Spaces:
Running
Running
| =encoding utf8 | |
| =head1 NAME | |
| perl5144delta - what is new for perl v5.14.4 | |
| =head1 DESCRIPTION | |
| This document describes differences between the 5.14.3 release and | |
| the 5.14.4 release. | |
| If you are upgrading from an earlier release such as 5.12.0, first read | |
| L<perl5140delta>, which describes differences between 5.12.0 and | |
| 5.14.0. | |
| =head1 Core Enhancements | |
| No changes since 5.14.0. | |
| =head1 Security | |
| This release contains one major, and medium, and a number of minor | |
| security fixes. The latter are included mainly to allow the test suite to | |
| pass cleanly with the clang compiler's address sanitizer facility. | |
| =head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys | |
| With a carefully crafted set of hash keys (for example arguments on a | |
| URL), it is possible to cause a hash to consume a large amount of memory | |
| and CPU, and thus possibly to achieve a Denial-of-Service. | |
| This problem has been fixed. | |
| =head2 memory leak in Encode | |
| The UTF-8 encoding implementation in Encode.xs had a memory leak which has been | |
| fixed. | |
| =head2 [perl #111594] Socket::unpack_sockaddr_un heap-buffer-overflow | |
| A read buffer overflow could occur when copying C<sockaddr> buffers. | |
| Fairly harmless. | |
| This problem has been fixed. | |
| =head2 [perl #111586] SDBM_File: fix off-by-one access to global ".dir" | |
| An extra byte was being copied for some string literals. Fairly harmless. | |
| This problem has been fixed. | |
| =head2 off-by-two error in List::Util | |
| A string literal was being used that included two bytes beyond the | |
| end of the string. Fairly harmless. | |
| This problem has been fixed. | |
| =head2 [perl #115994] fix segv in regcomp.c:S_join_exact() | |
| Under debugging builds, while marking optimised-out regex nodes as type | |
| C<OPTIMIZED>, it could treat blocks of exact text as if they were nodes, | |
| and thus SEGV. Fairly harmless. | |
| This problem has been fixed. | |
| =head2 [perl #115992] PL_eval_start use-after-free | |
| The statement C<local $[;>, when preceded by an C<eval>, and when not part | |
| of an assignment, could crash. Fairly harmless. | |
| This problem has been fixed. | |
| =head2 wrap-around with IO on long strings | |
| Reading or writing strings greater than 2**31 bytes in size could segfault | |
| due to integer wraparound. | |
| This problem has been fixed. | |
| =head1 Incompatible Changes | |
| There are no changes intentionally incompatible with 5.14.0. If any | |
| exist, they are bugs and reports are welcome. | |
| =head1 Deprecations | |
| There have been no deprecations since 5.14.0. | |
| =head1 Modules and Pragmata | |
| =head2 New Modules and Pragmata | |
| None | |
| =head2 Updated Modules and Pragmata | |
| The following modules have just the minor code fixes as listed above in | |
| L</Security> (version numbers have not changed): | |
| =over 4 | |
| =item Socket | |
| =item SDBM_File | |
| =item List::Util | |
| =back | |
| L<Encode> has been upgraded from version 2.42_01 to version 2.42_02. | |
| L<Module::CoreList> has been updated to version 2.49_06 to add data for | |
| this release. | |
| =head2 Removed Modules and Pragmata | |
| None. | |
| =head1 Documentation | |
| =head2 New Documentation | |
| None. | |
| =head2 Changes to Existing Documentation | |
| None. | |
| =head1 Diagnostics | |
| No new or changed diagnostics. | |
| =head1 Utility Changes | |
| None | |
| =head1 Configuration and Compilation | |
| No changes. | |
| =head1 Platform Support | |
| =head2 New Platforms | |
| None. | |
| =head2 Discontinued Platforms | |
| None. | |
| =head2 Platform-Specific Notes | |
| =over 4 | |
| =item VMS | |
| 5.14.3 failed to compile on VMS due to incomplete application of a patch | |
| series that allowed C<userelocatableinc> and C<usesitecustomize> to be | |
| used simultaneously. Other platforms were not affected and the problem | |
| has now been corrected. | |
| =back | |
| =head1 Selected Bug Fixes | |
| =over 4 | |
| =item * | |
| In Perl 5.14.0, C<$tainted ~~ @array> stopped working properly. Sometimes | |
| it would erroneously fail (when C<$tainted> contained a string that occurs | |
| in the array I<after> the first element) or erroneously succeed (when | |
| C<undef> occurred after the first element) [perl #93590]. | |
| =back | |
| =head1 Known Problems | |
| None. | |
| =head1 Acknowledgements | |
| Perl 5.14.4 represents approximately 5 months of development since Perl 5.14.3 | |
| and contains approximately 1,700 lines of changes across 49 files from 12 | |
| authors. | |
| Perl continues to flourish into its third decade thanks to a vibrant community | |
| of users and developers. The following people are known to have contributed the | |
| improvements that became Perl 5.14.4: | |
| Andy Dougherty, Chris 'BinGOs' Williams, Christian Hansen, Craig A. Berry, | |
| Dave Rolsky, David Mitchell, Dominic Hargreaves, Father Chrysostomos, | |
| Florian Ragwitz, Reini Urban, Ricardo Signes, Yves Orton. | |
| The list above is almost certainly incomplete as it is automatically generated | |
| from version control history. In particular, it does not include the names of | |
| the (very much appreciated) contributors who reported issues to the Perl bug | |
| tracker. | |
| For a more complete list of all of Perl's historical contributors, please see | |
| the F<AUTHORS> file in the Perl source distribution. | |
| =head1 Reporting Bugs | |
| If you find what you think is a bug, you might check the articles | |
| recently posted to the comp.lang.perl.misc newsgroup and the perl | |
| bug database at http://rt.perl.org/perlbug/ . There may also be | |
| information at http://www.perl.org/ , the Perl Home Page. | |
| If you believe you have an unreported bug, please run the L<perlbug> | |
| program included with your release. Be sure to trim your bug down | |
| to a tiny but sufficient test case. Your bug report, along with the | |
| output of C<perl -V>, will be sent off to [email protected] to be | |
| analysed by the Perl porting team. | |
| If the bug you are reporting has security implications, which make it | |
| inappropriate to send to a publicly archived mailing list, then please send | |
| it to [email protected]. This points to a closed subscription | |
| unarchived mailing list, which includes all the core committers, who be able | |
| to help assess the impact of issues, figure out a resolution, and help | |
| co-ordinate the release of patches to mitigate or fix the problem across all | |
| platforms on which Perl is supported. Please only use this address for | |
| security issues in the Perl core, not for modules independently | |
| distributed on CPAN. | |
| =head1 SEE ALSO | |
| The F<Changes> file for an explanation of how to view exhaustive details | |
| on what changed. | |
| The F<INSTALL> file for how to build Perl. | |
| The F<README> file for general stuff. | |
| The F<Artistic> and F<Copying> files for copyright information. | |
| =cut | |