diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2018-03-23 21:35:05 +0000 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2018-03-23 21:35:05 +0000 |
commit | 609c4f70271600b728c8d0e2b7cc7b6528a85942 (patch) | |
tree | 6179501e7f06c5472da75edfa234fb0de398b271 /pod | |
parent | afb642cf5a5d0b53d7bceb50b3a7f58cc9311d72 (diff) | |
download | perl-609c4f70271600b728c8d0e2b7cc7b6528a85942.tar.gz |
Add perldelta for 5.24.3
(manually cherry picked from commit c592f515473287ef2f6de4cec0ef64415c5c4960)
Diffstat (limited to 'pod')
-rw-r--r-- | pod/perl.pod | 1 | ||||
-rw-r--r-- | pod/perl5243delta.pod | 335 |
2 files changed, 336 insertions, 0 deletions
diff --git a/pod/perl.pod b/pod/perl.pod index 8957d1d69f..4e4661e312 100644 --- a/pod/perl.pod +++ b/pod/perl.pod @@ -183,6 +183,7 @@ aux h2ph h2xs perlbug pl2pm pod2html pod2man splain xsubpp perldelta Perl changes since previous version perl5261delta Perl changes in version 5.26.1 perl5260delta Perl changes in version 5.26.0 + perl5243delta Perl changes in version 5.24.3 perl5242delta Perl changes in version 5.24.2 perl5241delta Perl changes in version 5.24.1 perl5240delta Perl changes in version 5.24.0 diff --git a/pod/perl5243delta.pod b/pod/perl5243delta.pod new file mode 100644 index 0000000000..7aabed92b9 --- /dev/null +++ b/pod/perl5243delta.pod @@ -0,0 +1,335 @@ +=encoding utf8 + +=head1 NAME + +perl5243delta - what is new for perl v5.24.3 + +=head1 DESCRIPTION + +This document describes differences between the 5.24.2 release and the 5.24.3 +release. + +If you are upgrading from an earlier release such as 5.24.1, first read +L<perl5242delta>, which describes differences between 5.24.1 and 5.24.2. + +=head1 Security + +=head2 [CVE-2017-12837] Heap buffer overflow in regular expression compiler + +Compiling certain regular expression patterns with the case-insensitive +modifier could cause a heap buffer overflow and crash perl. This has now been +fixed. +L<[perl #131582]|https://rt.perl.org/Public/Bug/Display.html?id=131582> + +=head2 [CVE-2017-12883] Buffer over-read in regular expression parser + +For certain types of syntax error in a regular expression pattern, the error +message could either contain the contents of a random, possibly large, chunk of +memory, or could crash perl. This has now been fixed. +L<[perl #131598]|https://rt.perl.org/Public/Bug/Display.html?id=131598> + +=head2 [CVE-2017-12814] C<$ENV{$key}> stack buffer overflow on Windows + +A possible stack buffer overflow in the C<%ENV> code on Windows has been fixed +by removing the buffer completely since it was superfluous anyway. +L<[perl #131665]|https://rt.perl.org/Public/Bug/Display.html?id=131665> + +=head1 Incompatible Changes + +There are no changes intentionally incompatible with 5.24.2. If any exist, +they are bugs, and we request that you submit a report. See L</Reporting +Bugs> below. + +=head1 Modules and Pragmata + +=head2 Updated Modules and Pragmata + +=over 4 + +=item * + +L<Module::CoreList> has been upgraded from version 5.20170715_24 to +5.20170922_24. + +=item * + +L<POSIX> has been upgraded from version 1.65 to 1.65_01. + +=item * + +L<Time::HiRes> has been upgraded from version 1.9733 to 1.9741. + +L<[perl #128427]|https://rt.perl.org/Public/Bug/Display.html?id=128427> +L<[perl #128445]|https://rt.perl.org/Public/Bug/Display.html?id=128445> +L<[perl #128972]|https://rt.perl.org/Public/Bug/Display.html?id=128972> +L<[cpan #120032]|https://rt.cpan.org/Public/Bug/Display.html?id=120032> + +=back + +=head1 Configuration and Compilation + +=over 4 + +=item * + +When building with GCC 6 and link-time optimization (the B<-flto> option to +B<gcc>), F<Configure> was treating all probed symbols as present on the system, +regardless of whether they actually exist. This has been fixed. +L<[perl #128131]|https://rt.perl.org/Public/Bug/Display.html?id=128131> + +=item * + +F<Configure> now aborts if both C<-Duselongdouble> and C<-Dusequadmath> are +requested. +L<[perl #126203]|https://rt.perl.org/Public/Bug/Display.html?id=126203> + +=item * + +Fixed a bug in which F<Configure> could append C<-quadmath> to the archname +even if it was already present. +L<[perl #128538]|https://rt.perl.org/Public/Bug/Display.html?id=128538> + +=item * + +Clang builds with C<-DPERL_GLOBAL_STRUCT> or C<-DPERL_GLOBAL_STRUCT_PRIVATE> +have been fixed (by disabling Thread Safety Analysis for these configurations). + +=back + +=head1 Platform Support + +=head2 Platform-Specific Notes + +=over 4 + +=item VMS + +=over 4 + +=item * + +C<configure.com> now recognizes the VSI-branded C compiler. + +=back + +=item Windows + +=over 4 + +=item * + +Building XS modules with GCC 6 in a 64-bit build of Perl failed due to +incorrect mapping of C<strtoll> and C<strtoull>. This has now been fixed. +L<[perl #131726]|https://rt.perl.org/Public/Bug/Display.html?id=131726> +L<[cpan #121683]|https://rt.cpan.org/Public/Bug/Display.html?id=121683> +L<[cpan #122353]|https://rt.cpan.org/Public/Bug/Display.html?id=122353> + +=back + +=back + +=head1 Selected Bug Fixes + +=over 4 + +=item * + +C<< /@0{0*-E<gt>@*/*0 >> and similar contortions used to crash, but no longer +do, but merely produce a syntax error. +L<[perl #128171]|https://rt.perl.org/Public/Bug/Display.html?id=128171> + +=item * + +C<do> or C<require> with an argument which is a reference or typeglob which, +when stringified, contains a null character, started crashing in Perl 5.20, but +has now been fixed. +L<[perl #128182]|https://rt.perl.org/Public/Bug/Display.html?id=128182> + +=item * + +Expressions containing an C<&&> or C<||> operator (or their synonyms C<and> and +C<or>) were being compiled incorrectly in some cases. If the left-hand side +consisted of either a negated bareword constant or a negated C<do {}> block +containing a constant expression, and the right-hand side consisted of a +negated non-foldable expression, one of the negations was effectively ignored. +The same was true of C<if> and C<unless> statement modifiers, though with the +left-hand and right-hand sides swapped. This long-standing bug has now been +fixed. +L<[perl #127952]|https://rt.perl.org/Public/Bug/Display.html?id=127952> + +=item * + +C<reset> with an argument no longer crashes when encountering stash entries +other than globs. +L<[perl #128106]|https://rt.perl.org/Public/Bug/Display.html?id=128106> + +=item * + +Assignment of hashes to, and deletion of, typeglobs named C<*::::::> no longer +causes crashes. +L<[perl #128086]|https://rt.perl.org/Public/Bug/Display.html?id=128086> + +=item * + +Assignment variants of any bitwise ops under the C<bitwise> feature would crash +if the left-hand side was an array or hash. +L<[perl #128204]|https://rt.perl.org/Public/Bug/Display.html?id=128204> + +=item * + +C<socket> now leaves the error code returned by the system in C<$!> on failure. +L<[perl #128316]|https://rt.perl.org/Public/Bug/Display.html?id=128316> + +=item * + +Parsing bad POSIX charclasses no longer leaks memory. +L<[perl #128313]|https://rt.perl.org/Public/Bug/Display.html?id=128313> + +=item * + +Since Perl 5.20, line numbers have been off by one when perl is invoked with +the B<-x> switch. This has been fixed. +L<[perl #128508]|https://rt.perl.org/Public/Bug/Display.html?id=128508> + +=item * + +Some obscure cases of subroutines and file handles being freed at the same time +could result in crashes, but have been fixed. The crash was introduced in Perl +5.22. +L<[perl #128597]|https://rt.perl.org/Public/Bug/Display.html?id=128597> + +=item * + +Some regular expression parsing glitches could lead to assertion failures with +regular expressions such as C</(?E<lt>=/> and C</(?E<lt>!/>. This has now been +fixed. +L<[perl #128170]|https://rt.perl.org/Public/Bug/Display.html?id=128170> + +=item * + +C<gethostent> and similar functions now perform a null check internally, to +avoid crashing with the torsocks library. This was a regression from Perl +5.22. +L<[perl #128740]|https://rt.perl.org/Public/Bug/Display.html?id=128740> + +=item * + +Mentioning the same constant twice in a row (which is a syntax error) no longer +fails an assertion under debugging builds. This was a regression from Perl +5.20. +L<[perl #126482]|https://rt.perl.org/Public/Bug/Display.html?id=126482> + +=item * + +In Perl 5.24 C<fchown> was changed not to accept negative one as an argument +because in some platforms that is an error. However, in some other platforms +that is an acceptable argument. This change has been reverted. +L<[perl #128967]|https://rt.perl.org/Public/Bug/Display.html?id=128967>. + +=item * + +C<@{x> followed by a newline where C<"x"> represents a control or non-ASCII +character no longer produces a garbled syntax error message or a crash. +L<[perl #128951]|https://rt.perl.org/Public/Bug/Display.html?id=128951> + +=item * + +A regression in Perl 5.24 with C<tr/\N{U+...}/foo/> when the code point was +between 128 and 255 has been fixed. +L<[perl #128734]|https://rt.perl.org/Public/Bug/Display.html?id=128734>. + +=item * + +Many issues relating to C<printf "%a"> of hexadecimal floating point were +fixed. In addition, the "subnormals" (formerly known as "denormals") floating +point numbers are now supported both with the plain IEEE 754 floating point +numbers (64-bit or 128-bit) and the x86 80-bit "extended precision". Note that +subnormal hexadecimal floating point literals will give a warning about +"exponent underflow". +L<[perl #128843]|https://rt.perl.org/Public/Bug/Display.html?id=128843> +L<[perl #128888]|https://rt.perl.org/Public/Bug/Display.html?id=128888> +L<[perl #128889]|https://rt.perl.org/Public/Bug/Display.html?id=128889> +L<[perl #128890]|https://rt.perl.org/Public/Bug/Display.html?id=128890> +L<[perl #128893]|https://rt.perl.org/Public/Bug/Display.html?id=128893> +L<[perl #128909]|https://rt.perl.org/Public/Bug/Display.html?id=128909> +L<[perl #128919]|https://rt.perl.org/Public/Bug/Display.html?id=128919> + +=item * + +The parser could sometimes crash if a bareword came after C<evalbytes>. +L<[perl #129196]|https://rt.perl.org/Public/Bug/Display.html?id=129196> + +=item * + +Fixed a place where the regex parser was not setting the syntax error correctly +on a syntactically incorrect pattern. +L<[perl #129122]|https://rt.perl.org/Public/Bug/Display.html?id=129122> + +=item * + +A vulnerability in Perl's C<sprintf> implementation has been fixed by avoiding +a possible memory wrap. +L<[perl #131260]|https://rt.perl.org/Public/Bug/Display.html?id=131260> + +=back + +=head1 Acknowledgements + +Perl 5.24.3 represents approximately 2 months of development since Perl 5.24.2 +and contains approximately 3,200 lines of changes across 120 files from 23 +authors. + +Excluding auto-generated files, documentation and release tools, there were +approximately 1,600 lines of changes to 56 .pm, .t, .c and .h files. + +Perl continues to flourish into its third decade thanks to a vibrant community +of users and developers. The following people are known to have contributed +the improvements that became Perl 5.24.3: + +Aaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsåker, Dan Collins, Daniel +Dragan, Dave Cross, David Mitchell, Eric Herman, Father Chrysostomos, H.Merijn +Brand, Hugo van der Sanden, James E Keenan, Jarkko Hietaniemi, John SJ +Anderson, Karl Williamson, Ken Brown, Lukas Mai, Matthew Horsfall, Stevan +Little, Steve Hay, Steven Humphrey, Tony Cook, Yves Orton. + +The list above is almost certainly incomplete as it is automatically generated +from version control history. In particular, it does not include the names of +the (very much appreciated) contributors who reported issues to the Perl bug +tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please see +the F<AUTHORS> file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the articles recently +posted to the comp.lang.perl.misc newsgroup and the perl bug database at +L<https://rt.perl.org/> . There may also be information at +L<http://www.perl.org/> , the Perl Home Page. + +If you believe you have an unreported bug, please run the L<perlbug> program +included with your release. Be sure to trim your bug down to a tiny but +sufficient test case. Your bug report, along with the output of C<perl -V>, +will be sent off to perlbug@perl.org to be analysed by the Perl porting team. + +If the bug you are reporting has security implications which make it +inappropriate to send to a publicly archived mailing list, then see +L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to +report the issue. + +=head1 SEE ALSO + +The F<Changes> file for an explanation of how to view exhaustive details on +what changed. + +The F<INSTALL> file for how to build Perl. + +The F<README> file for general stuff. + +The F<Artistic> and F<Copying> files for copyright information. + +=cut |