1PERL5243DELTA(1)       Perl Programmers Reference Guide       PERL5243DELTA(1)
2
3
4

NAME

6       perl5243delta - what is new for perl v5.24.3
7

DESCRIPTION

9       This document describes differences between the 5.24.2 release and the
10       5.24.3 release.
11
12       If you are upgrading from an earlier release such as 5.24.1, first read
13       perl5242delta, which describes differences between 5.24.1 and 5.24.2.
14

Security

16   [CVE-2017-12837] Heap buffer overflow in regular expression compiler
17       Compiling certain regular expression patterns with the case-insensitive
18       modifier could cause a heap buffer overflow and crash perl.  This has
19       now been fixed.  [perl #131582]
20       <https://rt.perl.org/Public/Bug/Display.html?id=131582>
21
22   [CVE-2017-12883] Buffer over-read in regular expression parser
23       For certain types of syntax error in a regular expression pattern, the
24       error message could either contain the contents of a random, possibly
25       large, chunk of memory, or could crash perl.  This has now been fixed.
26       [perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>
27
28   [CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
29       A possible stack buffer overflow in the %ENV code on Windows has been
30       fixed by removing the buffer completely since it was superfluous
31       anyway.  [perl #131665]
32       <https://rt.perl.org/Public/Bug/Display.html?id=131665>
33

Incompatible Changes

35       There are no changes intentionally incompatible with 5.24.2.  If any
36       exist, they are bugs, and we request that you submit a report.  See
37       "Reporting Bugs" below.
38

Modules and Pragmata

40   Updated Modules and Pragmata
41       ·   Module::CoreList has been upgraded from version 5.20170715_24 to
42           5.20170922_24.
43
44       ·   POSIX has been upgraded from version 1.65 to 1.65_01.
45
46       ·   Time::HiRes has been upgraded from version 1.9733 to 1.9741.
47
48           [perl #128427]
49           <https://rt.perl.org/Public/Bug/Display.html?id=128427> [perl
50           #128445] <https://rt.perl.org/Public/Bug/Display.html?id=128445>
51           [perl #128972]
52           <https://rt.perl.org/Public/Bug/Display.html?id=128972> [cpan
53           #120032] <https://rt.cpan.org/Public/Bug/Display.html?id=120032>
54

Configuration and Compilation

56       ·   When building with GCC 6 and link-time optimization (the -flto
57           option to gcc), Configure was treating all probed symbols as
58           present on the system, regardless of whether they actually exist.
59           This has been fixed.  [perl #128131]
60           <https://rt.perl.org/Public/Bug/Display.html?id=128131>
61
62       ·   Configure now aborts if both "-Duselongdouble" and "-Dusequadmath"
63           are requested.  [perl #126203]
64           <https://rt.perl.org/Public/Bug/Display.html?id=126203>
65
66       ·   Fixed a bug in which Configure could append "-quadmath" to the
67           archname even if it was already present.  [perl #128538]
68           <https://rt.perl.org/Public/Bug/Display.html?id=128538>
69
70       ·   Clang builds with "-DPERL_GLOBAL_STRUCT" or
71           "-DPERL_GLOBAL_STRUCT_PRIVATE" have been fixed (by disabling Thread
72           Safety Analysis for these configurations).
73

Platform Support

75   Platform-Specific Notes
76       VMS
77           ·   "configure.com" now recognizes the VSI-branded C compiler.
78
79       Windows
80           ·   Building XS modules with GCC 6 in a 64-bit build of Perl failed
81               due to incorrect mapping of "strtoll" and "strtoull".  This has
82               now been fixed.  [perl #131726]
83               <https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
84               #121683]
85               <https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
86               #122353]
87               <https://rt.cpan.org/Public/Bug/Display.html?id=122353>
88

Selected Bug Fixes

90       ·   "/@0{0*->@*/*0" and similar contortions used to crash, but no
91           longer do, but merely produce a syntax error.  [perl #128171]
92           <https://rt.perl.org/Public/Bug/Display.html?id=128171>
93
94       ·   "do" or "require" with an argument which is a reference or typeglob
95           which, when stringified, contains a null character, started
96           crashing in Perl 5.20, but has now been fixed.  [perl #128182]
97           <https://rt.perl.org/Public/Bug/Display.html?id=128182>
98
99       ·   Expressions containing an "&&" or "||" operator (or their synonyms
100           "and" and "or") were being compiled incorrectly in some cases.  If
101           the left-hand side consisted of either a negated bareword constant
102           or a negated "do {}" block containing a constant expression, and
103           the right-hand side consisted of a negated non-foldable expression,
104           one of the negations was effectively ignored.  The same was true of
105           "if" and "unless" statement modifiers, though with the left-hand
106           and right-hand sides swapped.  This long-standing bug has now been
107           fixed.  [perl #127952]
108           <https://rt.perl.org/Public/Bug/Display.html?id=127952>
109
110       ·   "reset" with an argument no longer crashes when encountering stash
111           entries other than globs.  [perl #128106]
112           <https://rt.perl.org/Public/Bug/Display.html?id=128106>
113
114       ·   Assignment of hashes to, and deletion of, typeglobs named *::::::
115           no longer causes crashes.  [perl #128086]
116           <https://rt.perl.org/Public/Bug/Display.html?id=128086>
117
118       ·   Assignment variants of any bitwise ops under the "bitwise" feature
119           would crash if the left-hand side was an array or hash.  [perl
120           #128204] <https://rt.perl.org/Public/Bug/Display.html?id=128204>
121
122       ·   "socket" now leaves the error code returned by the system in $! on
123           failure.  [perl #128316]
124           <https://rt.perl.org/Public/Bug/Display.html?id=128316>
125
126       ·   Parsing bad POSIX charclasses no longer leaks memory.  [perl
127           #128313] <https://rt.perl.org/Public/Bug/Display.html?id=128313>
128
129       ·   Since Perl 5.20, line numbers have been off by one when perl is
130           invoked with the -x switch.  This has been fixed.  [perl #128508]
131           <https://rt.perl.org/Public/Bug/Display.html?id=128508>
132
133       ·   Some obscure cases of subroutines and file handles being freed at
134           the same time could result in crashes, but have been fixed.  The
135           crash was introduced in Perl 5.22.  [perl #128597]
136           <https://rt.perl.org/Public/Bug/Display.html?id=128597>
137
138       ·   Some regular expression parsing glitches could lead to assertion
139           failures with regular expressions such as "/(?<=/" and "/(?<!/".
140           This has now been fixed.  [perl #128170]
141           <https://rt.perl.org/Public/Bug/Display.html?id=128170>
142
143       ·   "gethostent" and similar functions now perform a null check
144           internally, to avoid crashing with the torsocks library.  This was
145           a regression from Perl 5.22.  [perl #128740]
146           <https://rt.perl.org/Public/Bug/Display.html?id=128740>
147
148       ·   Mentioning the same constant twice in a row (which is a syntax
149           error) no longer fails an assertion under debugging builds.  This
150           was a regression from Perl 5.20.  [perl #126482]
151           <https://rt.perl.org/Public/Bug/Display.html?id=126482>
152
153       ·   In Perl 5.24 "fchown" was changed not to accept negative one as an
154           argument because in some platforms that is an error.  However, in
155           some other platforms that is an acceptable argument.  This change
156           has been reverted.  [perl #128967]
157           <https://rt.perl.org/Public/Bug/Display.html?id=128967>.
158
159       ·   "@{x" followed by a newline where "x" represents a control or non-
160           ASCII character no longer produces a garbled syntax error message
161           or a crash.  [perl #128951]
162           <https://rt.perl.org/Public/Bug/Display.html?id=128951>
163
164       ·   A regression in Perl 5.24 with "tr/\N{U+...}/foo/" when the code
165           point was between 128 and 255 has been fixed.  [perl #128734]
166           <https://rt.perl.org/Public/Bug/Display.html?id=128734>.
167
168       ·   Many issues relating to "printf "%a"" of hexadecimal floating point
169           were fixed.  In addition, the "subnormals" (formerly known as
170           "denormals") floating point numbers are now supported both with the
171           plain IEEE 754 floating point numbers (64-bit or 128-bit) and the
172           x86 80-bit "extended precision".  Note that subnormal hexadecimal
173           floating point literals will give a warning about "exponent
174           underflow".  [perl #128843]
175           <https://rt.perl.org/Public/Bug/Display.html?id=128843> [perl
176           #128888] <https://rt.perl.org/Public/Bug/Display.html?id=128888>
177           [perl #128889]
178           <https://rt.perl.org/Public/Bug/Display.html?id=128889> [perl
179           #128890] <https://rt.perl.org/Public/Bug/Display.html?id=128890>
180           [perl #128893]
181           <https://rt.perl.org/Public/Bug/Display.html?id=128893> [perl
182           #128909] <https://rt.perl.org/Public/Bug/Display.html?id=128909>
183           [perl #128919]
184           <https://rt.perl.org/Public/Bug/Display.html?id=128919>
185
186       ·   The parser could sometimes crash if a bareword came after
187           "evalbytes".  [perl #129196]
188           <https://rt.perl.org/Public/Bug/Display.html?id=129196>
189
190       ·   Fixed a place where the regex parser was not setting the syntax
191           error correctly on a syntactically incorrect pattern.  [perl
192           #129122] <https://rt.perl.org/Public/Bug/Display.html?id=129122>
193
194       ·   A vulnerability in Perl's "sprintf" implementation has been fixed
195           by avoiding a possible memory wrap.  [perl #131260]
196           <https://rt.perl.org/Public/Bug/Display.html?id=131260>
197

Acknowledgements

199       Perl 5.24.3 represents approximately 2 months of development since Perl
200       5.24.2 and contains approximately 3,200 lines of changes across 120
201       files from 23 authors.
202
203       Excluding auto-generated files, documentation and release tools, there
204       were approximately 1,600 lines of changes to 56 .pm, .t, .c and .h
205       files.
206
207       Perl continues to flourish into its third decade thanks to a vibrant
208       community of users and developers.  The following people are known to
209       have contributed the improvements that became Perl 5.24.3:
210
211       Aaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsaaker, Dan Collins,
212       Daniel Dragan, Dave Cross, David Mitchell, Eric Herman, Father
213       Chrysostomos, H.Merijn Brand, Hugo van der Sanden, James E Keenan,
214       Jarkko Hietaniemi, John SJ Anderson, Karl Williamson, Ken Brown, Lukas
215       Mai, Matthew Horsfall, Stevan Little, Steve Hay, Steven Humphrey, Tony
216       Cook, Yves Orton.
217
218       The list above is almost certainly incomplete as it is automatically
219       generated from version control history.  In particular, it does not
220       include the names of the (very much appreciated) contributors who
221       reported issues to the Perl bug tracker.
222
223       Many of the changes included in this version originated in the CPAN
224       modules included in Perl's core.  We're grateful to the entire CPAN
225       community for helping Perl to flourish.
226
227       For a more complete list of all of Perl's historical contributors,
228       please see the AUTHORS file in the Perl source distribution.
229

Reporting Bugs

231       If you find what you think is a bug, you might check the articles
232       recently posted to the comp.lang.perl.misc newsgroup and the perl bug
233       database at <https://rt.perl.org/> .  There may also be information at
234       <http://www.perl.org/> , the Perl Home Page.
235
236       If you believe you have an unreported bug, please run the perlbug
237       program included with your release.  Be sure to trim your bug down to a
238       tiny but sufficient test case.  Your bug report, along with the output
239       of "perl -V", will be sent off to perlbug@perl.org to be analysed by
240       the Perl porting team.
241
242       If the bug you are reporting has security implications which make it
243       inappropriate to send to a publicly archived mailing list, then see
244       "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
245       how to report the issue.
246

SEE ALSO

248       The Changes file for an explanation of how to view exhaustive details
249       on what changed.
250
251       The INSTALL file for how to build Perl.
252
253       The README file for general stuff.
254
255       The Artistic and Copying files for copyright information.
256
257
258
259perl v5.26.3                      2018-03-01                  PERL5243DELTA(1)
Impressum