perl571delta - what's new for perl v5.7.1
This document describes differences between the 5.7.0 release and the 5.7.1 release.
(To view the differences between the 5.6.0 release and the 5.7.0 release, see perl570delta.)
(This change was already made in 5.7.0 but bears repeating here.)
A potential security vulnerability in the optional suidperl component of Perl was identified in August 2000. suidperl is neither built nor installed by default. As of April 2001 the only known vulnerable platform is Linux, most likely all Linux distributions. CERT and various vendors and distributors have been alerted about the vulnerability. See http://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt for more information.
The problem was caused by Perl trying to report a suspected security exploit attempt using an external program, /bin/mail. On Linux platforms the /bin/mail program had an undocumented feature which when combined with suidperl gave access to a root shell, resulting in a serious compromise instead of reporting the exploit attempt. If you don't have /bin/mail, or if you have 'safe setuid scripts', or if suidperl is not installed, you are safe.
The exploit attempt reporting feature has been completely removed from all the Perl 5.7 releases (and will be gone also from the maintenance release 5.6.1), so that particular vulnerability isn't there anymore. However, further security vulnerabilities are, unfortunately, always possible. The suidperl code is being reviewed and if deemed too risky to continue to be supported, it may be completely removed from future releases. In any case, suidperl should only be used by security experts who know exactly what they are doing and why they are using suidperl instead of some other solution such as sudo ( see http://www.courtesan.com/sudo/ ).
AUTOLOAD is now lvaluable, meaning that you can add the :lvalue attribute to AUTOLOAD subroutines and you can assign to the AUTOLOAD return value.
IO is now by default done via PerlIO rather than system's "stdio". PerlIO allows "layers" to be "pushed" onto a file handle to alter the handle's behaviour. Layers can be specified at open time via 3-arg form of open:
open($fh,'>:crlf :utf8', $path) || ...
or on already opened handles via extended binmode:
binmode($fh,':encoding(iso-8859-7)');
The built-in layers are: unix (low level read/write), stdio (as in previous Perls), perlio (re-implementation of stdio buffering in a portable manner), crlf (does CRLF <=> "\n" translation as on Win32, but available on any platform). A mmap layer may be available if platform supports it (mostly UNIXes).
Layers to be applied by default may be specified via the 'open' pragma.
See /"Installation and Configuration Improvements" for the effects of PerlIO on your architecture name.
File handles can be marked as accepting Perl's internal encoding of Unicode (UTF-8 or UTF-EBCDIC depending on platform) by a pseudo layer ":utf8" :
open($fh,">:utf8","Uni.txt");
Note for EBCDIC users: the pseudo layer ":utf8" is erroneously named for you since it's not UTF-8 what you will be getting but instead UTF-EBCDIC. See perlunicode, utf8, and http://www.unicode.org/unicode/reports/tr16/ for more information. In future releases this naming may change.
File handles can be opened to "in memory" files held in Perl scalars via:
open($fh,'>', \$variable) || ...
Anonymous temporary files are available without need to 'use FileHandle' or other module via
open($fh,"+>", undef) || ...
That is a literal undef, not an undefined value.
The list form of open is now implemented for pipes (at least on UNIX):
open($fh,"-|", 'cat', '/etc/motd')
creates a pipe, and runs the equivalent of exec('cat', '/etc/motd') in the child process.
The printf() and sprintf() now support parameter reordering using the
%\d+\$ and *\d+\$ syntaxes. For example
print "%2\$s %1\$s\n", "foo", "bar";
will print "bar foo\n"; This feature helps in writing internationalised software.
The Unicode Character Database coming with Perl has been upgraded to Unicode 3.1. For more information, see http://www.unicode.org/ , and http://www.unicode.org/unicode/reports/tr27/
For developers interested in enhancing Perl's Unicode capabilities: almost all the UCD files are included with the Perl distribution in the lib/unicode subdirectory. The most notable omission, for space considerations, is the Unihan database.
\s (\p{Space}
isn't, since that includes the vertical tabulator character, whereas
\s doesn't.)
Perl used to be fragile in that signals arriving at inopportune moments could corrupt Perl's internal state.
B::Concise, by Stephen McCamant, is a new compiler backend for walking the Perl syntax tree, printing concise info about ops. The output is highly customisable.
See B::Concise for more information.
Class::ISA, by Sean Burke, for reporting the search path for a class's ISA tree, has been added.
See Class::ISA for more information.
Digest, a frontend module for calculating digests (checksums), from Gisle Aas, has been added.
See Digest for more information.
Digest::MD5 for calculating MD5 digests (checksums), by Gisle Aas, has been added.
use Digest::MD5 'md5_hex';
$digest = md5_hex("Thirsty Camel");
print $digest, "\n"; # 01d19d9d2045e005c3f1b80e8b164de1
NOTE: the MD5 backward compatibility module is deliberately not included since its use is discouraged.
See Digest::MD5 for more information.
Encode, by Nick Ing-Simmons, provides a mechanism to translate between different character encodings. Support for Unicode, ISO-8859-*, ASCII, CP*, KOI8-R, and three variants of EBCDIC are compiled in to the module. Several other encodings (like Japanese, Chinese, and MacIntosh encodings) are included and will be loaded at runtime.
Any encoding supported by Encode module is also available to the ":encoding()" layer if PerlIO is used.
See Encode for more information.
Filter::Simple is an easy-to-use frontend to Filter::Util::Call, from Damian Conway.
# in MyFilter.pm:
package MyFilter;
use Filter::Simple sub {
while (my ($from, $to) = splice @_, 0, 2) {
s/$from/$to/g;
}
};
1;
# in user's code:
use MyFilter qr/red/ => 'green';
print "red\n"; # this code is filtered, will print "green\n"
print "bored\n"; # this code is filtered, will print "bogreen\n"
no MyFilter;
print "red\n"; # this code is not filtered, will print "red\n"
See Filter::Simple for more information.
Locale::Constants, Locale::Country, Locale::Currency, and Locale::Language, from Neil Bowers, have been added. They provide the codes for various locale standards, such as "fr" for France, "usd" for US Dollar, and "jp" for Japanese.
use Locale::Country;
$country = code2country('jp'); # $country gets 'Japan'
$code = country2code('Norway'); # $code gets 'no'
See Locale::Constants, Locale::Country, Locale::Currency, and Locale::Language for more information.
MIME::Base64, by Gisle Aas, allows you to encode data in base64.
use MIME::Base64;
$encoded = encode_base64('Aladdin:open sesame');
$decoded = decode_base64($encoded);
print $encoded, "\n"; # "QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
See MIME::Base64 for more information.
MIME::QuotedPrint, by Gisle Aas, allows you to encode data in quoted-printable encoding.
use MIME::QuotedPrint;
$encoded = encode_qp("Smiley in Unicode: \x{263a}");
$decoded = decode_qp($encoded);
print $encoded, "\n"; # "Smiley in Unicode: =263A"
MIME::QuotedPrint has been enhanced to provide the basic methods necessary to use it with PerlIO::Via as in :
use MIME::QuotedPrint;
open($fh,">Via(MIME::QuotedPrint)",$path)
See MIME::QuotedPrint for more information.
PerlIO::Via, by Nick Ing-Simmons, acts as a PerlIO layer and wraps PerlIO layer functionality provided by a class (typically implemented in perl code).
use MIME::QuotedPrint;
open($fh,">Via(MIME::QuotedPrint)",$path)
This will automatically convert everything output to $fh
to Quoted-Printable. See PerlIO::Via for more information.
Switch from Damian Conway has been added. Just by saying
use Switch;
you have switch and case available in Perl.
use Switch;
switch ($val) {
case 1 { print "number 1" }
case "a" { print "string a" }
case [1..10,42] { print "number in list" }
case (@array) { print "number in list" }
case /\w+/ { print "pattern" }
case qr/\w+/ { print "pattern" }
case (%hash) { print "entry in hash" }
case (\%hash) { print "entry in hash" }
case (\&sub) { print "arg to subroutine" }
else { print "previous case not true" }
}
See Switch for more information.
Text::Balanced from Damian Conway has been added, for extracting delimited text sequences from strings.
use Text::Balanced 'extract_delimited';
($a, $b) = extract_delimited("'never say never', he never said", "'", '');
$a will be "'never say never'", $b will be ', he never said'.
In addition to extract_delimited() there are also extract_bracketed(), extract_quotelike(), extract_codeblock(), extract_variable(), extract_tagged(), extract_multiple(), gen_delimited_pat(), and gen_extract_tagged(). With these you can implement rather advanced parsing algorithms. See Text::Balanced for more information.
Math::BigFloat has undergone much fixing, and in addition the fmod() function now supports modulus operations.
( The fixed Math::BigFloat module is also available in CPAN for those who can't upgrade their Perl: http://www.cpan.org/authors/id/J/JP/JPEACOCK/ )
open pragma allows layers other than ":raw" and ":crlf" when
using PerlIO.
The following modules have been upgraded from the versions at CPAN: CPAN, CGI, DB_File, File::Temp, Getopt::Long, Pod::Man, Pod::Text, Storable, Text-Tabs+Wrap.
Internal replacements for standard C library functions. (Interesting only for extension writers and Perl core hackers.)
Internals of PerlIO with layers.
Documentation on compiling Perl on AIX has been added. AIX has several different C compilers and getting the right patch level is essential. On install README.aix will be installed as perlaix.
Documentation on compiling Perl on the POSIX-BC platform (an EBCDIC mainframe environment) has been added.
This was formerly known as README.posix-bc but the name was considered to be too confusing (it has nothing to do with the POSIX module or the POSIX standard). On install README.bs2000 will be installed as perlbs2000.
In perl 5.7.1 (and in the 5.6.1) the MacPerl sources have been synchronised with the standard Perl sources. To compile MacPerl some additional steps are required, and this file documents those steps. On install README.macos will be installed as perlmacos.
The README.mpeix has been podified, which means that this information about compiling and using Perl on the MPE/iX miniframe platform will be installed as perlmpeix.
README.solaris has been created and Solaris wisdom from elsewhere in the Perl documentation has been collected there. On install README.solaris will be installed as perlsolaris.
The README.vos has been podified, which means that this information about compiling and using Perl on the Stratus VOS miniframe platform will be installed as perlvos.
Documentation on how to use the Perl source repository has been added.
For the list of platforms known to support Perl, see perlport/"Supported Platforms".
Some new Configure symbols, useful for extension writers:
If your file system supports symbolic links you can build Perl outside of the source directory by
mkdir /tmp/perl/build/directory cd /tmp/perl/build/directory sh /path/to/perl/source/Configure -Dmksymlinks ...
This will create in /tmp/perl/build/directory a tree of symbolic links pointing to files in /path/to/perl/source. The original files are left unaffected. After Configure has finished you can just say
make all test
and Perl will be built and tested, all in /tmp/perl/build/directory.
Numerous memory leaks and uninitialized memory accesses have been hunted down. Most importantly anonymous subs used to leak quite a bit.
Windows
Two new debugging options have been added: if you have compiled your Perl with debugging, you can use the -DT and -DR options to trace tokenising and to add reference counts to displaying variables, respectively.
push @a; and unshift @a; (with no values to push or unshift)
now give a warning. This may be a problem for generated and evaled
code.
Many new tests have been added. The most notable is probably the lib/1_compile: it is very notable because running it takes quite a long time -- it test compiles all the Perl modules in the distribution. Please be patient.
Note that unlike other sections in this document (which describe changes since 5.7.0) this section is cumulative containing known problems for all the 5.7 releases.
The AIX C compiler vac version 5.0.0.0 may produce buggy code, resulting in few random tests failing, but when the failing tests are run by hand, they succeed. We suggest upgrading to at least vac version 5.0.1.0, that has been known to compile Perl correctly. "lslpp -L|grep vac.C" will tell you the vac version.
Don't panic. Read INSTALL 'make test' section instead.
The lib/io_multihomed test may hang in HP-UX if Perl has been configured to be 64-bit. Because other 64-bit platforms do not hang in this test, HP-UX is suspect. All other tests pass in 64-bit HP-UX. The test attempts to create and connect to "multihomed" sockets (sockets which have multiple IP addresses).
If perl is configured with -Duse64bitall, the successful result of the subtest 10 of lib/posix may arrive before the successful result of the subtest 9, which confuses the test harness so much that it thinks the subtest 9 failed.
The test fails on various platforms (PA64 and IA64 are known), but the exact cause is still being investigated.
No known fix.
The test is known to fail; whether it's because of VMS of because of faulty test is not known.
The op/sprintf tests 129 and 130 are known to fail on some platforms. Examples include any platform using sfio, and Compaq/Tandem's NonStop-UX. The failing platforms do not comply with the ANSI C Standard, line 19ff on page 134 of ANSI X3.159 1989 to be exact. (They produce something else than "1" and "-1" when formatting 0.6 and -0.6 using the printf format "%.0f", most often they produce "0" and "-0".)
The subtests 19 and 20 of lib/thr5005.t test are known to fail due to fundamental problems in the 5.005 threading implementation. These are not new failures--Perl 5.005_0x has the same bugs, but didn't have these tests. (Note that support for 5.005-style threading remains experimental.)
use Tie::Hash;
tie my %tie_hash => 'Tie::StdHash';
...
local($tie_hash{Foo}) = 1; # leaks
Code like the above is known to leak memory every time the local() is executed.
Self-tying of arrays and hashes is broken in rather deep and hard-to-fix ways. As a stop-gap measure to avoid people from getting frustrated at the mysterious results (core dumps, most often) it is for now forbidden (you will get a fatal error even from an attempt).
Some extensions like mod_perl are known to have issues with `largefiles', a change brought by Perl 5.6.0 in which file offsets default to 64 bits wide, where supported. Modules may fail to compile at all or compile and work incorrectly. Currently there is no good solution for the problem, but Configure now provides appropriate non-largefile ccflags, ldflags, libswanted, and libs in the %Config hash (e.g., $Config{ccflags_nolargefiles}) so the extensions that are having problems can try configuring themselves without the largefileness. This is admittedly not a clean solution, and the solution may not even work at all. One potential failure is whether one can (or, if one can, whether it's a good idea) link together at all binaries with different ideas about file offsets, all this is platform-dependent.
The compiler suite is slowly getting better but is nowhere near working order yet.
If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at http://bugs.perl.org/ There may also be information at http://www.perl.com/perl/ , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down
to a tiny but sufficient test case. Your bug report, along with the
output of perl -V, will be sent off to perlbug@perl.org to be
analysed by the Perl porting team.
The Changes file for exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
Written by Jarkko Hietaniemi <jhi@iki.fi>, with many contributions from The Perl Porters and Perl Users submitting feedback and patches.
Send omissions or corrections to <perlbug@perl.org>.