1PERL5241DELTA(1) Perl Programmers Reference Guide PERL5241DELTA(1)
2
3
4
6 perl5241delta - what is new for perl v5.24.1
7
9 This document describes differences between the 5.24.0 release and the
10 5.24.1 release.
11
12 If you are upgrading from an earlier release such as 5.22.0, first read
13 perl5240delta, which describes differences between 5.22.0 and 5.24.0.
14
16 -Di switch is now required for PerlIO debugging output
17 Previously PerlIO debugging output would be sent to the file specified
18 by the "PERLIO_DEBUG" environment variable if perl wasn't running
19 setuid and the -T or -t switches hadn't been parsed yet.
20
21 If perl performed output at a point where it hadn't yet parsed its
22 switches this could result in perl creating or overwriting the file
23 named by "PERLIO_DEBUG" even when the -T switch had been supplied.
24
25 Perl now requires the -Di switch to produce PerlIO debugging output.
26 By default this is written to "stderr", but can optionally be
27 redirected to a file by setting the "PERLIO_DEBUG" environment
28 variable.
29
30 If perl is running setuid or the -T switch was supplied "PERLIO_DEBUG"
31 is ignored and the debugging output is sent to "stderr" as for any
32 other -D switch.
33
34 Core modules and tools no longer search "." for optional modules
35 The tools and many modules supplied in core no longer search the
36 default current directory entry in @INC for optional modules. For
37 example, Storable will remove the final "." from @INC before trying to
38 load Log::Agent.
39
40 This prevents an attacker injecting an optional module into a process
41 run by another user where the current directory is writable by the
42 attacker, e.g. the /tmp directory.
43
44 In most cases this removal should not cause problems, but difficulties
45 were encountered with base, which treats every module name supplied as
46 optional. These difficulties have not yet been resolved, so for this
47 release there are no changes to base. We hope to have a fix for base
48 in Perl 5.24.2.
49
50 To protect your own code from this attack, either remove the default
51 "." entry from @INC at the start of your script, so:
52
53 #!/usr/bin/perl
54 use strict;
55 ...
56
57 becomes:
58
59 #!/usr/bin/perl
60 BEGIN { pop @INC if $INC[-1] eq '.' }
61 use strict;
62 ...
63
64 or for modules, remove "." from a localized @INC, so:
65
66 my $can_foo = eval { require Foo; }
67
68 becomes:
69
70 my $can_foo = eval {
71 local @INC = @INC;
72 pop @INC if $INC[-1] eq '.';
73 require Foo;
74 };
75
77 Other than the security changes above there are no changes
78 intentionally incompatible with Perl 5.24.0. If any exist, they are
79 bugs, and we request that you submit a report. See "Reporting Bugs"
80 below.
81
83 Updated Modules and Pragmata
84 · Archive::Tar has been upgraded from version 2.04 to 2.04_01.
85
86 · bignum has been upgraded from version 0.42 to 0.42_01.
87
88 · CPAN has been upgraded from version 2.11 to 2.11_01.
89
90 · Digest has been upgraded from version 1.17 to 1.17_01.
91
92 · Digest::SHA has been upgraded from version 5.95 to 5.95_01.
93
94 · Encode has been upgraded from version 2.80 to 2.80_01.
95
96 · ExtUtils::MakeMaker has been upgraded from version 7.10_01 to
97 7.10_02.
98
99 · File::Fetch has been upgraded from version 0.48 to 0.48_01.
100
101 · File::Spec has been upgraded from version 3.63 to 3.63_01.
102
103 · HTTP::Tiny has been upgraded from version 0.056 to 0.056_001.
104
105 · IO has been upgraded from version 1.36 to 1.36_01.
106
107 · The IO-Compress modules have been upgraded from version 2.069 to
108 2.069_001.
109
110 · IPC::Cmd has been upgraded from version 0.92 to 0.92_01.
111
112 · JSON::PP has been upgraded from version 2.27300 to 2.27300_01.
113
114 · Locale::Maketext has been upgraded from version 1.26 to 1.26_01.
115
116 · Locale::Maketext::Simple has been upgraded from version 0.21 to
117 0.21_01.
118
119 · Memoize has been upgraded from version 1.03 to 1.03_01.
120
121 · Module::CoreList has been upgraded from version 5.20160506 to
122 5.20170114_24.
123
124 · Net::Ping has been upgraded from version 2.43 to 2.43_01.
125
126 · Parse::CPAN::Meta has been upgraded from version 1.4417 to
127 1.4417_001.
128
129 · Pod::Html has been upgraded from version 1.22 to 1.2201.
130
131 · Pod::Perldoc has been upgraded from version 3.25_02 to 3.25_03.
132
133 · Storable has been upgraded from version 2.56 to 2.56_01.
134
135 · Sys::Syslog has been upgraded from version 0.33 to 0.33_01.
136
137 · Test has been upgraded from version 1.28 to 1.28_01.
138
139 · Test::Harness has been upgraded from version 3.36 to 3.36_01.
140
141 · XSLoader has been upgraded from version 0.21 to 0.22, fixing a
142 security hole in which binary files could be loaded from a path
143 outside of @INC. [perl #128528]
144 <https://rt.perl.org/Public/Bug/Display.html?id=128528>
145
147 Changes to Existing Documentation
148 perlapio
149
150 · The documentation of "PERLIO_DEBUG" has been updated.
151
152 perlrun
153
154 · The new -Di switch has been documented, and the documentation of
155 "PERLIO_DEBUG" has been updated.
156
158 · A new test script, t/run/switchDx.t, has been added to test that
159 the new -Di switch is working correctly.
160
162 · The change to hashbang redirection introduced in Perl 5.24.0,
163 whereby perl would redirect to another interpreter (Perl 6) if it
164 found a hashbang path which contains "perl" followed by "6", has
165 been reverted because it broke in cases such as
166 "#!/opt/perl64/bin/perl".
167
169 Perl 5.24.1 represents approximately 8 months of development since Perl
170 5.24.0 and contains approximately 8,100 lines of changes across 240
171 files from 18 authors.
172
173 Excluding auto-generated files, documentation and release tools, there
174 were approximately 2,200 lines of changes to 170 .pm, .t, .c and .h
175 files.
176
177 Perl continues to flourish into its third decade thanks to a vibrant
178 community of users and developers. The following people are known to
179 have contributed the improvements that became Perl 5.24.1:
180
181 Aaron Crane, Alex Vandiver, Aristotle Pagaltzis, Chad Granum, Chris
182 'BinGOs' Williams, Craig A. Berry, Father Chrysostomos, James E Keenan,
183 Jarkko Hietaniemi, Karen Etheridge, Leon Timmermans, Matthew Horsfall,
184 Ricardo Signes, Sawyer X, Sebastien Aperghis-Tramoni, Stevan Little,
185 Steve Hay, Tony Cook.
186
187 The list above is almost certainly incomplete as it is automatically
188 generated from version control history. In particular, it does not
189 include the names of the (very much appreciated) contributors who
190 reported issues to the Perl bug tracker.
191
192 Many of the changes included in this version originated in the CPAN
193 modules included in Perl's core. We're grateful to the entire CPAN
194 community for helping Perl to flourish.
195
196 For a more complete list of all of Perl's historical contributors,
197 please see the AUTHORS file in the Perl source distribution.
198
200 If you find what you think is a bug, you might check the articles
201 recently posted to the comp.lang.perl.misc newsgroup and the Perl bug
202 database at <https://rt.perl.org/> . There may also be information at
203 <http://www.perl.org/> , the Perl Home Page.
204
205 If you believe you have an unreported bug, please run the perlbug
206 program included with your release. Be sure to trim your bug down to a
207 tiny but sufficient test case. Your bug report, along with the output
208 of "perl -V", will be sent off to perlbug@perl.org to be analysed by
209 the Perl porting team.
210
211 If the bug you are reporting has security implications which make it
212 inappropriate to send to a publicly archived mailing list, then see
213 "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
214 how to report the issue.
215
217 The Changes file for an explanation of how to view exhaustive details
218 on what changed.
219
220 The INSTALL file for how to build Perl.
221
222 The README file for general stuff.
223
224 The Artistic and Copying files for copyright information.
225
226
227
228perl v5.30.2 2020-03-27 PERL5241DELTA(1)