Initial Commit
This commit is contained in:
Riley Schneider
240
database/perl/lib/pods/perl5144delta.pod
Normal file
240
database/perl/lib/pods/perl5144delta.pod
Normal file
@@ -0,0 +1,240 @@
|
||||
=encoding utf8
|
||||
|
||||
=head1 NAME
|
||||
|
||||
perl5144delta - what is new for perl v5.14.4
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This document describes differences between the 5.14.3 release and
|
||||
the 5.14.4 release.
|
||||
|
||||
If you are upgrading from an earlier release such as 5.12.0, first read
|
||||
L<perl5140delta>, which describes differences between 5.12.0 and
|
||||
5.14.0.
|
||||
|
||||
=head1 Core Enhancements
|
||||
|
||||
No changes since 5.14.0.
|
||||
|
||||
=head1 Security
|
||||
|
||||
This release contains one major, and medium, and a number of minor
|
||||
security fixes. The latter are included mainly to allow the test suite to
|
||||
pass cleanly with the clang compiler's address sanitizer facility.
|
||||
|
||||
=head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys
|
||||
|
||||
With a carefully crafted set of hash keys (for example arguments on a
|
||||
URL), it is possible to cause a hash to consume a large amount of memory
|
||||
and CPU, and thus possibly to achieve a Denial-of-Service.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head2 memory leak in Encode
|
||||
|
||||
The UTF-8 encoding implementation in Encode.xs had a memory leak which has been
|
||||
fixed.
|
||||
|
||||
=head2 [perl #111594] Socket::unpack_sockaddr_un heap-buffer-overflow
|
||||
|
||||
A read buffer overflow could occur when copying C<sockaddr> buffers.
|
||||
Fairly harmless.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head2 [perl #111586] SDBM_File: fix off-by-one access to global ".dir"
|
||||
|
||||
An extra byte was being copied for some string literals. Fairly harmless.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head2 off-by-two error in List::Util
|
||||
|
||||
A string literal was being used that included two bytes beyond the
|
||||
end of the string. Fairly harmless.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head2 [perl #115994] fix segv in regcomp.c:S_join_exact()
|
||||
|
||||
Under debugging builds, while marking optimised-out regex nodes as type
|
||||
C<OPTIMIZED>, it could treat blocks of exact text as if they were nodes,
|
||||
and thus SEGV. Fairly harmless.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head2 [perl #115992] PL_eval_start use-after-free
|
||||
|
||||
The statement C<local $[;>, when preceded by an C<eval>, and when not part
|
||||
of an assignment, could crash. Fairly harmless.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head2 wrap-around with IO on long strings
|
||||
|
||||
Reading or writing strings greater than 2**31 bytes in size could segfault
|
||||
due to integer wraparound.
|
||||
|
||||
This problem has been fixed.
|
||||
|
||||
=head1 Incompatible Changes
|
||||
|
||||
There are no changes intentionally incompatible with 5.14.0. If any
|
||||
exist, they are bugs and reports are welcome.
|
||||
|
||||
=head1 Deprecations
|
||||
|
||||
There have been no deprecations since 5.14.0.
|
||||
|
||||
=head1 Modules and Pragmata
|
||||
|
||||
=head2 New Modules and Pragmata
|
||||
|
||||
None
|
||||
|
||||
=head2 Updated Modules and Pragmata
|
||||
|
||||
The following modules have just the minor code fixes as listed above in
|
||||
L</Security> (version numbers have not changed):
|
||||
|
||||
=over 4
|
||||
|
||||
=item Socket
|
||||
|
||||
=item SDBM_File
|
||||
|
||||
=item List::Util
|
||||
|
||||
=back
|
||||
|
||||
L<Encode> has been upgraded from version 2.42_01 to version 2.42_02.
|
||||
|
||||
L<Module::CoreList> has been updated to version 2.49_06 to add data for
|
||||
this release.
|
||||
|
||||
=head2 Removed Modules and Pragmata
|
||||
|
||||
None.
|
||||
|
||||
=head1 Documentation
|
||||
|
||||
=head2 New Documentation
|
||||
|
||||
None.
|
||||
|
||||
=head2 Changes to Existing Documentation
|
||||
|
||||
None.
|
||||
|
||||
=head1 Diagnostics
|
||||
|
||||
No new or changed diagnostics.
|
||||
|
||||
=head1 Utility Changes
|
||||
|
||||
None
|
||||
|
||||
=head1 Configuration and Compilation
|
||||
|
||||
No changes.
|
||||
|
||||
=head1 Platform Support
|
||||
|
||||
=head2 New Platforms
|
||||
|
||||
None.
|
||||
|
||||
=head2 Discontinued Platforms
|
||||
|
||||
None.
|
||||
|
||||
=head2 Platform-Specific Notes
|
||||
|
||||
=over 4
|
||||
|
||||
=item VMS
|
||||
|
||||
5.14.3 failed to compile on VMS due to incomplete application of a patch
|
||||
series that allowed C<userelocatableinc> and C<usesitecustomize> to be
|
||||
used simultaneously. Other platforms were not affected and the problem
|
||||
has now been corrected.
|
||||
|
||||
=back
|
||||
|
||||
=head1 Selected Bug Fixes
|
||||
|
||||
=over 4
|
||||
|
||||
=item *
|
||||
|
||||
In Perl 5.14.0, C<$tainted ~~ @array> stopped working properly. Sometimes
|
||||
it would erroneously fail (when C<$tainted> contained a string that occurs
|
||||
in the array I<after> the first element) or erroneously succeed (when
|
||||
C<undef> occurred after the first element) [perl #93590].
|
||||
|
||||
=back
|
||||
|
||||
=head1 Known Problems
|
||||
|
||||
None.
|
||||
|
||||
=head1 Acknowledgements
|
||||
|
||||
Perl 5.14.4 represents approximately 5 months of development since Perl 5.14.3
|
||||
and contains approximately 1,700 lines of changes across 49 files from 12
|
||||
authors.
|
||||
|
||||
Perl continues to flourish into its third decade thanks to a vibrant community
|
||||
of users and developers. The following people are known to have contributed the
|
||||
improvements that became Perl 5.14.4:
|
||||
|
||||
Andy Dougherty, Chris 'BinGOs' Williams, Christian Hansen, Craig A. Berry,
|
||||
Dave Rolsky, David Mitchell, Dominic Hargreaves, Father Chrysostomos,
|
||||
Florian Ragwitz, Reini Urban, Ricardo Signes, Yves Orton.
|
||||
|
||||
|
||||
The list above is almost certainly incomplete as it is automatically generated
|
||||
from version control history. In particular, it does not include the names of
|
||||
the (very much appreciated) contributors who reported issues to the Perl bug
|
||||
tracker.
|
||||
|
||||
For a more complete list of all of Perl's historical contributors, please see
|
||||
the F<AUTHORS> file in the Perl source distribution.
|
||||
|
||||
|
||||
=head1 Reporting Bugs
|
||||
|
||||
If you find what you think is a bug, you might check the articles
|
||||
recently posted to the comp.lang.perl.misc newsgroup and the perl
|
||||
bug database at http://rt.perl.org/perlbug/ . There may also be
|
||||
information at http://www.perl.org/ , the Perl Home Page.
|
||||
|
||||
If you believe you have an unreported bug, please run the L<perlbug>
|
||||
program included with your release. Be sure to trim your bug down
|
||||
to a tiny but sufficient test case. Your bug report, along with the
|
||||
output of C<perl -V>, will be sent off to perlbug@perl.org to be
|
||||
analysed by the Perl porting team.
|
||||
|
||||
If the bug you are reporting has security implications, which make it
|
||||
inappropriate to send to a publicly archived mailing list, then please send
|
||||
it to perl5-security-report@perl.org. This points to a closed subscription
|
||||
unarchived mailing list, which includes all the core committers, who be able
|
||||
to help assess the impact of issues, figure out a resolution, and help
|
||||
co-ordinate the release of patches to mitigate or fix the problem across all
|
||||
platforms on which Perl is supported. Please only use this address for
|
||||
security issues in the Perl core, not for modules independently
|
||||
distributed on CPAN.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
The F<Changes> file for an explanation of how to view exhaustive details
|
||||
on what changed.
|
||||
|
||||
The F<INSTALL> file for how to build Perl.
|
||||
|
||||
The F<README> file for general stuff.
|
||||
|
||||
The F<Artistic> and F<Copying> files for copyright information.
|
||||
|
||||
=cut
|
||||
Reference in New Issue
Block a user