1*91f110e0Safresh1=encoding utf8 2*91f110e0Safresh1 3*91f110e0Safresh1=head1 NAME 4*91f110e0Safresh1 5*91f110e0Safresh1perl5125delta - what is new for perl v5.12.5 6*91f110e0Safresh1 7*91f110e0Safresh1=head1 DESCRIPTION 8*91f110e0Safresh1 9*91f110e0Safresh1This document describes differences between the 5.12.4 release and 10*91f110e0Safresh1the 5.12.5 release. 11*91f110e0Safresh1 12*91f110e0Safresh1If you are upgrading from an earlier release such as 5.12.3, first read 13*91f110e0Safresh1L<perl5124delta>, which describes differences between 5.12.3 and 14*91f110e0Safresh15.12.4. 15*91f110e0Safresh1 16*91f110e0Safresh1=head1 Security 17*91f110e0Safresh1 18*91f110e0Safresh1=head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939) 19*91f110e0Safresh1 20*91f110e0Safresh1A bug in C<Encode> could, on certain inputs, cause the heap to overflow. 21*91f110e0Safresh1This problem has been corrected. Bug reported by Robert Zacek. 22*91f110e0Safresh1 23*91f110e0Safresh1=head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728). 24*91f110e0Safresh1 25*91f110e0Safresh1Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would 26*91f110e0Safresh1cause an access violation / segfault. A Perl program that accepts a flags value from 27*91f110e0Safresh1an external source could expose itself to denial of service or arbitrary code 28*91f110e0Safresh1execution attacks. There are no known exploits in the wild. The problem has been 29*91f110e0Safresh1corrected by explicitly disabling all unsupported flags and setting unused function 30*91f110e0Safresh1pointers to null. Bug reported by Clément Lecigne. 31*91f110e0Safresh1 32*91f110e0Safresh1=head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195) 33*91f110e0Safresh1 34*91f110e0Safresh1Poorly written perl code that allows an attacker to specify the count to 35*91f110e0Safresh1perl's 'x' string repeat operator can already cause a memory exhaustion 36*91f110e0Safresh1denial-of-service attack. A flaw in versions of perl before 5.15.5 can 37*91f110e0Safresh1escalate that into a heap buffer overrun; coupled with versions of glibc 38*91f110e0Safresh1before 2.16, it possibly allows the execution of arbitrary code. 39*91f110e0Safresh1 40*91f110e0Safresh1This problem has been fixed. 41*91f110e0Safresh1 42*91f110e0Safresh1=head1 Incompatible Changes 43*91f110e0Safresh1 44*91f110e0Safresh1There are no changes intentionally incompatible with 5.12.4. If any 45*91f110e0Safresh1exist, they are bugs and reports are welcome. 46*91f110e0Safresh1 47*91f110e0Safresh1=head1 Modules and Pragmata 48*91f110e0Safresh1 49*91f110e0Safresh1=head2 Updated Modules 50*91f110e0Safresh1 51*91f110e0Safresh1=head3 L<B::Concise> 52*91f110e0Safresh1 53*91f110e0Safresh1L<B::Concise> no longer produces mangled output with the B<-tree> option 54*91f110e0Safresh1[perl #80632]. 55*91f110e0Safresh1 56*91f110e0Safresh1=head3 L<charnames> 57*91f110e0Safresh1 58*91f110e0Safresh1A regression introduced in Perl 5.8.8 has been fixed, that caused 59*91f110e0Safresh1C<charnames::viacode(0)> to return C<undef> instead of the string "NULL" 60*91f110e0Safresh1[perl #72624]. 61*91f110e0Safresh1 62*91f110e0Safresh1=head3 L<Encode> has been upgraded from version 2.39 to version 2.39_01. 63*91f110e0Safresh1 64*91f110e0Safresh1See L</Security>. 65*91f110e0Safresh1 66*91f110e0Safresh1=head3 L<File::Glob> has been upgraded from version 1.07 to version 1.07_01. 67*91f110e0Safresh1 68*91f110e0Safresh1See L</Security>. 69*91f110e0Safresh1 70*91f110e0Safresh1=head3 L<Unicode::UCD> 71*91f110e0Safresh1 72*91f110e0Safresh1The documentation for the C<upper> function now actually says "upper", not 73*91f110e0Safresh1"lower". 74*91f110e0Safresh1 75*91f110e0Safresh1=head3 L<Module::CoreList> 76*91f110e0Safresh1 77*91f110e0Safresh1L<Module::CoreList> has been updated to version 2.50_02 to add data for 78*91f110e0Safresh1this release. 79*91f110e0Safresh1 80*91f110e0Safresh1=head1 Changes to Existing Documentation 81*91f110e0Safresh1 82*91f110e0Safresh1=head2 L<perlebcdic> 83*91f110e0Safresh1 84*91f110e0Safresh1The L<perlebcdic> document contains a helpful table to use in C<tr///> to 85*91f110e0Safresh1convert between EBCDIC and Latin1/ASCII. Unfortunately, the table was the 86*91f110e0Safresh1inverse of the one it describes. This has been corrected. 87*91f110e0Safresh1 88*91f110e0Safresh1=head2 L<perlunicode> 89*91f110e0Safresh1 90*91f110e0Safresh1The section on 91*91f110e0Safresh1L<User-Defined Case Mappings|perlunicode/User-Defined Case Mappings> had 92*91f110e0Safresh1some bad markup and unclear sentences, making parts of it unreadable. This 93*91f110e0Safresh1has been rectified. 94*91f110e0Safresh1 95*91f110e0Safresh1=head2 L<perluniprops> 96*91f110e0Safresh1 97*91f110e0Safresh1This document has been corrected to take non-ASCII platforms into account. 98*91f110e0Safresh1 99*91f110e0Safresh1=head1 Installation and Configuration Improvements 100*91f110e0Safresh1 101*91f110e0Safresh1=head2 Platform Specific Changes 102*91f110e0Safresh1 103*91f110e0Safresh1=over 4 104*91f110e0Safresh1 105*91f110e0Safresh1=item Mac OS X 106*91f110e0Safresh1 107*91f110e0Safresh1There have been configuration and test fixes to make Perl build cleanly on 108*91f110e0Safresh1Lion and Mountain Lion. 109*91f110e0Safresh1 110*91f110e0Safresh1=item NetBSD 111*91f110e0Safresh1 112*91f110e0Safresh1The NetBSD hints file was corrected to be compatible with NetBSD 6.* 113*91f110e0Safresh1 114*91f110e0Safresh1=back 115*91f110e0Safresh1 116*91f110e0Safresh1=head1 Selected Bug Fixes 117*91f110e0Safresh1 118*91f110e0Safresh1=over 4 119*91f110e0Safresh1 120*91f110e0Safresh1=item * 121*91f110e0Safresh1 122*91f110e0Safresh1C<chop> now correctly handles characters above "\x{7fffffff}" 123*91f110e0Safresh1[perl #73246]. 124*91f110e0Safresh1 125*91f110e0Safresh1=item * 126*91f110e0Safresh1 127*91f110e0Safresh1C<< ($<,$>) = (...) >> stopped working properly in 5.12.0. It is supposed 128*91f110e0Safresh1to make a single C<setreuid()> call, rather than calling C<setruid()> and 129*91f110e0Safresh1C<seteuid()> separately. Consequently it did not work properly. This has 130*91f110e0Safresh1been fixed [perl #75212]. 131*91f110e0Safresh1 132*91f110e0Safresh1=item * 133*91f110e0Safresh1 134*91f110e0Safresh1Fixed a regression of kill() when a match variable is used for the 135*91f110e0Safresh1process ID to kill [perl #75812]. 136*91f110e0Safresh1 137*91f110e0Safresh1=item * 138*91f110e0Safresh1 139*91f110e0Safresh1C<UNIVERSAL::VERSION> no longer leaks memory. It started leaking in Perl 140*91f110e0Safresh15.10.0. 141*91f110e0Safresh1 142*91f110e0Safresh1=item * 143*91f110e0Safresh1 144*91f110e0Safresh1The C-level C<my_strftime> functions no longer leaks memory. This fixes a 145*91f110e0Safresh1memory leak in C<POSIX::strftime> [perl #73520]. 146*91f110e0Safresh1 147*91f110e0Safresh1=item * 148*91f110e0Safresh1 149*91f110e0Safresh1C<caller> no longer leaks memory when called from the DB package if 150*91f110e0Safresh1C<@DB::args> was assigned to after the first call to C<caller>. L<Carp> 151*91f110e0Safresh1was triggering this bug [perl #97010]. 152*91f110e0Safresh1 153*91f110e0Safresh1=item * 154*91f110e0Safresh1 155*91f110e0Safresh1Passing to C<index> an offset beyond the end of the string when the string 156*91f110e0Safresh1is encoded internally in UTF8 no longer causes panics [perl #75898]. 157*91f110e0Safresh1 158*91f110e0Safresh1=item * 159*91f110e0Safresh1 160*91f110e0Safresh1Syntax errors in C<< (?{...}) >> blocks in regular expressions no longer 161*91f110e0Safresh1cause panic messages [perl #2353]. 162*91f110e0Safresh1 163*91f110e0Safresh1=item * 164*91f110e0Safresh1 165*91f110e0Safresh1Perl 5.10.0 introduced some faulty logic that made "U*" in the middle of 166*91f110e0Safresh1a pack template equivalent to "U0" if the input string was empty. This has 167*91f110e0Safresh1been fixed [perl #90160]. 168*91f110e0Safresh1 169*91f110e0Safresh1=back 170*91f110e0Safresh1 171*91f110e0Safresh1=head1 Errata 172*91f110e0Safresh1 173*91f110e0Safresh1=head2 split() and C<@_> 174*91f110e0Safresh1 175*91f110e0Safresh1split() no longer modifies C<@_> when called in scalar or void context. 176*91f110e0Safresh1In void context it now produces a "Useless use of split" warning. 177*91f110e0Safresh1This is actually a change introduced in perl 5.12.0, but it was missed from 178*91f110e0Safresh1that release's L<perl5120delta>. 179*91f110e0Safresh1 180*91f110e0Safresh1=head1 Acknowledgements 181*91f110e0Safresh1 182*91f110e0Safresh1Perl 5.12.5 represents approximately 17 months of development since Perl 5.12.4 183*91f110e0Safresh1and contains approximately 1,900 lines of changes across 64 files from 18 184*91f110e0Safresh1authors. 185*91f110e0Safresh1 186*91f110e0Safresh1Perl continues to flourish into its third decade thanks to a vibrant community 187*91f110e0Safresh1of users and developers. The following people are known to have contributed the 188*91f110e0Safresh1improvements that became Perl 5.12.5: 189*91f110e0Safresh1 190*91f110e0Safresh1Andy Dougherty, Chris 'BinGOs' Williams, Craig A. Berry, David Mitchell, 191*91f110e0Safresh1Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, George Greer, Goro 192*91f110e0Safresh1Fuji, Jesse Vincent, Karl Williamson, Leon Brocard, Nicholas Clark, Rafael 193*91f110e0Safresh1Garcia-Suarez, Reini Urban, Ricardo Signes, Steve Hay, Tony Cook. 194*91f110e0Safresh1 195*91f110e0Safresh1The list above is almost certainly incomplete as it is automatically generated 196*91f110e0Safresh1from version control history. In particular, it does not include the names of 197*91f110e0Safresh1the (very much appreciated) contributors who reported issues to the Perl bug 198*91f110e0Safresh1tracker. 199*91f110e0Safresh1 200*91f110e0Safresh1Many of the changes included in this version originated in the CPAN modules 201*91f110e0Safresh1included in Perl's core. We're grateful to the entire CPAN community for 202*91f110e0Safresh1helping Perl to flourish. 203*91f110e0Safresh1 204*91f110e0Safresh1For a more complete list of all of Perl's historical contributors, please see 205*91f110e0Safresh1the F<AUTHORS> file in the Perl source distribution. 206*91f110e0Safresh1 207*91f110e0Safresh1=head1 Reporting Bugs 208*91f110e0Safresh1 209*91f110e0Safresh1If you find what you think is a bug, you might check the articles 210*91f110e0Safresh1recently posted to the comp.lang.perl.misc newsgroup and the perl 211*91f110e0Safresh1bug database at http://rt.perl.org/perlbug/ . There may also be 212*91f110e0Safresh1information at http://www.perl.org/ , the Perl Home Page. 213*91f110e0Safresh1 214*91f110e0Safresh1If you believe you have an unreported bug, please run the B<perlbug> 215*91f110e0Safresh1program included with your release. Be sure to trim your bug down 216*91f110e0Safresh1to a tiny but sufficient test case. Your bug report, along with the 217*91f110e0Safresh1output of C<perl -V>, will be sent off to perlbug@perl.org to be 218*91f110e0Safresh1analysed by the Perl porting team. 219*91f110e0Safresh1 220*91f110e0Safresh1If the bug you are reporting has security implications, which make it 221*91f110e0Safresh1inappropriate to send to a publicly archived mailing list, then please send 222*91f110e0Safresh1it to perl5-security-report@perl.org. This points to a closed subscription 223*91f110e0Safresh1unarchived mailing list, which includes all the core committers, who be able 224*91f110e0Safresh1to help assess the impact of issues, figure out a resolution, and help 225*91f110e0Safresh1co-ordinate the release of patches to mitigate or fix the problem across all 226*91f110e0Safresh1platforms on which Perl is supported. Please only use this address for 227*91f110e0Safresh1security issues in the Perl core, not for modules independently 228*91f110e0Safresh1distributed on CPAN. 229*91f110e0Safresh1 230*91f110e0Safresh1=head1 SEE ALSO 231*91f110e0Safresh1 232*91f110e0Safresh1The F<Changes> file for an explanation of how to view exhaustive details 233*91f110e0Safresh1on what changed. 234*91f110e0Safresh1 235*91f110e0Safresh1The F<INSTALL> file for how to build Perl. 236*91f110e0Safresh1 237*91f110e0Safresh1The F<README> file for general stuff. 238*91f110e0Safresh1 239*91f110e0Safresh1The F<Artistic> and F<Copying> files for copyright information. 240*91f110e0Safresh1 241*91f110e0Safresh1=cut 242