1PERL5144DELTA(1) Perl Programmers Reference Guide PERL5144DELTA(1)
2
3
4
6 perl5144delta - what is new for perl v5.14.4
7
9 This document describes differences between the 5.14.3 release and the
10 5.14.4 release.
11
12 If you are upgrading from an earlier release such as 5.12.0, first read
13 perl5140delta, which describes differences between 5.12.0 and 5.14.0.
14
16 No changes since 5.14.0.
17
19 This release contains one major, and medium, and a number of minor
20 security fixes. The latter are included mainly to allow the test suite
21 to pass cleanly with the clang compiler's address sanitizer facility.
22
23 CVE-2013-1667: memory exhaustion with arbitrary hash keys
24 With a carefully crafted set of hash keys (for example arguments on a
25 URL), it is possible to cause a hash to consume a large amount of
26 memory and CPU, and thus possibly to achieve a Denial-of-Service.
27
28 This problem has been fixed.
29
30 memory leak in Encode
31 The UTF-8 encoding implementation in Encode.xs had a memory leak which
32 has been fixed.
33
34 [perl #111594] Socket::unpack_sockaddr_un heap-buffer-overflow
35 A read buffer overflow could occur when copying "sockaddr" buffers.
36 Fairly harmless.
37
38 This problem has been fixed.
39
40 [perl #111586] SDBM_File: fix off-by-one access to global ".dir"
41 An extra byte was being copied for some string literals. Fairly
42 harmless.
43
44 This problem has been fixed.
45
46 off-by-two error in List::Util
47 A string literal was being used that included two bytes beyond the end
48 of the string. Fairly harmless.
49
50 This problem has been fixed.
51
52 [perl #115994] fix segv in regcomp.c:S_join_exact()
53 Under debugging builds, while marking optimised-out regex nodes as type
54 "OPTIMIZED", it could treat blocks of exact text as if they were nodes,
55 and thus SEGV. Fairly harmless.
56
57 This problem has been fixed.
58
59 [perl #115992] PL_eval_start use-after-free
60 The statement "local $[;", when preceded by an "eval", and when not
61 part of an assignment, could crash. Fairly harmless.
62
63 This problem has been fixed.
64
65 wrap-around with IO on long strings
66 Reading or writing strings greater than 2**31 bytes in size could
67 segfault due to integer wraparound.
68
69 This problem has been fixed.
70
72 There are no changes intentionally incompatible with 5.14.0. If any
73 exist, they are bugs and reports are welcome.
74
76 There have been no deprecations since 5.14.0.
77
79 New Modules and Pragmata
80 None
81
82 Updated Modules and Pragmata
83 The following modules have just the minor code fixes as listed above in
84 "Security" (version numbers have not changed):
85
86 Socket
87 SDBM_File
88 List::Util
89
90 Encode has been upgraded from version 2.42_01 to version 2.42_02.
91
92 Module::CoreList has been updated to version 2.49_06 to add data for
93 this release.
94
95 Removed Modules and Pragmata
96 None.
97
99 New Documentation
100 None.
101
102 Changes to Existing Documentation
103 None.
104
106 No new or changed diagnostics.
107
109 None
110
112 No changes.
113
115 New Platforms
116 None.
117
118 Discontinued Platforms
119 None.
120
121 Platform-Specific Notes
122 VMS 5.14.3 failed to compile on VMS due to incomplete application of a
123 patch series that allowed "userelocatableinc" and
124 "usesitecustomize" to be used simultaneously. Other platforms were
125 not affected and the problem has now been corrected.
126
128 • In Perl 5.14.0, "$tainted ~~ @array" stopped working properly.
129 Sometimes it would erroneously fail (when $tainted contained a
130 string that occurs in the array after the first element) or
131 erroneously succeed (when "undef" occurred after the first element)
132 [perl #93590].
133
135 None.
136
138 Perl 5.14.4 represents approximately 5 months of development since Perl
139 5.14.3 and contains approximately 1,700 lines of changes across 49
140 files from 12 authors.
141
142 Perl continues to flourish into its third decade thanks to a vibrant
143 community of users and developers. The following people are known to
144 have contributed the improvements that became Perl 5.14.4:
145
146 Andy Dougherty, Chris 'BinGOs' Williams, Christian Hansen, Craig A.
147 Berry, Dave Rolsky, David Mitchell, Dominic Hargreaves, Father
148 Chrysostomos, Florian Ragwitz, Reini Urban, Ricardo Signes, Yves Orton.
149
150 The list above is almost certainly incomplete as it is automatically
151 generated from version control history. In particular, it does not
152 include the names of the (very much appreciated) contributors who
153 reported issues to the Perl bug tracker.
154
155 For a more complete list of all of Perl's historical contributors,
156 please see the AUTHORS file in the Perl source distribution.
157
159 If you find what you think is a bug, you might check the articles
160 recently posted to the comp.lang.perl.misc newsgroup and the perl bug
161 database at http://rt.perl.org/perlbug/ . There may also be
162 information at http://www.perl.org/ , the Perl Home Page.
163
164 If you believe you have an unreported bug, please run the perlbug
165 program included with your release. Be sure to trim your bug down to a
166 tiny but sufficient test case. Your bug report, along with the output
167 of "perl -V", will be sent off to perlbug@perl.org to be analysed by
168 the Perl porting team.
169
170 If the bug you are reporting has security implications, which make it
171 inappropriate to send to a publicly archived mailing list, then please
172 send it to perl5-security-report@perl.org. This points to a closed
173 subscription unarchived mailing list, which includes all the core
174 committers, who be able to help assess the impact of issues, figure out
175 a resolution, and help co-ordinate the release of patches to mitigate
176 or fix the problem across all platforms on which Perl is supported.
177 Please only use this address for security issues in the Perl core, not
178 for modules independently distributed on CPAN.
179
181 The Changes file for an explanation of how to view exhaustive details
182 on what changed.
183
184 The INSTALL file for how to build Perl.
185
186 The README file for general stuff.
187
188 The Artistic and Copying files for copyright information.
189
190
191
192perl v5.36.0 2022-08-30 PERL5144DELTA(1)