perl5244cdelta - what is new for cperl v5.24.4
This document describes the differences between the cperl 5.24.4c and the cperl 5.24.3c releases.
If you are upgrading from an earlier release such as v5.24.2c, first read the perl5243cdelta documentation, which describes differences between v5.24.3c and v5.24.2c.
A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. [perl #132227]
Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure. [perl #132063]
pack() could cause a heap buffer write overflow with a large item count. [perl #131844]
Control characters in a supposed Unicode property name could cause perl to crash. This has been fixed. [perl #132055] [perl #132553] [perl #132658]
There are no changes intentionally incompatible with 5.24.3c. If any exist, they are bugs, and we request that you submit a report. See "Reporting Bugs" below.
'0' is a valid name for an archive, change 'iter' to check definedness. See https://metacpan.org/changes/distribution/Archive-Tar
Fix creating file with trailing whitespace on filename - fixes 103279
Allow archiving with absolute pathnames - fixes 97748
Small POD fix
Speed up extract when archive contains lots of files
CVE-2018-12015 directory traversal vulnerability [cpan #125523]
Remove deprecated no-op attributes :unique, :locked
Fix autovivification bug with hash slice args to a function.
Support sub refs, and named anon subs.
Support pgcc, seperate it from gcc
Support pgcc, seperate it from gcc
Updated internal zlib from 1.2.8 to latest, past 1.2.11
Silence gcc compiler warnings when -Wsign-compare is enabled #123688: Compilation warnings with clang
Silence gcc compiler warnings when -Wimplicit-fallthrough is enabled #123358: Compilation warnings with gcc-7.*
Windows uses -lzlib. Linux uses -lz #123699: wrong external zlib name used on Windows
Update zlib-src directory to use zlib 1.2.11 #123245: perl 5.26.1 is vulnerable to CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842
Don't allow offset to be greater than length of buffer in crc32.
Change my_zcalloc to use safecalloc. https://github.com/madler/zlib/issues/253 is the upstream report for the remaining valgrind errors not already dealt with by 1.2.11. Using calloc in Zlib.xs for now as a workaround. #121074: valgrind errors in the test suite
Fixed upstream deflate. See https://github.com/madler/zlib/pull/327 1.2.11 is not recommended to use.
From 5.28.0c See https://github.com/andk/cpanpm/pull/109
MSVC 14.0 support and higher, changed nan in the runtime.
Stringify true again as "1".
Disallow duplicate keys by default, only allow them in relaxed mode.
De-fragilize t/96_mojo.t false test to "". It mostly is.
Fix and unify utf8 handling with 5.6.2 and improve many utf8 tests.
Add tests for boolean sv_yes and sv_no.
Check for correct module in %INC.
Relax inf/nan detection for newer msvcrt.dll runtime versions (it's now almost ANSI).
Fixed locale-insensitive numeric conversion on older perls. Fixed compilation under windows.
Simplify allow_singlequote check, coverity cid #165321. Remove logical dead code.
Added Cpanel::JSON::XS::Type as 2nd optional encode argument.
Removed calling get magic hooks twice in encode.
Fix setlocale thread race for older perls.
Fix overloaded eq/ne comparisons (GH #116 by demerphq, GH #117 by Graham Knopp): detect strings, protect from endless recursion. false is now ne "True". clarify eq/ne rules in the docs.
Set decoded type (PR #115 by Pali)
Add json_type_weaken (PR #114 by Pali)
Fix tests for 5.6 (rurban, pali)
Add sereal cpanel_json_xs type (#110 James Rouzier)
Improved bencode/bdecode methods in cpanel_json_xs (#111 Fulvio Scapin)
Add encoder indent_length method (#103 rouzier), previously hard-coded to 3.
Fix centos7 locale crash (#101 McA), fix required for all threaded perl's < 5.22 with glibc.
Fix uselocale() code. Probe for uselocale and xlocale.h with <5.22 threaded.
Avoid setlocale race in threads with non-C locales, where the threads differ in the LC_NUMERIC locale. (#99 pali)
Attempt to work around XS deparse issues on old perls.
XS improvements
Quoting of glob names now obeys the Useqq option [perl #119831].
Attempts to set an option to undef through a combined getter/setter method are no longer mistaken for getter calls [perl #113090].
Add #if { CPERL && VERSION 5.26.0 }> support, support parser enum expectation.
mkppport called PPPort_pm.PL without passing through MAKEFLAGS. Add --quiet support there
Fix WIDEST_UTYPE.
Support strict hashpairs, fix for . in @INC.
Merge with upstream, changed croak/mess/warn_nocontext/..., add NEED_ macros ...
Remove deprecated -p option and PurePerl variant.
Replaced DynaLoader with XSLoader.
Silenced compiler warnings from VS2017 RT #124477
Modified addfile to return error when given a directory name, makes behavior consistent with GNU coreutils shaXsum.
Document the MacOS build failures & how MacPort can work around the issue. #125238, #125585, RT#133280
Write all test db files into a directory created by File::Temp Protects against any possible races if running a parallel build.
#96357: DB_File destructor is not thread-safe Added CLONE_SKIP to DB_File.pm and included the test db-threads.t from the patch.
#124944 allow ppport.h-less builds in core
Fix wrong usage of SvREFCNT_inc_simple_NN with a function, fixes a memory leak.
no strict hashpairs in encoding. fixed some -Wsign-compare See https://metacpan.org/changes/distribution/Encode
Skip the flapping test t/Aliases.t on threaded smokers, with random segfaults. This is a long standing core bug, with PMOP aliases or clone. First observed at https://github.com/rurban/perl-compiler/issues/73 (since 5.6)
Stop directory tweaking $Encode::Encoding{utf8}
Fix gcc warnings for older gcc < 4.0
Where possible do not depend on value of $@, instead use return value of eval
Fix more XS problems in Encode.xs file
Load modules Encode::MIME::Name and Storable normally
Remove no warnings 'redefine'; and correctly loaddependences
Remove PP stubs and reformat predefine_encodings()
Run Encode XS BOOT code at compile time
Use Encode::define_encoding and propagate carp/croak message
cperl fixes: encoding undeprecated, no strict hashpairs
Cleanup code for handling fallback/replacement characters
lib/Encode/MIME/Name.pm t/mime-name.t Pulled: Add "euc-cn" => "EUC-CN" alias to Encode::MIME::Name https://github.com/dankogai/p5-encode/pull/124
lib/Encode/CN/HZ.pm lib/Encode/JP/JIS7.pm lib/Encode/MIME/Header.pm t/decode.t Pulled: Uninitialized value fixes #122 https://github.com/dankogai/p5-encode/pull/122
Makefile.PL Pulled: Fix -Werror=declaration-after-statement for gcc 4.1.2 https://github.com/dankogai/p5-encode/pull/121
Fixed deep recursion in Encode::find_encoding when decoding.
fix failed to extend arg stack
Merge our fixes to upstream 7.35_06 (which has e.g. the dlltool mingw and parallel MSVC fixes). Many fixes were already in, but some new upstream bugs crept in.
Support IO::Scalar handle as $parsefile argument to ExtUtils::MM_Unix::parse_version().
fix Invalid Locale symbol name. Invalid identifier "ENCODING_UTF-8" while "strict names"
fix XSMULTI static with strict linkers, avoid duplicate symbol _boot_XS__Test in: Test.o blib/arch/auto/XS/Test/Test.a(Test.o)
xsstatic: fixup MAKE_APERL_FILE, which was Makefile.aperl.aperl, add xs_static_lib_is_xs
MSVC: seperate dbgoutflag
VMS: add static_lib_pure_cmd
Liblist: support libdirs with spaces
Support afl-fuzz with afl-clang-fast
Skip PUTBACK;return; on XSRETURN in PPCODE
Remove perl5 incompatible __attribute__global__ needed for -flto. XS_EXTERNAL has it already.
It will now use the sub-second precision variant of utime() supplied by Time::HiRes where available. [perl #132401].
Fixed exponential performance: https://research.swtch.com/glob
Skip a test when File::Glob not used. Avoid undefined behaviour in Copy() [perl #131746]
Backported from 5.28.0c, but keep epoc and MacOS.
Support overlong paths for getdcwd(), using the wide API for overlong paths.
- remove File::Temp::Dir from the PAUSE index (it is not in its own .pm file, so it is not 'use'able on its own)
- change EXLOCK default from true to false; addresses RT#123959. Note that this option was always a no-op on non-BSD platforms; changing the default to false makes behaviour more predictable and consistent across platforms.
- switch from 'use vars' to 'our'
- documentation updates for what versions contain what features (thanks, Brian Mowrey! RT#101518)
- fix bad use of skip() in tests (RT#95922)
- Fall back to CSIDL_LOCAL_APPDATA under taint on Windows (RT#60340)
- update distribution tooling
XSLoader, our. defer Carp.
Add filter_read_exact tests.
Improve tests using FindBin for filter-util.pl [atoomic #9]
Add int casts, assert on 2GB limitation.
Its documentation now explains that each and delete don't mix in hashes tied to this module [perl #117449].
It will now retry opening with an acceptable block size if asking gdbm to default the block size failed [perl #119623].
Doc how to import when you want to use MODULE ()
replace use vars with our, run-time load Carp, Bump versions of 3 Socket modules. Remove pre-5.8 support
Added wait_loop_callback for run_forked()
Only search in curdir in can_run() when on Win32 RT #105601
Fixed can't use IPC::Cmd->run_forked in the first process of a container RT #118424
Fixed run_forked("/usr/bin/echo test") captures no output RT #91784
HPUX test fixes.
Fix ping_udp for a started udp echo server (PR#5 by Stephan Loyd)
Fix t/400_ping_syn.t phases
Try to handle Windows Socket::getnameinfo errors
Improve some tests on missing network connections
Keep v5.002 - v5.6 support
Removed outdated demo/fping from the documentation (RT #123750 by Steve Morris)
Added t/420_ping_syn_port.t (#4 by Julio Fraire) with fixes.
Added indices and crosslinks to the documentation
use NIx_NOSERV flag for windows.
better icmpv6 support.
Fix for GLOB stubs. RT #123002
check invariant at compile time.
return EACCES on writing to a read-only scalar
Protect from NULL arg.
Various upstream changes, see https://metacpan.org/changes/distribution/podlators
fix find_rundefsvoffset logic.
Fix t/subname.t and t/exotic_names.t for unstrict names. perl5.26 started defining $Config{usecperl} as 'UNKNOWN', hence this check is now unreliable.
Merge with 1.50 upstream: Ensure pairmap extends its stack correctly (davem), Fix name of List::Util::unpairs in its error messages.
added head/tail check PERL_NO_QUOTE_PKGSEPERATOR merged %DB::sub tests, merge with upstream %DB::sub support (main:: or not, utf8)
Fixup the new pairmap spill code.
Protect from fileno returning -1, invalid file arg. Reformatted.
fix for empty &STDERR files, RT #132008
Enable rulesfile.t to run in core
Return handle for pipes and sockets #58 (Erik Huelsmann) TAP v13 plan allows trailing whitespace (Steffen Schwigon) prove: add a --statefile=<path> option to customize the .prove file (Ævar Arnfjörð Bjarmason) Avoid non-deterministic source handling, make a SourceHandler tie an error. (Michael Schwern, Leon Timmermans) Fix and simplify MSWin32 colorization (Roy Ivy III) Fix file source handler to accept single extensions option (Tomoki Aonuma) Spelling fixes (Brian Wightman)
Updated from upstream since 1.9751:
See https://metacpan.org/changes/distribution/Time-HiRes
Fix MSVC by adding a fake struct timezone.
Add more potential clock constants, like CLOCK_MONOTONIC_FAST (available in FreeBSD), and not all potentially found clock constants were properly exported to be available from Perl, see your system's clock_gettime documentation for the available ones
Correct declared minimum Perl version (should be 5.6, was declared as 5.8 since 1.9727_03): blead af94b3ac
Merged with our cperl test fixes, see https://github.com/rurban/Time-HiRes/commits/cperl
Drop 5.005 support. Replace DynaLoader with XSLoader.
Some tests which required support for epoch values larger than 2**32 were not being skipped when the underlying Perl did not support that.
Fixed the tests so they will not break in the year 2020. The tests were passing in 2-digit years on the assumption that a year like "70" would be treated as 1970, but starting in 2020 this would be treated as 2070 instead. Reported by Bernhard M. Wiedemann. RT #124787
Added timelocal_modern and timegm_modern variants as optional exports. These versions do not munge years at all. They treat the year value that they are given exactly as-is.
Switch to XSLoader.
Fix AIX compile
Fix compile errors on MS
Use macro for buf sizes
Remove some compile warnings
SP off by 1 in _crt_localtime
Add updates from 0.9918: Add LAX_DECIMAL_VERSION, LAX_DOTTED_DECIMAL_VERSION, STRICT_DECIMAL_VERSION, STRICT_DOTTED_DECIMAL_VERSION regexes. Add updates from 0.9921: pod, safer C locale switching. add vpp support for cperl: scmp, c suffix. use vars => our.
Add t/11_taint.t
Fix wrong usage of SvREFCNT_inc_simple_NN with a function, fixes a memory leak.
Its documentation now shows the use of __PACKAGE__, and direct object syntax for example DynaLoader usage [perl #132247].
Fixed missing compile-time AvSHAPED detection in nested scopes. E.g.:
my @a[1]; sub { $a[0]->[5] = 1 }->(); # mderef_u
my @b[1]; sub { $b[0] = 1 }->(); # aelemfast_lex_uSee [cperl #354].
Harmonize skipped main:: prefix in %DB::sub. In cperl the debugger uses no main:: prefixes for global functions. This enables entering debugger breakpoints and c without main::, newMYSUB still had main:: Backported from 5.28.0c
The readpipe() built-in function now checks at compile time that it has only one parameter expression, and puts it in scalar context, thus ensuring that it doesn't corrupt the stack at runtime. [perl #4574]
re_intuit_start() was fixed for non-utf8 targets to ignore the utf8 folding rules.
Excluding auto-generated files, documentation and release tools, there were approximately 14,000 lines of changes to 390 .pm, .t, .c and .h files.
The following people are known to have contributed the improvements that became cperl 5.24.4:
Reini Urban, Karl Williamson, Tony Cook, Chris 'BinGOs' Williams, Renee Baecker, Yves Orton, Zefram.
The list above is almost certainly incomplete as it is automatically generated from version control history including the perl and cperl repos. In particular, it does not include the names of the (very much appreciated) contributors who reported issues to the Perl bug tracker and the cperl github issues.
Many of the changes included in this version originated in the CPAN modules included in Perl's core. We're grateful to the entire CPAN community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl source distribution.
Generated with:
cperl Porting/acknowledgements.pl cperl-5.24.3..HEAD -cIf you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at https://rt.perl.org/ . There may also be information at http://www.perl.org/ , the Perl Home Page.
If you believe you have an unreported bug, please run the cperlbug program included with your release. Be sure to trim your bug down to a tiny but sufficient test case. Your bug report, along with the output of perl -V, will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
If you think it's a cperl specific bug or trust the cperl developers more please file an issue at https://github.com/perl11/cperl/issues.
If the bug you are reporting has security implications which make it inappropriate to send to a publicly archived mailing list, then see "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec For details of how to report the issue.
The Changes file for an explanation of how to view exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.