xref: /openbsd/gnu/usr.bin/perl/pod/perl5243delta.pod (revision d415bd75) 
1=encoding utf8
2
3=head1 NAME
4
5perl5243delta - what is new for perl v5.24.3
6
7=head1 DESCRIPTION
8
9This document describes differences between the 5.24.2 release and the 5.24.3
10release.
11
12If you are upgrading from an earlier release such as 5.24.1, first read
13L<perl5242delta>, which describes differences between 5.24.1 and 5.24.2.
14
15=head1 Security
16
17=head2 [CVE-2017-12837] Heap buffer overflow in regular expression compiler
18
19Compiling certain regular expression patterns with the case-insensitive
20modifier could cause a heap buffer overflow and crash perl.  This has now been
21fixed.
22L<[GH #16021]|https://github.com/Perl/perl5/issues/16021>
23
24=head2 [CVE-2017-12883] Buffer over-read in regular expression parser
25
26For certain types of syntax error in a regular expression pattern, the error
27message could either contain the contents of a random, possibly large, chunk of
28memory, or could crash perl.  This has now been fixed.
29L<[GH #16025]|https://github.com/Perl/perl5/issues/16025>
30
31=head2 [CVE-2017-12814] C<$ENV{$key}> stack buffer overflow on Windows
32
33A possible stack buffer overflow in the C<%ENV> code on Windows has been fixed
34by removing the buffer completely since it was superfluous anyway.
35L<[GH #16051]|https://github.com/Perl/perl5/issues/16051>
36
37=head1 Incompatible Changes
38
39There are no changes intentionally incompatible with 5.24.2.  If any exist,
40they are bugs, and we request that you submit a report.  See L</Reporting
41Bugs> below.
42
43=head1 Modules and Pragmata
44
45=head2 Updated Modules and Pragmata
46
47=over 4
48
49=item *
50
51L<Module::CoreList> has been upgraded from version 5.20170715_24 to
525.20170922_24.
53
54=item *
55
56L<POSIX> has been upgraded from version 1.65 to 1.65_01.
57
58=item *
59
60L<Time::HiRes> has been upgraded from version 1.9733 to 1.9741.
61
62L<[GH #15396]|https://github.com/Perl/perl5/issues/15396>
63L<[GH #15401]|https://github.com/Perl/perl5/issues/15401>
64L<[GH #15524]|https://github.com/Perl/perl5/issues/15524>
65L<[cpan #120032]|https://rt.cpan.org/Public/Bug/Display.html?id=120032>
66
67=back
68
69=head1 Configuration and Compilation
70
71=over 4
72
73=item *
74
75When building with GCC 6 and link-time optimization (the B<-flto> option to
76B<gcc>), F<Configure> was treating all probed symbols as present on the system,
77regardless of whether they actually exist.  This has been fixed.
78L<[GH #15322]|https://github.com/Perl/perl5/issues/15322>
79
80=item *
81
82F<Configure> now aborts if both C<-Duselongdouble> and C<-Dusequadmath> are
83requested.
84L<[GH #14944]|https://github.com/Perl/perl5/issues/14944>
85
86=item *
87
88Fixed a bug in which F<Configure> could append C<-quadmath> to the archname
89even if it was already present.
90L<[GH #15423]|https://github.com/Perl/perl5/issues/15423>
91
92=item *
93
94Clang builds with C<-DPERL_GLOBAL_STRUCT> or C<-DPERL_GLOBAL_STRUCT_PRIVATE>
95have been fixed (by disabling Thread Safety Analysis for these configurations).
96
97=back
98
99=head1 Platform Support
100
101=head2 Platform-Specific Notes
102
103=over 4
104
105=item VMS
106
107=over 4
108
109=item *
110
111C<configure.com> now recognizes the VSI-branded C compiler.
112
113=back
114
115=item Windows
116
117=over 4
118
119=item *
120
121Building XS modules with GCC 6 in a 64-bit build of Perl failed due to
122incorrect mapping of C<strtoll> and C<strtoull>.  This has now been fixed.
123L<[GH #16074]|https://github.com/Perl/perl5/issues/16074>
124L<[cpan #121683]|https://rt.cpan.org/Public/Bug/Display.html?id=121683>
125L<[cpan #122353]|https://rt.cpan.org/Public/Bug/Display.html?id=122353>
126
127=back
128
129=back
130
131=head1 Selected Bug Fixes
132
133=over 4
134
135=item *
136
137C<< /@0{0*-E<gt>@*/*0 >> and similar contortions used to crash, but no longer
138do, but merely produce a syntax error.
139L<[GH #15333]|https://github.com/Perl/perl5/issues/15333>
140
141=item *
142
143C<do> or C<require> with an argument which is a reference or typeglob which,
144when stringified, contains a null character, started crashing in Perl 5.20, but
145has now been fixed.
146L<[GH #15337]|https://github.com/Perl/perl5/issues/15337>
147
148=item *
149
150Expressions containing an C<&&> or C<||> operator (or their synonyms C<and> and
151C<or>) were being compiled incorrectly in some cases.  If the left-hand side
152consisted of either a negated bareword constant or a negated C<do {}> block
153containing a constant expression, and the right-hand side consisted of a
154negated non-foldable expression, one of the negations was effectively ignored.
155The same was true of C<if> and C<unless> statement modifiers, though with the
156left-hand and right-hand sides swapped.  This long-standing bug has now been
157fixed.
158L<[GH #15285]|https://github.com/Perl/perl5/issues/15285>
159
160=item *
161
162C<reset> with an argument no longer crashes when encountering stash entries
163other than globs.
164L<[GH #15314]|https://github.com/Perl/perl5/issues/15314>
165
166=item *
167
168Assignment of hashes to, and deletion of, typeglobs named C<*::::::> no longer
169causes crashes.
170L<[GH #15307]|https://github.com/Perl/perl5/issues/15307>
171
172=item *
173
174Assignment variants of any bitwise ops under the C<bitwise> feature would crash
175if the left-hand side was an array or hash.
176L<[GH #15346]|https://github.com/Perl/perl5/issues/15346>
177
178=item *
179
180C<socket> now leaves the error code returned by the system in C<$!> on failure.
181L<[GH #15383]|https://github.com/Perl/perl5/issues/15383>
182
183=item *
184
185Parsing bad POSIX charclasses no longer leaks memory.
186L<[GH #15382]|https://github.com/Perl/perl5/issues/15382>
187
188=item *
189
190Since Perl 5.20, line numbers have been off by one when perl is invoked with
191the B<-x> switch.  This has been fixed.
192L<[GH #15413]|https://github.com/Perl/perl5/issues/15413>
193
194=item *
195
196Some obscure cases of subroutines and file handles being freed at the same time
197could result in crashes, but have been fixed.  The crash was introduced in Perl
1985.22.
199L<[GH #15435]|https://github.com/Perl/perl5/issues/15435>
200
201=item *
202
203Some regular expression parsing glitches could lead to assertion failures with
204regular expressions such as C</(?E<lt>=/> and C</(?E<lt>!/>.  This has now been
205fixed.
206L<[GH #15332]|https://github.com/Perl/perl5/issues/15332>
207
208=item *
209
210C<gethostent> and similar functions now perform a null check internally, to
211avoid crashing with the torsocks library.  This was a regression from Perl
2125.22.
213L<[GH #15478]|https://github.com/Perl/perl5/issues/15478>
214
215=item *
216
217Mentioning the same constant twice in a row (which is a syntax error) no longer
218fails an assertion under debugging builds.  This was a regression from Perl
2195.20.
220L<[GH #15017]|https://github.com/Perl/perl5/issues/15017>
221
222=item *
223
224In Perl 5.24 C<fchown> was changed not to accept negative one as an argument
225because in some platforms that is an error.  However, in some other platforms
226that is an acceptable argument.  This change has been reverted.
227L<[GH #15523]|https://github.com/Perl/perl5/issues/15523>.
228
229=item *
230
231C<@{x> followed by a newline where C<"x"> represents a control or non-ASCII
232character no longer produces a garbled syntax error message or a crash.
233L<[GH #15518]|https://github.com/Perl/perl5/issues/15518>
234
235=item *
236
237A regression in Perl 5.24 with C<tr/\N{U+...}/foo/> when the code point was
238between 128 and 255 has been fixed.
239L<[GH #15475]|https://github.com/Perl/perl5/issues/15475>.
240
241=item *
242
243Many issues relating to C<printf "%a"> of hexadecimal floating point were
244fixed.  In addition, the "subnormals" (formerly known as "denormals") floating
245point numbers are now supported both with the plain IEEE 754 floating point
246numbers (64-bit or 128-bit) and the x86 80-bit "extended precision".  Note that
247subnormal hexadecimal floating point literals will give a warning about
248"exponent underflow".
249L<[GH #15495]|https://github.com/Perl/perl5/issues/15495>
250L<[GH #15502]|https://github.com/Perl/perl5/issues/15502>
251L<[GH #15503]|https://github.com/Perl/perl5/issues/15503>
252L<[GH #15504]|https://github.com/Perl/perl5/issues/15504>
253L<[GH #15505]|https://github.com/Perl/perl5/issues/15505>
254L<[GH #15510]|https://github.com/Perl/perl5/issues/15510>
255L<[GH #15512]|https://github.com/Perl/perl5/issues/15512>
256
257=item *
258
259The parser could sometimes crash if a bareword came after C<evalbytes>.
260L<[GH #15586]|https://github.com/Perl/perl5/issues/15586>
261
262=item *
263
264Fixed a place where the regex parser was not setting the syntax error correctly
265on a syntactically incorrect pattern.
266L<[GH #15565]|https://github.com/Perl/perl5/issues/15565>
267
268=item *
269
270A vulnerability in Perl's C<sprintf> implementation has been fixed by avoiding
271a possible memory wrap.
272L<[GH #15970]|https://github.com/Perl/perl5/issues/15970>
273
274=back
275
276=head1 Acknowledgements
277
278Perl 5.24.3 represents approximately 2 months of development since Perl 5.24.2
279and contains approximately 3,200 lines of changes across 120 files from 23
280authors.
281
282Excluding auto-generated files, documentation and release tools, there were
283approximately 1,600 lines of changes to 56 .pm, .t, .c and .h files.
284
285Perl continues to flourish into its third decade thanks to a vibrant community
286of users and developers.  The following people are known to have contributed
287the improvements that became Perl 5.24.3:
288
289Aaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsåker, Dan Collins, Daniel
290Dragan, Dave Cross, David Mitchell, Eric Herman, Father Chrysostomos, H.Merijn
291Brand, Hugo van der Sanden, James E Keenan, Jarkko Hietaniemi, John SJ
292Anderson, Karl Williamson, Ken Brown, Lukas Mai, Matthew Horsfall, Stevan
293Little, Steve Hay, Steven Humphrey, Tony Cook, Yves Orton.
294
295The list above is almost certainly incomplete as it is automatically generated
296from version control history.  In particular, it does not include the names of
297the (very much appreciated) contributors who reported issues to the Perl bug
298tracker.
299
300Many of the changes included in this version originated in the CPAN modules
301included in Perl's core.  We're grateful to the entire CPAN community for
302helping Perl to flourish.
303
304For a more complete list of all of Perl's historical contributors, please see
305the F<AUTHORS> file in the Perl source distribution.
306
307=head1 Reporting Bugs
308
309If you find what you think is a bug, you might check the articles recently
310posted to the comp.lang.perl.misc newsgroup and the perl bug database at
311L<https://rt.perl.org/> .  There may also be information at
312L<http://www.perl.org/> , the Perl Home Page.
313
314If you believe you have an unreported bug, please run the L<perlbug> program
315included with your release.  Be sure to trim your bug down to a tiny but
316sufficient test case.  Your bug report, along with the output of C<perl -V>,
317will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
318
319If the bug you are reporting has security implications which make it
320inappropriate to send to a publicly archived mailing list, then see
321L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> for details of how to
322report the issue.
323
324=head1 SEE ALSO
325
326The F<Changes> file for an explanation of how to view exhaustive details on
327what changed.
328
329The F<INSTALL> file for how to build Perl.
330
331The F<README> file for general stuff.
332
333The F<Artistic> and F<Copying> files for copyright information.
334
335=cut
336