1=encoding utf8 2 3=head1 NAME 4 5perl5281delta - what is new for perl v5.28.1 6 7=head1 DESCRIPTION 8 9This document describes differences between the 5.28.0 release and the 5.28.1 10release. 11 12If you are upgrading from an earlier release such as 5.26.0, first read 13L<perl5280delta>, which describes differences between 5.26.0 and 5.28.0. 14 15=head1 Security 16 17=head2 [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault 18 19Integer arithmetic in C<Perl_my_setenv()> could wrap when the combined length 20of the environment variable name and value exceeded around 0x7fffffff. This 21could lead to writing beyond the end of an allocated buffer with attacker 22supplied data. 23 24L<[perl #133204]|https://rt.perl.org/Ticket/Display.html?id=133204> 25 26=head2 [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c) 27 28A crafted regular expression could cause heap-buffer-overflow write during 29compilation, potentially allowing arbitrary code execution. 30 31L<[perl #133423]|https://rt.perl.org/Ticket/Display.html?id=133423> 32 33=head1 Incompatible Changes 34 35There are no changes intentionally incompatible with 5.28.0. If any exist, 36they are bugs, and we request that you submit a report. See 37L</Reporting Bugs> below. 38 39=head1 Modules and Pragmata 40 41=head2 Updated Modules and Pragmata 42 43=over 4 44 45=item * 46 47L<Module::CoreList> has been upgraded from version 5.20180622 to 5.20181129_28. 48 49=back 50 51=head1 Selected Bug Fixes 52 53=over 4 54 55=item * 56 57Perl 5.28 introduced an C<index()> optimization when comparing to -1 (or 58indirectly, e.g. >= 0). When this optimization was triggered inside a C<when> 59clause it caused a warning ("Argument %s isn't numeric in smart match"). This 60has now been fixed. 61L<[perl #133368]|https://rt.perl.org/Ticket/Display.html?id=133368> 62 63=item * 64 65Matching of decimal digits in script runs, introduced in Perl 5.28, had a bug 66that led to C<"1\N{THAI DIGIT FIVE}"> matching C</^(*sr:\d+)$/> when it should 67not. This has now been fixed. 68 69=item * 70 71The new in-place editing code no longer leaks directory handles. 72L<[perl #133314]|https://rt.perl.org/Ticket/Display.html?id=133314> 73 74=back 75 76=head1 Acknowledgements 77 78Perl 5.28.1 represents approximately 5 months of development since Perl 5.28.0 79and contains approximately 6,100 lines of changes across 44 files from 12 80authors. 81 82Excluding auto-generated files, documentation and release tools, there were 83approximately 700 lines of changes to 12 .pm, .t, .c and .h files. 84 85Perl continues to flourish into its fourth decade thanks to a vibrant community 86of users and developers. The following people are known to have contributed 87the improvements that became Perl 5.28.1: 88 89Aaron Crane, Abigail, Chris 'BinGOs' Williams, Dagfinn Ilmari Mannsåker, David 90Mitchell, James E Keenan, John SJ Anderson, Karen Etheridge, Karl Williamson, 91Sawyer X, Steve Hay, Tony Cook. 92 93The list above is almost certainly incomplete as it is automatically generated 94from version control history. In particular, it does not include the names of 95the (very much appreciated) contributors who reported issues to the Perl bug 96tracker. 97 98Many of the changes included in this version originated in the CPAN modules 99included in Perl's core. We're grateful to the entire CPAN community for 100helping Perl to flourish. 101 102For a more complete list of all of Perl's historical contributors, please see 103the F<AUTHORS> file in the Perl source distribution. 104 105=head1 Reporting Bugs 106 107If you find what you think is a bug, you might check the perl bug database 108at L<https://rt.perl.org/> . There may also be information at 109L<http://www.perl.org/> , the Perl Home Page. 110 111If you believe you have an unreported bug, please run the L<perlbug> program 112included with your release. Be sure to trim your bug down to a tiny but 113sufficient test case. Your bug report, along with the output of C<perl -V>, 114will be sent off to perlbug@perl.org to be analysed by the Perl porting team. 115 116If the bug you are reporting has security implications which make it 117inappropriate to send to a publicly archived mailing list, then see 118L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION> 119for details of how to report the issue. 120 121=head1 Give Thanks 122 123If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, 124you can do so by running the C<perlthanks> program: 125 126 perlthanks 127 128This will send an email to the Perl 5 Porters list with your show of thanks. 129 130=head1 SEE ALSO 131 132The F<Changes> file for an explanation of how to view exhaustive details on 133what changed. 134 135The F<INSTALL> file for how to build Perl. 136 137The F<README> file for general stuff. 138 139The F<Artistic> and F<Copying> files for copyright information. 140 141=cut 142