1*91f110e0Safresh1=encoding utf8 2*91f110e0Safresh1 3*91f110e0Safresh1=head1 NAME 4*91f110e0Safresh1 5*91f110e0Safresh1perl5144delta - what is new for perl v5.14.4 6*91f110e0Safresh1 7*91f110e0Safresh1=head1 DESCRIPTION 8*91f110e0Safresh1 9*91f110e0Safresh1This document describes differences between the 5.14.3 release and 10*91f110e0Safresh1the 5.14.4 release. 11*91f110e0Safresh1 12*91f110e0Safresh1If you are upgrading from an earlier release such as 5.12.0, first read 13*91f110e0Safresh1L<perl5140delta>, which describes differences between 5.12.0 and 14*91f110e0Safresh15.14.0. 15*91f110e0Safresh1 16*91f110e0Safresh1=head1 Core Enhancements 17*91f110e0Safresh1 18*91f110e0Safresh1No changes since 5.14.0. 19*91f110e0Safresh1 20*91f110e0Safresh1=head1 Security 21*91f110e0Safresh1 22*91f110e0Safresh1This release contains one major, and medium, and a number of minor 23*91f110e0Safresh1security fixes. The latter are included mainly to allow the test suite to 24*91f110e0Safresh1pass cleanly with the clang compiler's address sanitizer facility. 25*91f110e0Safresh1 26*91f110e0Safresh1=head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys 27*91f110e0Safresh1 28*91f110e0Safresh1With a carefully crafted set of hash keys (for example arguments on a 29*91f110e0Safresh1URL), it is possible to cause a hash to consume a large amount of memory 30*91f110e0Safresh1and CPU, and thus possibly to achieve a Denial-of-Service. 31*91f110e0Safresh1 32*91f110e0Safresh1This problem has been fixed. 33*91f110e0Safresh1 34*91f110e0Safresh1=head2 memory leak in Encode 35*91f110e0Safresh1 36*91f110e0Safresh1The UTF-8 encoding implementation in Encode.xs had a memory leak which has been 37*91f110e0Safresh1fixed. 38*91f110e0Safresh1 39*91f110e0Safresh1=head2 [perl #111594] Socket::unpack_sockaddr_un heap-buffer-overflow 40*91f110e0Safresh1 41*91f110e0Safresh1A read buffer overflow could occur when copying C<sockaddr> buffers. 42*91f110e0Safresh1Fairly harmless. 43*91f110e0Safresh1 44*91f110e0Safresh1This problem has been fixed. 45*91f110e0Safresh1 46*91f110e0Safresh1=head2 [perl #111586] SDBM_File: fix off-by-one access to global ".dir" 47*91f110e0Safresh1 48*91f110e0Safresh1An extra byte was being copied for some string literals. Fairly harmless. 49*91f110e0Safresh1 50*91f110e0Safresh1This problem has been fixed. 51*91f110e0Safresh1 52*91f110e0Safresh1=head2 off-by-two error in List::Util 53*91f110e0Safresh1 54*91f110e0Safresh1A string literal was being used that included two bytes beyond the 55*91f110e0Safresh1end of the string. Fairly harmless. 56*91f110e0Safresh1 57*91f110e0Safresh1This problem has been fixed. 58*91f110e0Safresh1 59*91f110e0Safresh1=head2 [perl #115994] fix segv in regcomp.c:S_join_exact() 60*91f110e0Safresh1 61*91f110e0Safresh1Under debugging builds, while marking optimised-out regex nodes as type 62*91f110e0Safresh1C<OPTIMIZED>, it could treat blocks of exact text as if they were nodes, 63*91f110e0Safresh1and thus SEGV. Fairly harmless. 64*91f110e0Safresh1 65*91f110e0Safresh1This problem has been fixed. 66*91f110e0Safresh1 67*91f110e0Safresh1=head2 [perl #115992] PL_eval_start use-after-free 68*91f110e0Safresh1 69*91f110e0Safresh1The statement C<local $[;>, when preceded by an C<eval>, and when not part 70*91f110e0Safresh1of an assignment, could crash. Fairly harmless. 71*91f110e0Safresh1 72*91f110e0Safresh1This problem has been fixed. 73*91f110e0Safresh1 74*91f110e0Safresh1=head2 wrap-around with IO on long strings 75*91f110e0Safresh1 76*91f110e0Safresh1Reading or writing strings greater than 2**31 bytes in size could segfault 77*91f110e0Safresh1due to integer wraparound. 78*91f110e0Safresh1 79*91f110e0Safresh1This problem has been fixed. 80*91f110e0Safresh1 81*91f110e0Safresh1=head1 Incompatible Changes 82*91f110e0Safresh1 83*91f110e0Safresh1There are no changes intentionally incompatible with 5.14.0. If any 84*91f110e0Safresh1exist, they are bugs and reports are welcome. 85*91f110e0Safresh1 86*91f110e0Safresh1=head1 Deprecations 87*91f110e0Safresh1 88*91f110e0Safresh1There have been no deprecations since 5.14.0. 89*91f110e0Safresh1 90*91f110e0Safresh1=head1 Modules and Pragmata 91*91f110e0Safresh1 92*91f110e0Safresh1=head2 New Modules and Pragmata 93*91f110e0Safresh1 94*91f110e0Safresh1None 95*91f110e0Safresh1 96*91f110e0Safresh1=head2 Updated Modules and Pragmata 97*91f110e0Safresh1 98*91f110e0Safresh1The following modules have just the minor code fixes as listed above in 99*91f110e0Safresh1L</Security> (version numbers have not changed): 100*91f110e0Safresh1 101*91f110e0Safresh1=over 4 102*91f110e0Safresh1 103*91f110e0Safresh1=item Socket 104*91f110e0Safresh1 105*91f110e0Safresh1=item SDBM_File 106*91f110e0Safresh1 107*91f110e0Safresh1=item List::Util 108*91f110e0Safresh1 109*91f110e0Safresh1=back 110*91f110e0Safresh1 111*91f110e0Safresh1L<Encode> has been upgraded from version 2.42_01 to version 2.42_02. 112*91f110e0Safresh1 113*91f110e0Safresh1L<Module::CoreList> has been updated to version 2.49_06 to add data for 114*91f110e0Safresh1this release. 115*91f110e0Safresh1 116*91f110e0Safresh1=head2 Removed Modules and Pragmata 117*91f110e0Safresh1 118*91f110e0Safresh1None. 119*91f110e0Safresh1 120*91f110e0Safresh1=head1 Documentation 121*91f110e0Safresh1 122*91f110e0Safresh1=head2 New Documentation 123*91f110e0Safresh1 124*91f110e0Safresh1None. 125*91f110e0Safresh1 126*91f110e0Safresh1=head2 Changes to Existing Documentation 127*91f110e0Safresh1 128*91f110e0Safresh1None. 129*91f110e0Safresh1 130*91f110e0Safresh1=head1 Diagnostics 131*91f110e0Safresh1 132*91f110e0Safresh1No new or changed diagnostics. 133*91f110e0Safresh1 134*91f110e0Safresh1=head1 Utility Changes 135*91f110e0Safresh1 136*91f110e0Safresh1None 137*91f110e0Safresh1 138*91f110e0Safresh1=head1 Configuration and Compilation 139*91f110e0Safresh1 140*91f110e0Safresh1No changes. 141*91f110e0Safresh1 142*91f110e0Safresh1=head1 Platform Support 143*91f110e0Safresh1 144*91f110e0Safresh1=head2 New Platforms 145*91f110e0Safresh1 146*91f110e0Safresh1None. 147*91f110e0Safresh1 148*91f110e0Safresh1=head2 Discontinued Platforms 149*91f110e0Safresh1 150*91f110e0Safresh1None. 151*91f110e0Safresh1 152*91f110e0Safresh1=head2 Platform-Specific Notes 153*91f110e0Safresh1 154*91f110e0Safresh1=over 4 155*91f110e0Safresh1 156*91f110e0Safresh1=item VMS 157*91f110e0Safresh1 158*91f110e0Safresh15.14.3 failed to compile on VMS due to incomplete application of a patch 159*91f110e0Safresh1series that allowed C<userelocatableinc> and C<usesitecustomize> to be 160*91f110e0Safresh1used simultaneously. Other platforms were not affected and the problem 161*91f110e0Safresh1has now been corrected. 162*91f110e0Safresh1 163*91f110e0Safresh1=back 164*91f110e0Safresh1 165*91f110e0Safresh1=head1 Selected Bug Fixes 166*91f110e0Safresh1 167*91f110e0Safresh1=over 4 168*91f110e0Safresh1 169*91f110e0Safresh1=item * 170*91f110e0Safresh1 171*91f110e0Safresh1In Perl 5.14.0, C<$tainted ~~ @array> stopped working properly. Sometimes 172*91f110e0Safresh1it would erroneously fail (when C<$tainted> contained a string that occurs 173*91f110e0Safresh1in the array I<after> the first element) or erroneously succeed (when 174*91f110e0Safresh1C<undef> occurred after the first element) [perl #93590]. 175*91f110e0Safresh1 176*91f110e0Safresh1=back 177*91f110e0Safresh1 178*91f110e0Safresh1=head1 Known Problems 179*91f110e0Safresh1 180*91f110e0Safresh1None. 181*91f110e0Safresh1 182*91f110e0Safresh1=head1 Acknowledgements 183*91f110e0Safresh1 184*91f110e0Safresh1Perl 5.14.4 represents approximately 5 months of development since Perl 5.14.3 185*91f110e0Safresh1and contains approximately 1,700 lines of changes across 49 files from 12 186*91f110e0Safresh1authors. 187*91f110e0Safresh1 188*91f110e0Safresh1Perl continues to flourish into its third decade thanks to a vibrant community 189*91f110e0Safresh1of users and developers. The following people are known to have contributed the 190*91f110e0Safresh1improvements that became Perl 5.14.4: 191*91f110e0Safresh1 192*91f110e0Safresh1Andy Dougherty, Chris 'BinGOs' Williams, Christian Hansen, Craig A. Berry, 193*91f110e0Safresh1Dave Rolsky, David Mitchell, Dominic Hargreaves, Father Chrysostomos, 194*91f110e0Safresh1Florian Ragwitz, Reini Urban, Ricardo Signes, Yves Orton. 195*91f110e0Safresh1 196*91f110e0Safresh1 197*91f110e0Safresh1The list above is almost certainly incomplete as it is automatically generated 198*91f110e0Safresh1from version control history. In particular, it does not include the names of 199*91f110e0Safresh1the (very much appreciated) contributors who reported issues to the Perl bug 200*91f110e0Safresh1tracker. 201*91f110e0Safresh1 202*91f110e0Safresh1For a more complete list of all of Perl's historical contributors, please see 203*91f110e0Safresh1the F<AUTHORS> file in the Perl source distribution. 204*91f110e0Safresh1 205*91f110e0Safresh1 206*91f110e0Safresh1=head1 Reporting Bugs 207*91f110e0Safresh1 208*91f110e0Safresh1If you find what you think is a bug, you might check the articles 209*91f110e0Safresh1recently posted to the comp.lang.perl.misc newsgroup and the perl 210*91f110e0Safresh1bug database at http://rt.perl.org/perlbug/ . There may also be 211*91f110e0Safresh1information at http://www.perl.org/ , the Perl Home Page. 212*91f110e0Safresh1 213*91f110e0Safresh1If you believe you have an unreported bug, please run the L<perlbug> 214*91f110e0Safresh1program included with your release. Be sure to trim your bug down 215*91f110e0Safresh1to a tiny but sufficient test case. Your bug report, along with the 216*91f110e0Safresh1output of C<perl -V>, will be sent off to perlbug@perl.org to be 217*91f110e0Safresh1analysed by the Perl porting team. 218*91f110e0Safresh1 219*91f110e0Safresh1If the bug you are reporting has security implications, which make it 220*91f110e0Safresh1inappropriate to send to a publicly archived mailing list, then please send 221*91f110e0Safresh1it to perl5-security-report@perl.org. This points to a closed subscription 222*91f110e0Safresh1unarchived mailing list, which includes all the core committers, who be able 223*91f110e0Safresh1to help assess the impact of issues, figure out a resolution, and help 224*91f110e0Safresh1co-ordinate the release of patches to mitigate or fix the problem across all 225*91f110e0Safresh1platforms on which Perl is supported. Please only use this address for 226*91f110e0Safresh1security issues in the Perl core, not for modules independently 227*91f110e0Safresh1distributed on CPAN. 228*91f110e0Safresh1 229*91f110e0Safresh1=head1 SEE ALSO 230*91f110e0Safresh1 231*91f110e0Safresh1The F<Changes> file for an explanation of how to view exhaustive details 232*91f110e0Safresh1on what changed. 233*91f110e0Safresh1 234*91f110e0Safresh1The F<INSTALL> file for how to build Perl. 235*91f110e0Safresh1 236*91f110e0Safresh1The F<README> file for general stuff. 237*91f110e0Safresh1 238*91f110e0Safresh1The F<Artistic> and F<Copying> files for copyright information. 239*91f110e0Safresh1 240*91f110e0Safresh1=cut 241