1=encoding utf8 2 3=head1 NAME 4 5perl5144delta - what is new for perl v5.14.4 6 7=head1 DESCRIPTION 8 9This document describes differences between the 5.14.3 release and 10the 5.14.4 release. 11 12If you are upgrading from an earlier release such as 5.12.0, first read 13L<perl5140delta>, which describes differences between 5.12.0 and 145.14.0. 15 16=head1 Core Enhancements 17 18No changes since 5.14.0. 19 20=head1 Security 21 22This release contains one major, and medium, and a number of minor 23security fixes. The latter are included mainly to allow the test suite to 24pass cleanly with the clang compiler's address sanitizer facility. 25 26=head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys 27 28With a carefully crafted set of hash keys (for example arguments on a 29URL), it is possible to cause a hash to consume a large amount of memory 30and CPU, and thus possibly to achieve a Denial-of-Service. 31 32This problem has been fixed. 33 34=head2 memory leak in Encode 35 36The UTF-8 encoding implementation in Encode.xs had a memory leak which has been 37fixed. 38 39=head2 [perl #111594] Socket::unpack_sockaddr_un heap-buffer-overflow 40 41A read buffer overflow could occur when copying C<sockaddr> buffers. 42Fairly harmless. 43 44This problem has been fixed. 45 46=head2 [perl #111586] SDBM_File: fix off-by-one access to global ".dir" 47 48An extra byte was being copied for some string literals. Fairly harmless. 49 50This problem has been fixed. 51 52=head2 off-by-two error in List::Util 53 54A string literal was being used that included two bytes beyond the 55end of the string. Fairly harmless. 56 57This problem has been fixed. 58 59=head2 [perl #115994] fix segv in regcomp.c:S_join_exact() 60 61Under debugging builds, while marking optimised-out regex nodes as type 62C<OPTIMIZED>, it could treat blocks of exact text as if they were nodes, 63and thus SEGV. Fairly harmless. 64 65This problem has been fixed. 66 67=head2 [perl #115992] PL_eval_start use-after-free 68 69The statement C<local $[;>, when preceded by an C<eval>, and when not part 70of an assignment, could crash. Fairly harmless. 71 72This problem has been fixed. 73 74=head2 wrap-around with IO on long strings 75 76Reading or writing strings greater than 2**31 bytes in size could segfault 77due to integer wraparound. 78 79This problem has been fixed. 80 81=head1 Incompatible Changes 82 83There are no changes intentionally incompatible with 5.14.0. If any 84exist, they are bugs and reports are welcome. 85 86=head1 Deprecations 87 88There have been no deprecations since 5.14.0. 89 90=head1 Modules and Pragmata 91 92=head2 New Modules and Pragmata 93 94None 95 96=head2 Updated Modules and Pragmata 97 98The following modules have just the minor code fixes as listed above in 99L</Security> (version numbers have not changed): 100 101=over 4 102 103=item Socket 104 105=item SDBM_File 106 107=item List::Util 108 109=back 110 111L<Encode> has been upgraded from version 2.42_01 to version 2.42_02. 112 113L<Module::CoreList> has been updated to version 2.49_06 to add data for 114this release. 115 116=head2 Removed Modules and Pragmata 117 118None. 119 120=head1 Documentation 121 122=head2 New Documentation 123 124None. 125 126=head2 Changes to Existing Documentation 127 128None. 129 130=head1 Diagnostics 131 132No new or changed diagnostics. 133 134=head1 Utility Changes 135 136None 137 138=head1 Configuration and Compilation 139 140No changes. 141 142=head1 Platform Support 143 144=head2 New Platforms 145 146None. 147 148=head2 Discontinued Platforms 149 150None. 151 152=head2 Platform-Specific Notes 153 154=over 4 155 156=item VMS 157 1585.14.3 failed to compile on VMS due to incomplete application of a patch 159series that allowed C<userelocatableinc> and C<usesitecustomize> to be 160used simultaneously. Other platforms were not affected and the problem 161has now been corrected. 162 163=back 164 165=head1 Selected Bug Fixes 166 167=over 4 168 169=item * 170 171In Perl 5.14.0, C<$tainted ~~ @array> stopped working properly. Sometimes 172it would erroneously fail (when C<$tainted> contained a string that occurs 173in the array I<after> the first element) or erroneously succeed (when 174C<undef> occurred after the first element) [perl #93590]. 175 176=back 177 178=head1 Known Problems 179 180None. 181 182=head1 Acknowledgements 183 184Perl 5.14.4 represents approximately 5 months of development since Perl 5.14.3 185and contains approximately 1,700 lines of changes across 49 files from 12 186authors. 187 188Perl continues to flourish into its third decade thanks to a vibrant community 189of users and developers. The following people are known to have contributed the 190improvements that became Perl 5.14.4: 191 192Andy Dougherty, Chris 'BinGOs' Williams, Christian Hansen, Craig A. Berry, 193Dave Rolsky, David Mitchell, Dominic Hargreaves, Father Chrysostomos, 194Florian Ragwitz, Reini Urban, Ricardo Signes, Yves Orton. 195 196 197The list above is almost certainly incomplete as it is automatically generated 198from version control history. In particular, it does not include the names of 199the (very much appreciated) contributors who reported issues to the Perl bug 200tracker. 201 202For a more complete list of all of Perl's historical contributors, please see 203the F<AUTHORS> file in the Perl source distribution. 204 205 206=head1 Reporting Bugs 207 208If you find what you think is a bug, you might check the articles 209recently posted to the comp.lang.perl.misc newsgroup and the perl 210bug database at http://rt.perl.org/perlbug/ . There may also be 211information at http://www.perl.org/ , the Perl Home Page. 212 213If you believe you have an unreported bug, please run the L<perlbug> 214program included with your release. Be sure to trim your bug down 215to a tiny but sufficient test case. Your bug report, along with the 216output of C<perl -V>, will be sent off to perlbug@perl.org to be 217analysed by the Perl porting team. 218 219If the bug you are reporting has security implications, which make it 220inappropriate to send to a publicly archived mailing list, then please send 221it to perl5-security-report@perl.org. This points to a closed subscription 222unarchived mailing list, which includes all the core committers, who be able 223to help assess the impact of issues, figure out a resolution, and help 224co-ordinate the release of patches to mitigate or fix the problem across all 225platforms on which Perl is supported. Please only use this address for 226security issues in the Perl core, not for modules independently 227distributed on CPAN. 228 229=head1 SEE ALSO 230 231The F<Changes> file for an explanation of how to view exhaustive details 232on what changed. 233 234The F<INSTALL> file for how to build Perl. 235 236The F<README> file for general stuff. 237 238The F<Artistic> and F<Copying> files for copyright information. 239 240=cut 241