delta.pod @@ -0,0 +1,245 @@ +=encoding utf8 + +=head1 NAME + +perl5262delta - what is new for perl v5.26.2 + +=head1 DESCRIPTION + +This document describes differences between the 5.26.1 release and the 5.26.2 +release. + +If you are upgrading from an earlier release such as 5.26.0, first read +L<perl5261delta>, which describes differences between 5.26.0 and 5.26.1. + +=head1 Security + +=head2 [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c) + +A crafted regular expression could cause a heap buffer write overflow, with +control over the bytes written. +L<[perl #132227]|https://rt.perl.org/Public/Bug/Display.html?id=132227> + +=head2 [CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) + +Matching a crafted locale dependent regular expression could cause a heap +buffer read overflow and potentially information disclosure. +L<[perl #132063]|https://rt.perl.org/Public/Bug/Display.html?id=132063> + +=head2 [CVE-2018-6913] heap-buffer-overflow in S_pack_rec + +C<pack()> could cause a heap buffer write overflow with a large item count. +L<[perl #131844]|https://rt.perl.org/Public/Bug/Display.html?id=131844> + +=head2 Assertion failure in Perl__core_swash_init (utf8.c) + +Control characters in a supposed Unicode property name could cause perl to +crash. This has been fixed. +L<[perl #132055]|https://rt.perl.org/Public/Bug/Display.html?id=132055> +L<[perl #132553]|https://rt.perl.org/Public/Bug/Display.html?id=132553> +L<[perl #132658]|https://rt.perl.org/Public/Bug/Display.html?id=132658> + +=head1 Incompatible Changes + +There are no changes intentionally incompatible with 5.26.1. If any exist, +they are bugs, and we request that you submit a report. See L</Reporting +Bugs> below. + +=head1 Modules and Pragmata + +=head2 Updated Modules and Pragmata + +=over 4 + +=item * + +L<Module::CoreList> has been upgraded from version 5.20170922_26 to 5.20180414_26. + +=item * + +L<PerlIO::via> has been upgraded from version 0.16 to 0.17. + +=item * + +L<Term::ReadLine> has been upgraded from version 1.16 to 1.17. + +=item * + +L<Unicode::UCD> has been upgraded from version 0.68 to 0.69. + +=back + +=head1 Documentation + +=head2 Changes to Existing Documentation + +=head3 L<perluniprops> + +=over 4 + +=item * + +This has been updated to note that C<\p{Word}> now includes code points +matching the C<\p{Join_Control}> property. The change to the property was made +in Perl 5.18, but not documented until now. There are currently only two code +points that match this property: U+200C (ZERO WIDTH NON-JOINER) and U+200D +(ZERO WIDTH JOINER). + +=back + +=head1 Platform Support + +=head2 Platform-Specific Notes + +=over 4 + +=item Windows + +Visual C++ compiler version detection has been improved to work on non-English +language systems. +L<[perl #132421]|https://rt.perl.org/Public/Bug/Display.html?id=132421> + +We now set C<$Config{libpth}> correctly for 64-bit builds using Visual C++ +versions earlier than 14.1. +L<[perl #132484]|https://rt.perl.org/Public/Bug/Display.html?id=132484> + +=back + +=head1 Selected Bug Fixes + +=over 4 + +=item * + +The C<readpipe()> built-in function now checks at compile time that it has only +one parameter expression, and puts it in scalar context, thus ensuring that it +doesn't corrupt the stack at runtime. +L<[perl #4574]|https://rt.perl.org/Public/Bug/Display.html?id=4574> + +=item * + +Fixed a use after free bug in C<pp_list> introduced in Perl 5.27.1. +L<[perl #131954]|https://rt.perl.org/Public/Bug/Display.html?id=131954> + +=item * + +Parsing a C<sub> definition could cause a use after free if the C<sub> keyword +was followed by whitespace including newlines (and comments). +L<[perl #131836]|https://rt.perl.org/Public/Bug/Display.html?id=131836> + +=item * + +The tokenizer now correctly adjusts a parse pointer when skipping whitespace in +an C< ${identifier} > construct. +L<[perl #131949]|https://rt.perl.org/Public/Bug/Display.html?id=131949> + +=item * + +Accesses to C<${^LAST_FH}> no longer assert after using any of a variety of I/O +operations on a non-glob. +L<[perl #128263]|https://rt.perl.org/Public/Bug/Display.html?id=128263> + +=item * + +C<sort> now performs correct reference counting when aliasing C<$a> and C<$b>, +thus avoiding premature destruction and leakage of scalars if they are +re-aliased during execution of the sort comparator. +L<[perl #92264]|https://rt.perl.org/Public/Bug/Display.html?id=92264> + +=item * + +Some convoluted kinds of regexp no longer cause an arithmetic overflow when +compiled. +L<[perl #131893]|https://rt.perl.org/Public/Bug/Display.html?id=131893> + +=item * + +Fixed a duplicate symbol failure with B<-flto -mieee-fp> builds. F<pp.c> +defined C<_LIB_VERSION> which B<-lieee> already defines. +L<[perl #131786]|https://rt.perl.org/Public/Bug/Display.html?id=131786> + +=item * + +A NULL pointer dereference in the C<S_regmatch()> function has been fixed. +L<[perl #132017]|https://rt.perl.org/Public/Bug/Display.html?id=132017> + +=item * + +Failures while compiling code within other constructs, such as with string +interpolation and the right part of C<s///e> now cause compilation to abort +earlier. + +Previously compilation could continue in order to report other errors, but the +failed sub-parse could leave partly parsed constructs on the parser +shift-reduce stack, confusing the parser, leading to perl crashes. +L<[perl #125351]|https://rt.perl.org/Public/Bug/Display.html?id=125351> + +=back + +=head1 Acknowledgements + +Perl 5.26.2 represents approximately 7 months of development since Perl 5.26.1 +and contains approximately 3,300 lines of changes across 82 files from 17 +authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 1,800 lines of changes to 36 .pm, .t, .c and .h files. + +Perl continues to flourish into its third decade thanks to a vibrant community +of users and developers. The following people are known to have contributed +the improvements that became Perl 5.26.2: + +Aaron Crane, Abigail, Chris 'BinGOs' Williams, H.Merijn Brand, James E Keenan, +Jarkko Hietaniemi, John SJ Anderson, Karen Etheridge, Karl Williamson, Lukas +Mai, Renee Baecker, Sawyer X, Steve Hay, Todd Rinaldo, Tony Cook, Yves Orton, +Zefram. + +The list above is almost certainly incomplete as it is automatically generated +from version control history. In particular, it does not include the names of +the (very much appreciated) contributors who reported issues to the Perl bug +tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please see +the F<AUTHORS> file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the perl bug database +at L<https://rt.perl.org/> . There may also be information at +L<http://www.perl.org/> , the Perl Home Page. + +If you believe you have an unreported bug, please run the L<perlbug> program +included with your release. Be sure to trim your bug down to a tiny but +sufficient test case. Your bug report, along with the output of C<perl -V>, +will be sent off to perlbug@perl.org to be analysed by the Perl porting team. + +If the bug you are reporting has security implications which make it +inappropriate to send to a publicly archived mailing list, then see +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> +for details of how to report the issue. + +=head1 Give Thanks + +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the C<perlthanks> program: + + perlthanks + +This will send an email to the Perl 5 Porters list with your show of thanks. + +=head1 SEE ALSO + +The F<Changes> file for an explanation of how to view exhaustive details on +what changed. + +The F<INSTALL> file for how to build Perl. + +The F<README> file for general stuff. + +The F<Artistic> and F<Copying> files for copyright information. + +=cut |