xref: /openbsd/gnu/usr.bin/perl/pod/perl5222delta.pod (revision 3cab2bb3) 
1=encoding utf8
2
3=head1 NAME
4
5perl5222delta - what is new for perl v5.22.2
6
7=head1 DESCRIPTION
8
9This document describes differences between the 5.22.1 release and the 5.22.2
10release.
11
12If you are upgrading from an earlier release such as 5.22.0, first read
13L<perl5221delta>, which describes differences between 5.22.0 and 5.22.1.
14
15=head1 Security
16
17=head2 Fix out of boundary access in Win32 path handling
18
19This is CVE-2015-8608.  For more information see
20L<[perl #126755]|https://rt.perl.org/Ticket/Display.html?id=126755>.
21
22=head2 Fix loss of taint in C<canonpath()>
23
24This is CVE-2015-8607.  For more information see
25L<[perl #126862]|https://rt.perl.org/Ticket/Display.html?id=126862>.
26
27=head2 Set proper umask before calling C<mkstemp(3)>
28
29In 5.22.0 perl started setting umask to C<0600> before calling C<mkstemp(3)>
30and restoring it afterwards.  This wrongfully tells C<open(2)> to strip the
31owner read and write bits from the given mode before applying it, rather than
32the intended negation of leaving only those bits in place.
33
34Systems that use mode C<0666> in C<mkstemp(3)> (like old versions of glibc)
35create a file with permissions C<0066>, leaving world read and write permissions
36regardless of current umask.
37
38This has been fixed by using umask C<0177> instead.
39
40L<[perl #127322]|https://rt.perl.org/Ticket/Display.html?id=127322>
41
42=head2 Avoid accessing uninitialized memory in Win32 C<crypt()>
43
44Validation that will detect both a short salt and invalid characters in the
45salt has been added.
46
47L<[perl #126922]|https://rt.perl.org/Ticket/Display.html?id=126922>
48
49=head2 Remove duplicate environment variables from C<environ>
50
51Previously, if an environment variable appeared more than once in C<environ[]>,
52L<C<%ENV>|perlvar/%ENV> would contain the last entry for that name, while a
53typical C<getenv()> would return the first entry.  We now make sure C<%ENV>
54contains the same as what C<getenv()> returns.
55
56Secondly, we now remove duplicates from C<environ[]>, so if a setting with that
57name is set in C<%ENV> we won't pass an unsafe value to a child process.
58
59This is CVE-2016-2381.
60
61=head1 Incompatible Changes
62
63There are no changes intentionally incompatible with Perl 5.22.1.  If any
64exist, they are bugs, and we request that you submit a report.  See
65L</Reporting Bugs> below.
66
67=head1 Modules and Pragmata
68
69=head2 Updated Modules and Pragmata
70
71=over 4
72
73=item *
74
75L<File::Spec> has been upgraded from version 3.56 to 3.56_01.
76
77C<canonpath()> now preserves taint.  See L</"Fix loss of taint in
78C<canonpath()>">.
79
80=item *
81
82L<Module::CoreList> has been upgraded from version 5.20151213 to 5.20160429.
83
84The version number of L<Digest::SHA> listed for Perl 5.18.4 was wrong and has
85been corrected.  Likewise for the version number of L<Config> in 5.18.3 and
865.18.4.
87L<[perl #127624]|https://rt.perl.org/Ticket/Display.html?id=127624>
88
89=back
90
91=head1 Documentation
92
93=head2 Changes to Existing Documentation
94
95=head3 L<perldiag>
96
97=over 4
98
99=item *
100
101The explanation of the warning "unable to close filehandle %s properly: %s"
102which can occur when doing an implicit close of a filehandle has been expanded
103and improved.
104
105=back
106
107=head3 L<perlfunc>
108
109=over 4
110
111=item *
112
113The documentation of L<C<hex()>|perlfunc/hex> has been revised to clarify valid
114inputs.
115
116=back
117
118=head1 Configuration and Compilation
119
120=over 4
121
122=item *
123
124Dtrace builds now build successfully on systems with a newer dtrace that
125require an input object file that uses the probes in the F<.d> file.
126
127Previously the probe would fail and cause a build failure.
128
129L<[perl #122287]|https://rt.perl.org/Ticket/Display.html?id=122287>
130
131=item *
132
133F<Configure> no longer probes for F<libnm> by default.  Originally this was the
134"New Math" library, but the name has been re-used by the GNOME NetworkManager.
135
136L<[perl #127131]|https://rt.perl.org/Ticket/Display.html?id=127131>
137
138=item *
139
140F<Configure> now knows about gcc 5.
141
142=item *
143
144Compiling perl with B<-DPERL_MEM_LOG> now works again.
145
146=back
147
148=head1 Platform Support
149
150=head2 Platform-Specific Notes
151
152=over 4
153
154=item Darwin
155
156Compiling perl with B<-Dusecbacktrace> on Darwin now works again.
157
158L<[perl #127764]|https://rt.perl.org/Ticket/Display.html?id=127764>
159
160=item OS X/Darwin
161
162Builds with both B<-DDEBUGGING> and threading enabled would fail with a "panic:
163free from wrong pool" error when built or tested from Terminal on OS X.  This
164was caused by perl's internal management of the environment conflicting with an
165atfork handler using the libc C<setenv()> function to update the environment.
166
167Perl now uses C<setenv()>/C<unsetenv()> to update the environment on OS X.
168
169L<[perl #126240]|https://rt.perl.org/Ticket/Display.html?id=126240>
170
171=item ppc64el
172
173The floating point format of ppc64el (Debian naming for little-endian PowerPC)
174is now detected correctly.
175
176=item Tru64
177
178A test failure in F<t/porting/extrefs.t> has been fixed.
179
180=back
181
182=head1 Internal Changes
183
184=over 4
185
186=item *
187
188An unwarranted assertion in C<Perl_newATTRSUB_x()> has been removed.  If a stub
189subroutine definition with a prototype has been seen, then any subsequent stub
190(or definition) of the same subroutine with an attribute was causing an
191assertion failure because of a null pointer.
192
193L<[perl #126845]|https://rt.perl.org/Ticket/Display.html?id=126845>
194
195=back
196
197=head1 Selected Bug Fixes
198
199=over 4
200
201=item *
202
203Calls to the placeholder C<&PL_sv_yes> used internally when an C<import()> or
204C<unimport()> method isn't found now correctly handle scalar context.
205L<[perl #126042]|https://rt.perl.org/Ticket/Display.html?id=126042>
206
207=item *
208
209The L<C<pipe()>|perlfunc/pipe> operator would assert for C<DEBUGGING> builds
210instead of producing the correct error message.  The condition asserted on is
211detected and reported on correctly without the assertions, so the assertions
212were removed.
213L<[perl #126480]|https://rt.perl.org/Ticket/Display.html?id=126480>
214
215=item *
216
217In some cases, failing to parse a here-doc would attempt to use freed memory.
218This was caused by a pointer not being restored correctly.
219L<[perl #126443]|https://rt.perl.org/Ticket/Display.html?id=126443>
220
221=item *
222
223Perl now reports more context when it sees an array where it expects to see an
224operator, and avoids an assertion failure.
225L<[perl #123737]|https://rt.perl.org/Ticket/Display.html?id=123737>
226
227=item *
228
229If a here-doc was found while parsing another operator, the parser had already
230read end of file, and the here-doc was not terminated, perl could produce an
231assertion or a segmentation fault.  This now reliably complains about the
232unterminated here-doc.
233L<[perl #125540]|https://rt.perl.org/Ticket/Display.html?id=125540>
234
235=item *
236
237Parsing beyond the end of the buffer when processing a C<#line> directive with
238no filename is now avoided.
239L<[perl #127334]|https://rt.perl.org/Ticket/Display.html?id=127334>
240
241=item *
242
243Perl 5.22.0 added support for the C99 hexadecimal floating point notation, but
244sometimes misparsed hex floats.  This has been fixed.
245L<[perl #127183]|https://rt.perl.org/Ticket/Display.html?id=127183>
246
247=item *
248
249Certain regex patterns involving a complemented posix class in an inverted
250bracketed character class, and matching something else optionally would
251improperly fail to match.  An example of one that could fail is
252C<qr/_?[^\Wbar]\x{100}/>.  This has been fixed.
253L<[perl #127537]|https://rt.perl.org/Ticket/Display.html?id=127537>
254
255=item *
256
257Fixed an issue with L<C<pack()>|perlfunc/pack> where C<< pack "H" >> (and
258C<< pack "h" >>) could read past the source when given a non-utf8 source and a
259utf8 target.
260L<[perl #126325]|https://rt.perl.org/Ticket/Display.html?id=126325>
261
262=item *
263
264Fixed some cases where perl would abort due to a segmentation fault, or a
265C-level assert.
266L<[perl #126193]|https://rt.perl.org/Ticket/Display.html?id=126193>
267L<[perl #126257]|https://rt.perl.org/Ticket/Display.html?id=126257>
268L<[perl #126258]|https://rt.perl.org/Ticket/Display.html?id=126258>
269L<[perl #126405]|https://rt.perl.org/Ticket/Display.html?id=126405>
270L<[perl #126602]|https://rt.perl.org/Ticket/Display.html?id=126602>
271L<[perl #127773]|https://rt.perl.org/Ticket/Display.html?id=127773>
272L<[perl #127786]|https://rt.perl.org/Ticket/Display.html?id=127786>
273
274=item *
275
276A memory leak when setting C<$ENV{foo}> on Darwin has been fixed.
277L<[perl #126240]|https://rt.perl.org/Ticket/Display.html?id=126240>
278
279=item *
280
281Perl now correctly raises an error when trying to compile patterns with
282unterminated character classes while there are trailing backslashes.
283L<[perl #126141]|https://rt.perl.org/Ticket/Display.html?id=126141>
284
285=item *
286
287C<NOTHING> regops and C<EXACTFU_SS> regops in C<make_trie()> are now handled
288properly.
289L<[perl #126206]|https://rt.perl.org/Ticket/Display.html?id=126206>
290
291=item *
292
293Perl now only tests C<semctl()> if we have everything needed to use it.  In
294FreeBSD the C<semctl()> entry point may exist, but it can be disabled by
295policy.
296L<[perl #127533]|https://rt.perl.org/Ticket/Display.html?id=127533>
297
298=item *
299
300A regression that allowed undeclared barewords as hash keys to work despite
301strictures has been fixed.
302L<[perl #126981]|https://rt.perl.org/Ticket/Display.html?id=126981>
303
304=item *
305
306As an optimization (introduced in Perl 5.20.0), L<C<uc()>|perlfunc/uc>,
307L<C<lc()>|perlfunc/lc>, L<C<ucfirst()>|perlfunc/ucfirst> and
308L<C<lcfirst()>|perlfunc/lcfirst> sometimes modify their argument in-place
309rather than returning a modified copy.  The criteria for this optimization has
310been made stricter to avoid these functions accidentally modifying in-place
311when they should not, which has been happening in some cases, e.g. in
312L<List::Util>.
313
314=item *
315
316Excessive memory usage in the compilation of some regular expressions involving
317non-ASCII characters has been reduced.  A more complete fix is forthcoming in
318Perl 5.24.0.
319
320=back
321
322=head1 Acknowledgements
323
324Perl 5.22.2 represents approximately 5 months of development since Perl 5.22.1
325and contains approximately 3,000 lines of changes across 110 files from 24
326authors.
327
328Excluding auto-generated files, documentation and release tools, there were
329approximately 1,500 lines of changes to 52 .pm, .t, .c and .h files.
330
331Perl continues to flourish into its third decade thanks to a vibrant community
332of users and developers.  The following people are known to have contributed
333the improvements that became Perl 5.22.2:
334
335Aaron Crane, Abigail, Andreas König, Aristotle Pagaltzis, Chris 'BinGOs'
336Williams, Craig A. Berry, Dagfinn Ilmari Mannsåker, David Golden, David
337Mitchell, H.Merijn Brand, James E Keenan, Jarkko Hietaniemi, Karen Etheridge,
338Karl Williamson, Matthew Horsfall, Niko Tyni, Ricardo Signes, Sawyer X, Stevan
339Little, Steve Hay, Todd Rinaldo, Tony Cook, Vladimir Timofeev, Yves Orton.
340
341The list above is almost certainly incomplete as it is automatically generated
342from version control history.  In particular, it does not include the names of
343the (very much appreciated) contributors who reported issues to the Perl bug
344tracker.
345
346Many of the changes included in this version originated in the CPAN modules
347included in Perl's core.  We're grateful to the entire CPAN community for
348helping Perl to flourish.
349
350For a more complete list of all of Perl's historical contributors, please see
351the F<AUTHORS> file in the Perl source distribution.
352
353=head1 Reporting Bugs
354
355If you find what you think is a bug, you might check the articles recently
356posted to the comp.lang.perl.misc newsgroup and the perl bug database at
357https://rt.perl.org/ .  There may also be information at http://www.perl.org/ ,
358the Perl Home Page.
359
360If you believe you have an unreported bug, please run the L<perlbug> program
361included with your release.  Be sure to trim your bug down to a tiny but
362sufficient test case.  Your bug report, along with the output of C<perl -V>,
363will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
364
365If the bug you are reporting has security implications, which make it
366inappropriate to send to a publicly archived mailing list, then please send it
367to perl5-security-report@perl.org.  This points to a closed subscription
368unarchived mailing list, which includes all the core committers, who will be
369able to help assess the impact of issues, figure out a resolution, and help
370co-ordinate the release of patches to mitigate or fix the problem across all
371platforms on which Perl is supported.  Please only use this address for
372security issues in the Perl core, not for modules independently distributed on
373CPAN.
374
375=head1 SEE ALSO
376
377The F<Changes> file for an explanation of how to view exhaustive details on
378what changed.
379
380The F<INSTALL> file for how to build Perl.
381
382The F<README> file for general stuff.
383
384The F<Artistic> and F<Copying> files for copyright information.
385
386=cut
387