PERL5243DELTA(1) Perl Programmers Reference Guide PERL5243DELTA(1)
NAME
perl5243delta - what is new for perl v5.24.3
DESCRIPTION
This document describes differences between the 5.24.2 release and the
5.24.3 release.
If you are upgrading from an earlier release such as 5.24.1, first read
perl5242delta, which describes differences between 5.24.1 and 5.24.2.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
<https://rt.perl.org/Public/Bug/Display.html?id=131582>
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway. [perl #131665]
<https://rt.perl.org/Public/Bug/Display.html?id=131665>
Incompatible Changes
There are no changes intentionally incompatible with 5.24.2. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20170715_24 to
5.20170922_24.
o POSIX has been upgraded from version 1.65 to 1.65_01.
o Time::HiRes has been upgraded from version 1.9733 to 1.9741.
[perl #128427]
<https://rt.perl.org/Public/Bug/Display.html?id=128427> [perl
#128445] <https://rt.perl.org/Public/Bug/Display.html?id=128445>
[perl #128972]
<https://rt.perl.org/Public/Bug/Display.html?id=128972> [cpan
#120032] <https://rt.cpan.org/Public/Bug/Display.html?id=120032>
Configuration and Compilation
o When building with GCC 6 and link-time optimization (the -flto
option to gcc), Configure was treating all probed symbols as
present on the system, regardless of whether they actually exist.
This has been fixed. [perl #128131]
<https://rt.perl.org/Public/Bug/Display.html?id=128131>
o Configure now aborts if both "-Duselongdouble" and "-Dusequadmath"
are requested. [perl #126203]
<https://rt.perl.org/Public/Bug/Display.html?id=126203>
o Fixed a bug in which Configure could append "-quadmath" to the
archname even if it was already present. [perl #128538]
<https://rt.perl.org/Public/Bug/Display.html?id=128538>
o Clang builds with "-DPERL_GLOBAL_STRUCT" or
"-DPERL_GLOBAL_STRUCT_PRIVATE" have been fixed (by disabling Thread
Safety Analysis for these configurations).
Platform Support
Platform-Specific Notes
VMS
o "configure.com" now recognizes the VSI-branded C compiler.
Windows
o Building XS modules with GCC 6 in a 64-bit build of Perl failed
due to incorrect mapping of "strtoll" and "strtoull". This has
now been fixed. [perl #131726]
<https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
#121683]
<https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
#122353]
<https://rt.cpan.org/Public/Bug/Display.html?id=122353>
Selected Bug Fixes
o "/@0{0*->@*/*0" and similar contortions used to crash, but no
longer do, but merely produce a syntax error. [perl #128171]
<https://rt.perl.org/Public/Bug/Display.html?id=128171>
o "do" or "require" with an argument which is a reference or typeglob
which, when stringified, contains a null character, started
crashing in Perl 5.20, but has now been fixed. [perl #128182]
<https://rt.perl.org/Public/Bug/Display.html?id=128182>
o Expressions containing an "&&" or "||" operator (or their synonyms
"and" and "or") were being compiled incorrectly in some cases. If
the left-hand side consisted of either a negated bareword constant
or a negated "do {}" block containing a constant expression, and
the right-hand side consisted of a negated non-foldable expression,
one of the negations was effectively ignored. The same was true of
"if" and "unless" statement modifiers, though with the left-hand
and right-hand sides swapped. This long-standing bug has now been
fixed. [perl #127952]
<https://rt.perl.org/Public/Bug/Display.html?id=127952>
o "reset" with an argument no longer crashes when encountering stash
entries other than globs. [perl #128106]
<https://rt.perl.org/Public/Bug/Display.html?id=128106>
o Assignment of hashes to, and deletion of, typeglobs named *::::::
no longer causes crashes. [perl #128086]
<https://rt.perl.org/Public/Bug/Display.html?id=128086>
o Assignment variants of any bitwise ops under the "bitwise" feature
would crash if the left-hand side was an array or hash. [perl
#128204] <https://rt.perl.org/Public/Bug/Display.html?id=128204>
o "socket" now leaves the error code returned by the system in $! on
failure. [perl #128316]
<https://rt.perl.org/Public/Bug/Display.html?id=128316>
o Parsing bad POSIX charclasses no longer leaks memory. [perl
#128313] <https://rt.perl.org/Public/Bug/Display.html?id=128313>
o Since Perl 5.20, line numbers have been off by one when perl is
invoked with the -x switch. This has been fixed. [perl #128508]
<https://rt.perl.org/Public/Bug/Display.html?id=128508>
o Some obscure cases of subroutines and file handles being freed at
the same time could result in crashes, but have been fixed. The
crash was introduced in Perl 5.22. [perl #128597]
<https://rt.perl.org/Public/Bug/Display.html?id=128597>
o Some regular expression parsing glitches could lead to assertion
failures with regular expressions such as "/(?<=/" and "/(?<!/".
This has now been fixed. [perl #128170]
<https://rt.perl.org/Public/Bug/Display.html?id=128170>
o "gethostent" and similar functions now perform a null check
internally, to avoid crashing with the torsocks library. This was
a regression from Perl 5.22. [perl #128740]
<https://rt.perl.org/Public/Bug/Display.html?id=128740>
o Mentioning the same constant twice in a row (which is a syntax
error) no longer fails an assertion under debugging builds. This
was a regression from Perl 5.20. [perl #126482]
<https://rt.perl.org/Public/Bug/Display.html?id=126482>
o In Perl 5.24 "fchown" was changed not to accept negative one as an
argument because in some platforms that is an error. However, in
some other platforms that is an acceptable argument. This change
has been reverted. [perl #128967]
<https://rt.perl.org/Public/Bug/Display.html?id=128967>.
o "@{x" followed by a newline where "x" represents a control or non-
ASCII character no longer produces a garbled syntax error message
or a crash. [perl #128951]
<https://rt.perl.org/Public/Bug/Display.html?id=128951>
o A regression in Perl 5.24 with "tr/\N{U+...}/foo/" when the code
point was between 128 and 255 has been fixed. [perl #128734]
<https://rt.perl.org/Public/Bug/Display.html?id=128734>.
o Many issues relating to "printf "%a"" of hexadecimal floating point
were fixed. In addition, the "subnormals" (formerly known as
"denormals") floating point numbers are now supported both with the
plain IEEE 754 floating point numbers (64-bit or 128-bit) and the
x86 80-bit "extended precision". Note that subnormal hexadecimal
floating point literals will give a warning about "exponent
underflow". [perl #128843]
<https://rt.perl.org/Public/Bug/Display.html?id=128843> [perl
#128888] <https://rt.perl.org/Public/Bug/Display.html?id=128888>
[perl #128889]
<https://rt.perl.org/Public/Bug/Display.html?id=128889> [perl
#128890] <https://rt.perl.org/Public/Bug/Display.html?id=128890>
[perl #128893]
<https://rt.perl.org/Public/Bug/Display.html?id=128893> [perl
#128909] <https://rt.perl.org/Public/Bug/Display.html?id=128909>
[perl #128919]
<https://rt.perl.org/Public/Bug/Display.html?id=128919>
o The parser could sometimes crash if a bareword came after
"evalbytes". [perl #129196]
<https://rt.perl.org/Public/Bug/Display.html?id=129196>
o Fixed a place where the regex parser was not setting the syntax
error correctly on a syntactically incorrect pattern. [perl
#129122] <https://rt.perl.org/Public/Bug/Display.html?id=129122>
o A vulnerability in Perl's "sprintf" implementation has been fixed
by avoiding a possible memory wrap. [perl #131260]
<https://rt.perl.org/Public/Bug/Display.html?id=131260>
Acknowledgements
Perl 5.24.3 represents approximately 2 months of development since Perl
5.24.2 and contains approximately 3,200 lines of changes across 120
files from 23 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 1,600 lines of changes to 56 .pm, .t, .c and .h
files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.24.3:
Aaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsaaker, Dan Collins,
Daniel Dragan, Dave Cross, David Mitchell, Eric Herman, Father
Chrysostomos, H.Merijn Brand, Hugo van der Sanden, James E Keenan,
Jarkko Hietaniemi, John SJ Anderson, Karl Williamson, Ken Brown, Lukas
Mai, Matthew Horsfall, Stevan Little, Steve Hay, Steven Humphrey, Tony
Cook, Yves Orton.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
Reporting Bugs
If you find what you think is a bug, you might check the articles
recently posted to the comp.lang.perl.misc newsgroup and the perl bug
database at <https://rt.perl.org/> . There may also be information at
<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down to a
tiny but sufficient test case. Your bug report, along with the output
of "perl -V", will be sent off to perlbug AT perl.org to be analysed by
the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
how to report the issue.
SEE ALSO
The Changes file for an explanation of how to view exhaustive details
on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
perl v5.26.3 2018-03-01 PERL5243DELTA(1)