perl570delta - what's new for perl v5.7.0
This document describes differences between the 5.6.0 release and the 5.7.0 release.
A potential security vulnerability in the optional suidperl component of Perl has been identified. suidperl is neither built nor installed by default. As of September the 2nd, 2000, the only known vulnerable platform is Linux, most likely all Linux distributions. CERT and various vendors have been alerted about the vulnerability.
The problem was caused by Perl trying to report a suspected security exploit attempt using an external program, /bin/mail. On Linux platforms the /bin/mail program had an undocumented feature which when combined with suidperl gave access to a root shell, resulting in a serious compromise instead of reporting the exploit attempt. If you don't have /bin/mail, or if you have 'safe setuid scripts', or if suidperl is not installed, you are safe.
The exploit attempt reporting feature has been completely removed from the Perl 5.7.0 release, so that particular vulnerability isn't there anymore. However, further security vulnerabilities are, unfortunately, always possible. The suidperl code is being reviewed and if deemed too risky to continue to be supported, it may be completely removed from future releases. In any case, suidperl should only be used by security experts who know exactly what they are doing and why they are using suidperl instead of some other solution such as sudo ( see http://www.courtesan.com/sudo/ ).
@bar is an array,
whether or not the compiler has seen use of @bar.
\w character.
perl -d:Module=arg,arg,arg now works (previously one couldn't pass
in multiple arguments.)
no Module; now works even if there is no "sub unimport" in the Module.
undef if either operand
is a NaN. Previously the behaviour was unspecified.
pack('U0a*', ...) can now be used to force a string to UTF8.
no AutoLoader;,
The English module can now be used without the infamous performance hit by saying
use English '-no_performance_hit';
(Assuming, of course, that one doesn't need the troublesome variables
$`, $&, or $'.) Also, introduced @LAST_MATCH_START and
@LAST_MATCH_END English aliases for @- and @+.
%INC now localised in a Safe compartment so that use/require work.
-S can now run non-interactively.
"0" now treated correctly, the d command now checks
line number, the $. no longer gets corrupted, all debugger output now
goes correctly to the socket if RemotePort is set.
*foo{FORMAT} now works.
#line now works.
q(a\\b) now parses correctly as 'a\\b'.
[[:space:]] to include the (very
rare) vertical tab character. Added a new POSIX-ish character class
[[:blank:]] which stands for horizontal whitespace (currently,
the space and the tab).
Several Unicode fixes (but still not perfect).
IsAlnum, IsAlpha, and IsWord now match titlecase.
. operator or via variable interpolation,
eq, substr, reverse, quotemeta, the x operator,
substitution with s///, single-quoted UTF8, should now work--in
theory.
tr/// operator now works slightly better but is still rather
broken. Note that the tr///CU functionality has been removed (but
see pack('U0', ...)).
IsDigit.
BSDI 4.*
Perl now works on post-4.0 BSD/OSes.
All BSDs
Setting $0 now works (as much as possible; see perlvar for details).
Cygwin
Numerous updates; currently synchronised with Cygwin 1.1.4.
EPOC
EPOC update after Perl 5.6.0. See README.epoc.
FreeBSD 3.*
Perl now works on post-3.0 FreeBSDs.
HP-UX
README.hpux updated; Configure -Duse64bitall now almost works.
IRIX
Numerous compilation flag and hint enhancements; accidental mixing of 32-bit and 64-bit libraries (a doomed attempt) made much harder.
Linux
Long doubles should now work (see INSTALL).
Mac OS Classic
Compilation of the standard Perl distribution in Mac OS Classic should now work if you have the Metrowerks development environment and the missing Mac-specific toolkit bits. Contact the macperl mailing list for details.
MPE/iX
MPE/iX update after Perl 5.6.0. See README.mpeix.
NetBSD/sparc
Perl now works on NetBSD/sparc.
OS/2
Now works with usethreads (see INSTALL).
Solaris
64-bitness using the Sun Workshop compiler now works.
Tru64 (aka Digital UNIX, aka DEC OSF/1)
The operating system version letter now recorded in $Config{osvers}. Allow compiling with gcc (previously explicitly forbidden). Compiling with gcc still not recommended because buggy code results, even with gcc 2.95.2.
Unicos
Fixed various alignment problems that lead into core dumps either during build or later; no longer dies on math errors at runtime; now using full quad integers (64 bits), previously was using only 46 bit integers for speed.
VMS
chdir() now works better despite a CRT bug; now works with MULTIPLICITY (see INSTALL); now works with Perl's malloc.
Windows
File::Spec-tmpdir()> now prefers C:/temp over /tmp
(works better when perl is running as service).
All regular expression compilation error messages are now hopefully easier to understand both because the error message now comes before the failed regex and because the point of failure is now clearly marked.
The various "opened only for", "on closed", "never opened" warnings
drop the main:: prefix for filehandles in the main package,
for example STDIN instead of <main::STDIN>.
The "Unrecognized escape" warning has been extended to include \8,
\9, and \_. There is no need to escape any of the \w characters.
make -f Makefile.micro should be enough. Beware: microperl makes
many assumptions, some of which may be too bold; the resulting
executable may crash or otherwise misbehave in wondrous ways.
For careful hackers only.
We're working on it. Stay tuned.
The plan is to bring them back.
Certain extensions like mod_perl and BSD::Resource are known to have issues with `largefiles', a change brought by Perl 5.6.0 in which file offsets default to 64 bits wide, where supported. Modules may fail to compile at all or compile and work incorrectly. Currently there is no good solution for the problem, but Configure now provides appropriate non-largefile ccflags, ldflags, libswanted, and libs in the %Config hash (e.g., $Config{ccflags_nolargefiles}) so the extensions that are having problems can try configuring themselves without the largefileness. This is admittedly not a clean solution, and the solution may not even work at all. One potential failure is whether one can (or, if one can, whether it's a good idea) link together at all binaries with different ideas about file offsets, all this is platform-dependent.
Don't panic. Read INSTALL 'make test' section instead.
If perl is configured with -Duse64bitall, the successful result of the subtest 10 of lib/posix may arrive before the successful result of the subtest 9, which confuses the test harness so much that it thinks the subtest 9 failed.
The experimental long double support is still very much so in Solaris. (Other platforms like Linux and Tru64 are beginning to solidify in this area.)
No known fix.
If any Storable tests fail the use of Storable is not advisable.
Many Storable tests fail on AIX configured with 64 bit integers.
So far unidentified problems break Storable in AIX if Perl is configured to use 64 bit integers. AIX in 32-bit mode works and other 64-bit platforms work with Storable.
st-06compat fails in UNICOS and UNICOS/mk.
This means that you cannot read old (pre-Storable-0.7) Storable images made in other platforms.
Multithreading is still an experimental feature. Some platforms emit the following message for lib/thr5005
#
# This is a KNOWN FAILURE, and one of the reasons why threading
# is still an experimental feature. It is here to stop people
# from deploying threads in production. ;-)
#
and another known thread-related warning is
pragma/overload......Unbalanced saves: 3 more saves than restores panic: magic_mutexfree during global destruction. ok lib/selfloader.......Unbalanced saves: 3 more saves than restores panic: magic_mutexfree during global destruction. ok lib/st-dclone........Unbalanced saves: 3 more saves than restores panic: magic_mutexfree during global destruction. ok
The compiler suite is slowly getting better but is nowhere near working order yet. The backend part that has seen perhaps the most progress is the bytecode compiler.
If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at http://bugs.perl.org/ There may also be information at http://www.perl.com/perl/ , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down
to a tiny but sufficient test case. Your bug report, along with the
output of perl -V, will be sent off to perlbug@perl.org to be
analysed by the Perl porting team.
The Changes file for exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
Written by Jarkko Hietaniemi <jhi@iki.fi>, with many contributions from The Perl Porters and Perl Users submitting feedback and patches.
Send omissions or corrections to <perlbug@perl.org>.