From: Dominic Hargreaves Date: Fri, 12 Oct 2012 22:39:22 +0000 (+0100) Subject: Add the 5.14.3 perldelta X-Git-Tag: upstream/5.20.0~5143 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=877744bd6390b878d7327bbdac4097d469f8542a;p=platform%2Fupstream%2Fperl.git Add the 5.14.3 perldelta --- diff --git a/pod/perl5143delta.pod b/pod/perl5143delta.pod new file mode 100644 index 0000000..093b627 --- /dev/null +++ b/pod/perl5143delta.pod @@ -0,0 +1,291 @@ +=encoding utf8 + +=head1 NAME + +perl5143delta - what is new for perl v5.14.3 + +=head1 DESCRIPTION + +This document describes differences between the 5.14.2 release and +the 5.14.3 release. + +If you are upgrading from an earlier release such as 5.12.0, first read +L, which describes differences between 5.12.0 and +5.14.0. + +=head1 Core Enhancements + +No changes since 5.14.0. + +=head1 Security + +=head2 C unsafe use of eval (CVE-2011-3597) + +The Cnew()> function did not properly sanitize input before +using it in an eval() call, which could lead to the injection of arbitrary +Perl code. + +In order to exploit this flaw, the attacker would need to be able to set +the algorithm name used, or be able to execute arbitrary Perl code already. + +This problem has been fixed. + +=head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195) + +Poorly written perl code that allows an attacker to specify the count to +perl's 'x' string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can +escalate that into a heap buffer overrun; coupled with versions of glibc +before 2.16, it possibly allows the execution of arbitrary code. + +This problem has been fixed. + +=head1 Incompatible Changes + +There are no changes intentionally incompatible with 5.14.0. If any +exist, they are bugs and reports are welcome. + +=head1 Deprecations + +There have been no deprecations since 5.14.0. + +=head1 Modules and Pragmata + +=head2 New Modules and Pragmata + +None + +=head2 Updated Modules and Pragmata + +=over 4 + +=item * + +L was updated to fix a bug in which opening a filehandle to +a glob copy caused assertion failures (under debugging) or hangs or other +erratic behaviour without debugging. + +=item * + +L and L were updated to allow building on GNU/Hurd. + +=item * + +L has been updated to fix a regression introduced in perl +5.12, which broke C. +[perl #95748] + +=item * + +L has been upgraded from version 1.16 to 1.16_01. + +See L. + +=item * + +L has been updated to version 2.49_04 to add data for +this release. + +=back + +=head2 Removed Modules and Pragmata + +None + +=head1 Documentation + +=head2 New Documentation + +None + +=head2 Changes to Existing Documentation + +=head3 L + +=over 4 + +=item * + +L was updated to 5.14. + +=back + +=head1 Configuration and Compilation + +=over 4 + +=item * + +h2ph was updated to search correctly gcc include directories on platforms +such as Debian with multi-architecture support. + +=item * + +In Configure, the test for procselfexe was refactored into a loop. + +=back + +=head1 Platform Support + +=head2 New Platforms + +None + +=head2 Discontinued Platforms + +None + +=head2 Platform-Specific Notes + +=over 4 + +=item FreeBSD + +The FreeBSD hints file was corrected to be compatible with FreeBSD 10.0. + +=item Solaris and NetBSD + +Configure was updated for "procselfexe" support on Solaris and NetBSD. + +=item HP-UX + +README.hpux was updated to note the existence of a broken header in +HP-UX 11.00. + +=item Linux + +libutil is no longer used when compiling on Linux platforms, which avoids +warnings being emitted. + +The system gcc (rather than any other gcc which might be in the compiling +user's path) is now used when searching for libraries such as C<-lm>. + +=item Mac OS X + +The locale tests were updated to reflect the behaviour of locales in +Mountain Lion. + +=item GNU/Hurd + +Various build and test fixes were included for GNU/Hurd. + +LFS support was enabled in GNU/Hurd. + +=item NetBSD + +The NetBSD hints file was corrected to be compatible with NetBSD 6.* + +=back + +=head1 Bug Fixes + +=over 4 + +=item * + +A regression has been fixed that was introduced in 5.14, in C +regular expression matching, in which a match improperly fails if the +pattern is in UTF-8, the target string is not, and a Latin-1 character +precedes a character in the string that should match the pattern. [perl +#101710] + +=item * + +In case-insensitive regular expression pattern matching, no longer on +UTF-8 encoded strings does the scan for the start of match only look at +the first possible position. This caused matches such as +C<"f\x{FB00}" =~ /ff/i> to fail. + +=item * + +The sitecustomize support was made relocatableinc aware, so that +-Dusesitecustomize and -Duserelocatableinc may be used together. + +=item * + +The smartmatch operator (C<~~>) was changed so that the right-hand side +takes precedence during C operations. + +=item * + +A bug has been fixed in the tainting support, in which an C +operation on a tainted constant would cause all other constants to become +tainted. [perl #64804] + +=item * + +A regression has been fixed that was introduced in perl 5.12, whereby +tainting errors were not correctly propagated through C. +[perl #111654] + +=item * + +A regression has been fixed that was introduced in perl 5.14, in which +C and C no longer matched the opposite case. +[perl #101970] + +=back + +=head1 Acknowledgements + +Perl 5.14.3 represents approximately 12 months of development since Perl 5.14.2 +and contains approximately 2,300 lines of changes across 64 files from 22 +authors. + +Perl continues to flourish into its third decade thanks to a vibrant community +of users and developers. The following people are known to have contributed the +improvements that became Perl 5.14.3: + +Abigail, Andy Dougherty, Carl Hayter, Chris 'BinGOs' Williams, Dave Rolsky, +David Mitchell, Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, +H.Merijn Brand, Jilles Tjoelker, Karl Williamson, Leon Timmermans, Michael G +Schwern, Nicholas Clark, Niko Tyni, Pino Toscano, Ricardo Signes, Salvador +Fandiño, Samuel Thibault, Steve Hay, Tony Cook. + +The list above is almost certainly incomplete as it is automatically generated +from version control history. In particular, it does not include the names of +the (very much appreciated) contributors who reported issues to the Perl bug +tracker. + +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. + +For a more complete list of all of Perl's historical contributors, please see +the F file in the Perl source distribution. + +=head1 Reporting Bugs + +If you find what you think is a bug, you might check the articles +recently posted to the comp.lang.perl.misc newsgroup and the perl +bug database at http://rt.perl.org/perlbug/ . There may also be +information at http://www.perl.org/ , the Perl Home Page. + +If you believe you have an unreported bug, please run the L +program included with your release. Be sure to trim your bug down +to a tiny but sufficient test case. Your bug report, along with the +output of C, will be sent off to perlbug@perl.org to be +analysed by the Perl porting team. + +If the bug you are reporting has security implications, which make it +inappropriate to send to a publicly archived mailing list, then please send +it to perl5-security-report@perl.org. This points to a closed subscription +unarchived mailing list, which includes all the core committers, who be able +to help assess the impact of issues, figure out a resolution, and help +co-ordinate the release of patches to mitigate or fix the problem across all +platforms on which Perl is supported. Please only use this address for +security issues in the Perl core, not for modules independently +distributed on CPAN. + +=head1 SEE ALSO + +The F file for an explanation of how to view exhaustive details +on what changed. + +The F file for how to build Perl. + +The F file for general stuff. + +The F and F files for copyright information. + +=cut