1PERL5241DELTA(1)       Perl Programmers Reference Guide       PERL5241DELTA(1)
2
3
4

NAME

6       perl5241delta - what is new for perl v5.24.1
7

DESCRIPTION

9       This document describes differences between the 5.24.0 release and the
10       5.24.1 release.
11
12       If you are upgrading from an earlier release such as 5.22.0, first read
13       perl5240delta, which describes differences between 5.22.0 and 5.24.0.
14

Security

16   -Di switch is now required for PerlIO debugging output
17       Previously PerlIO debugging output would be sent to the file specified
18       by the "PERLIO_DEBUG" environment variable if perl wasn't running
19       setuid and the -T or -t switches hadn't been parsed yet.
20
21       If perl performed output at a point where it hadn't yet parsed its
22       switches this could result in perl creating or overwriting the file
23       named by "PERLIO_DEBUG" even when the -T switch had been supplied.
24
25       Perl now requires the -Di switch to produce PerlIO debugging output.
26       By default this is written to "stderr", but can optionally be
27       redirected to a file by setting the "PERLIO_DEBUG" environment
28       variable.
29
30       If perl is running setuid or the -T switch was supplied "PERLIO_DEBUG"
31       is ignored and the debugging output is sent to "stderr" as for any
32       other -D switch.
33
34   Core modules and tools no longer search "." for optional modules
35       The tools and many modules supplied in core no longer search the
36       default current directory entry in @INC for optional modules.  For
37       example, Storable will remove the final "." from @INC before trying to
38       load Log::Agent.
39
40       This prevents an attacker injecting an optional module into a process
41       run by another user where the current directory is writable by the
42       attacker, e.g. the /tmp directory.
43
44       In most cases this removal should not cause problems, but difficulties
45       were encountered with base, which treats every module name supplied as
46       optional.  These difficulties have not yet been resolved, so for this
47       release there are no changes to base.  We hope to have a fix for base
48       in Perl 5.24.2.
49
50       To protect your own code from this attack, either remove the default
51       "."  entry from @INC at the start of your script, so:
52
53         #!/usr/bin/perl
54         use strict;
55         ...
56
57       becomes:
58
59         #!/usr/bin/perl
60         BEGIN { pop @INC if $INC[-1] eq '.' }
61         use strict;
62         ...
63
64       or for modules, remove "." from a localized @INC, so:
65
66         my $can_foo = eval { require Foo; }
67
68       becomes:
69
70         my $can_foo = eval {
71             local @INC = @INC;
72             pop @INC if $INC[-1] eq '.';
73             require Foo;
74         };
75

Incompatible Changes

77       Other than the security changes above there are no changes
78       intentionally incompatible with Perl 5.24.0.  If any exist, they are
79       bugs, and we request that you submit a report.  See "Reporting Bugs"
80       below.
81

Modules and Pragmata

83   Updated Modules and Pragmata
84       •   Archive::Tar has been upgraded from version 2.04 to 2.04_01.
85
86       •   bignum has been upgraded from version 0.42 to 0.42_01.
87
88       •   CPAN has been upgraded from version 2.11 to 2.11_01.
89
90       •   Digest has been upgraded from version 1.17 to 1.17_01.
91
92       •   Digest::SHA has been upgraded from version 5.95 to 5.95_01.
93
94       •   Encode has been upgraded from version 2.80 to 2.80_01.
95
96       •   ExtUtils::MakeMaker has been upgraded from version 7.10_01 to
97           7.10_02.
98
99       •   File::Fetch has been upgraded from version 0.48 to 0.48_01.
100
101       •   File::Spec has been upgraded from version 3.63 to 3.63_01.
102
103       •   HTTP::Tiny has been upgraded from version 0.056 to 0.056_001.
104
105       •   IO has been upgraded from version 1.36 to 1.36_01.
106
107       •   The IO-Compress modules have been upgraded from version 2.069 to
108           2.069_001.
109
110       •   IPC::Cmd has been upgraded from version 0.92 to 0.92_01.
111
112       •   JSON::PP has been upgraded from version 2.27300 to 2.27300_01.
113
114       •   Locale::Maketext has been upgraded from version 1.26 to 1.26_01.
115
116       •   Locale::Maketext::Simple has been upgraded from version 0.21 to
117           0.21_01.
118
119       •   Memoize has been upgraded from version 1.03 to 1.03_01.
120
121       •   Module::CoreList has been upgraded from version 5.20160506 to
122           5.20170114_24.
123
124       •   Net::Ping has been upgraded from version 2.43 to 2.43_01.
125
126       •   Parse::CPAN::Meta has been upgraded from version 1.4417 to
127           1.4417_001.
128
129       •   Pod::Html has been upgraded from version 1.22 to 1.2201.
130
131       •   Pod::Perldoc has been upgraded from version 3.25_02 to 3.25_03.
132
133       •   Storable has been upgraded from version 2.56 to 2.56_01.
134
135       •   Sys::Syslog has been upgraded from version 0.33 to 0.33_01.
136
137       •   Test has been upgraded from version 1.28 to 1.28_01.
138
139       •   Test::Harness has been upgraded from version 3.36 to 3.36_01.
140
141       •   XSLoader has been upgraded from version 0.21 to 0.22, fixing a
142           security hole in which binary files could be loaded from a path
143           outside of @INC.  [GH #15418]
144           <https://github.com/Perl/perl5/issues/15418>
145

Documentation

147   Changes to Existing Documentation
148       perlapio
149
150       •   The documentation of "PERLIO_DEBUG" has been updated.
151
152       perlrun
153
154       •   The new -Di switch has been documented, and the documentation of
155           "PERLIO_DEBUG" has been updated.
156

Testing

158       •   A new test script, t/run/switchDx.t, has been added to test that
159           the new -Di switch is working correctly.
160

Selected Bug Fixes

162       •   The change to hashbang redirection introduced in Perl 5.24.0,
163           whereby perl would redirect to another interpreter (Perl 6) if it
164           found a hashbang path which contains "perl" followed by "6", has
165           been reverted because it broke in cases such as
166           "#!/opt/perl64/bin/perl".
167

Acknowledgements

169       Perl 5.24.1 represents approximately 8 months of development since Perl
170       5.24.0 and contains approximately 8,100 lines of changes across 240
171       files from 18 authors.
172
173       Excluding auto-generated files, documentation and release tools, there
174       were approximately 2,200 lines of changes to 170 .pm, .t, .c and .h
175       files.
176
177       Perl continues to flourish into its third decade thanks to a vibrant
178       community of users and developers.  The following people are known to
179       have contributed the improvements that became Perl 5.24.1:
180
181       Aaron Crane, Alex Vandiver, Aristotle Pagaltzis, Chad Granum, Chris
182       'BinGOs' Williams, Craig A. Berry, Father Chrysostomos, James E Keenan,
183       Jarkko Hietaniemi, Karen Etheridge, Leon Timmermans, Matthew Horsfall,
184       Ricardo Signes, Sawyer X, Sébastien Aperghis-Tramoni, Stevan Little,
185       Steve Hay, Tony Cook.
186
187       The list above is almost certainly incomplete as it is automatically
188       generated from version control history.  In particular, it does not
189       include the names of the (very much appreciated) contributors who
190       reported issues to the Perl bug tracker.
191
192       Many of the changes included in this version originated in the CPAN
193       modules included in Perl's core.  We're grateful to the entire CPAN
194       community for helping Perl to flourish.
195
196       For a more complete list of all of Perl's historical contributors,
197       please see the AUTHORS file in the Perl source distribution.
198

Reporting Bugs

200       If you find what you think is a bug, you might check the articles
201       recently posted to the comp.lang.perl.misc newsgroup and the Perl bug
202       database at <https://rt.perl.org/> .  There may also be information at
203       <http://www.perl.org/> , the Perl Home Page.
204
205       If you believe you have an unreported bug, please run the perlbug
206       program included with your release.  Be sure to trim your bug down to a
207       tiny but sufficient test case.  Your bug report, along with the output
208       of "perl -V", will be sent off to perlbug@perl.org to be analysed by
209       the Perl porting team.
210
211       If the bug you are reporting has security implications which make it
212       inappropriate to send to a publicly archived mailing list, then see
213       "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
214       how to report the issue.
215

SEE ALSO

217       The Changes file for an explanation of how to view exhaustive details
218       on what changed.
219
220       The INSTALL file for how to build Perl.
221
222       The README file for general stuff.
223
224       The Artistic and Copying files for copyright information.
225
226
227
228perl v5.38.2                      2023-11-30                  PERL5241DELTA(1)
Impressum