243 lines
6.7 KiB
Plaintext
243 lines
6.7 KiB
Plaintext
=encoding utf8
|
|
|
|
=head1 NAME
|
|
|
|
perl5142delta - what is new for perl v5.14.2
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This document describes differences between the 5.14.1 release and
|
|
the 5.14.2 release.
|
|
|
|
If you are upgrading from an earlier release such as 5.14.0, first read
|
|
L<perl5141delta>, which describes differences between 5.14.0 and
|
|
5.14.1.
|
|
|
|
=head1 Core Enhancements
|
|
|
|
No changes since 5.14.0.
|
|
|
|
=head1 Security
|
|
|
|
=head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728).
|
|
|
|
Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would
|
|
cause an access violation / segfault. A Perl program that accepts a flags value from
|
|
an external source could expose itself to denial of service or arbitrary code
|
|
execution attacks. There are no known exploits in the wild. The problem has been
|
|
corrected by explicitly disabling all unsupported flags and setting unused function
|
|
pointers to null. Bug reported by Clément Lecigne.
|
|
|
|
=head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939)
|
|
|
|
A bug in C<Encode> could, on certain inputs, cause the heap to overflow.
|
|
This problem has been corrected. Bug reported by Robert Zacek.
|
|
|
|
=head1 Incompatible Changes
|
|
|
|
There are no changes intentionally incompatible with 5.14.0. If any
|
|
exist, they are bugs and reports are welcome.
|
|
|
|
=head1 Deprecations
|
|
|
|
There have been no deprecations since 5.14.0.
|
|
|
|
=head1 Modules and Pragmata
|
|
|
|
=head2 New Modules and Pragmata
|
|
|
|
None
|
|
|
|
=head2 Updated Modules and Pragmata
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
L<CPAN> has been upgraded from version 1.9600 to version 1.9600_01.
|
|
|
|
L<CPAN::Distribution> has been upgraded from version 1.9602 to 1.9602_01.
|
|
|
|
Backported bugfixes from CPAN version 1.9800. Ensures proper
|
|
detection of C<configure_requires> prerequisites from CPAN Meta files
|
|
in the case where C<dynamic_config> is true. [rt.cpan.org #68835]
|
|
|
|
Also ensures that C<configure_requires> is only checked in META files,
|
|
not MYMETA files, so protect against MYMETA generation that drops
|
|
C<configure_requires>.
|
|
|
|
=item *
|
|
|
|
L<Encode> has been upgraded from version 2.42 to 2.42_01.
|
|
|
|
See L</Security>.
|
|
|
|
=item *
|
|
|
|
L<File::Glob> has been upgraded from version 1.12 to version 1.13.
|
|
|
|
See L</Security>.
|
|
|
|
=item *
|
|
|
|
L<PerlIO::scalar> has been upgraded from version 0.11 to 0.11_01.
|
|
|
|
It fixes a problem with C<< open my $fh, ">", \$scalar >> not working if
|
|
C<$scalar> is a copy-on-write scalar.
|
|
|
|
=back
|
|
|
|
=head2 Removed Modules and Pragmata
|
|
|
|
None
|
|
|
|
=head1 Platform Support
|
|
|
|
=head2 New Platforms
|
|
|
|
None
|
|
|
|
=head2 Discontinued Platforms
|
|
|
|
None
|
|
|
|
=head2 Platform-Specific Notes
|
|
|
|
=over 4
|
|
|
|
=item HP-UX PA-RISC/64 now supports gcc-4.x
|
|
|
|
A fix to correct the socketsize now makes the test suite pass on HP-UX
|
|
PA-RISC for 64bitall builds.
|
|
|
|
=item Building on OS X 10.7 Lion and Xcode 4 works again
|
|
|
|
The build system has been updated to work with the build tools under Mac OS X
|
|
10.7.
|
|
|
|
=back
|
|
|
|
=head1 Bug Fixes
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
In @INC filters (subroutines returned by subroutines in @INC), $_ used to
|
|
misbehave: If returned from a subroutine, it would not be copied, but the
|
|
variable itself would be returned; and freeing $_ (e.g., with C<undef *_>)
|
|
would cause perl to crash. This has been fixed [perl #91880].
|
|
|
|
=item *
|
|
|
|
Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of
|
|
a pack template equivalent to "U0" if the input string was empty. This has
|
|
been fixed [perl #90160].
|
|
|
|
=item *
|
|
|
|
C<caller> no longer leaks memory when called from the DB package if
|
|
C<@DB::args> was assigned to after the first call to C<caller>. L<Carp>
|
|
was triggering this bug [perl #97010].
|
|
|
|
=item *
|
|
|
|
C<utf8::decode> had a nasty bug that would modify copy-on-write scalars'
|
|
string buffers in place (i.e., skipping the copy). This could result in
|
|
hashes having two elements with the same key [perl #91834].
|
|
|
|
=item *
|
|
|
|
Localising a tied variable used to make it read-only if it contained a
|
|
copy-on-write string.
|
|
|
|
=item *
|
|
|
|
Elements of restricted hashes (see the L<fields> pragma) containing
|
|
copy-on-write values couldn't be deleted, nor could such hashes be cleared
|
|
(C<%hash = ()>).
|
|
|
|
=item *
|
|
|
|
Locking a hash element that is a glob copy no longer causes subsequent
|
|
assignment to it to corrupt the glob.
|
|
|
|
=item *
|
|
|
|
A panic involving the combination of the regular expression modifiers
|
|
C</aa> introduced in 5.14.0 and the C<\b> escape sequence has been
|
|
fixed [perl #95964].
|
|
|
|
=back
|
|
|
|
=head1 Known Problems
|
|
|
|
This is a list of some significant unfixed bugs, which are regressions
|
|
from 5.12.0.
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
|
|
C<PERL_GLOBAL_STRUCT> is broken.
|
|
|
|
Since perl 5.14.0, building with C<-DPERL_GLOBAL_STRUCT> hasn't been
|
|
possible. This means that perl currently doesn't work on any platforms that
|
|
require it to be built this way, including Symbian.
|
|
|
|
While C<PERL_GLOBAL_STRUCT> now works again on recent development versions of
|
|
perl, it actually working on Symbian again hasn't been verified.
|
|
|
|
We'd be very interested in hearing from anyone working with Perl on Symbian.
|
|
|
|
=back
|
|
|
|
=head1 Acknowledgements
|
|
|
|
Perl 5.14.2 represents approximately three months of development since
|
|
Perl 5.14.1 and contains approximately 1200 lines of changes
|
|
across 61 files from 9 authors.
|
|
|
|
Perl continues to flourish into its third decade thanks to a vibrant
|
|
community of users and developers. The following people are known to
|
|
have contributed the improvements that became Perl 5.14.2:
|
|
|
|
Craig A. Berry, David Golden, Father Chrysostomos, Florian Ragwitz, H.Merijn
|
|
Brand, Karl Williamson, Nicholas Clark, Pau Amma and Ricardo Signes.
|
|
|
|
=head1 Reporting Bugs
|
|
|
|
If you find what you think is a bug, you might check the articles
|
|
recently posted to the comp.lang.perl.misc newsgroup and the perl
|
|
bug database at http://rt.perl.org/perlbug/ . There may also be
|
|
information at http://www.perl.org/ , the Perl Home Page.
|
|
|
|
If you believe you have an unreported bug, please run the L<perlbug>
|
|
program included with your release. Be sure to trim your bug down
|
|
to a tiny but sufficient test case. Your bug report, along with the
|
|
output of C<perl -V>, will be sent off to perlbug@perl.org to be
|
|
analysed by the Perl porting team.
|
|
|
|
If the bug you are reporting has security implications, which make it
|
|
inappropriate to send to a publicly archived mailing list, then please send
|
|
it to perl5-security-report@perl.org. This points to a closed subscription
|
|
unarchived mailing list, which includes all the core committers, who be able
|
|
to help assess the impact of issues, figure out a resolution, and help
|
|
co-ordinate the release of patches to mitigate or fix the problem across all
|
|
platforms on which Perl is supported. Please only use this address for
|
|
security issues in the Perl core, not for modules independently
|
|
distributed on CPAN.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
The F<Changes> file for an explanation of how to view exhaustive details
|
|
on what changed.
|
|
|
|
The F<INSTALL> file for how to build Perl.
|
|
|
|
The F<README> file for general stuff.
|
|
|
|
The F<Artistic> and F<Copying> files for copyright information.
|
|
|
|
=cut
|