A pair of exploits in "suidperl" involving debugging code have been closed.
For new projects the core perl team strongly recommends that you use
dedicated, single purpose security tools such as "sudo" in preference to
"suidperl".
Optional site customization script
The perl interpreter can be built to allow the use of a site customization
script. By default this is not enabled, to be consistent with previous perl
releases. To use this, add "-Dusesitecustomize" to the command line flags
when running the "Configure" script. See also ``-f'' in perlrun.
Config.pm is now much smaller.
"Config.pm" is now about 3K rather than 32K, with the infrequently used
code and %Config values loaded on demand. This is transparent to the
programmer, but means that most code will save parsing and loading 29K of
script (for example, code that uses "File::Find").
Modules and Pragmata
*
B upgraded to version 1.09
*
base upgraded to version 2.07
*
bignum upgraded to version 0.17
*
bytes upgraded to version 1.02
*
Carp upgraded to version 1.04
*
CGI upgraded to version 3.10
*
Class::ISA upgraded to version 0.33
*
Data::Dumper upgraded to version 2.121_02
*
DB_File upgraded to version 1.811
*
Devel::PPPort upgraded to version 3.06
*
Digest upgraded to version 1.10
*
Encode upgraded to version 2.10
*
FileCache upgraded to version 1.05
*
File::Path upgraded to version 1.07
*
File::Temp upgraded to version 0.16
*
IO::File upgraded to version 1.11
*
IO::Socket upgraded to version 1.28
*
Math::BigInt upgraded to version 1.77
*
Math::BigRat upgraded to version 0.15
*
overload upgraded to version 1.03
*
PathTools upgraded to version 3.05
*
Pod::HTML upgraded to version 1.0503
*
Pod::Perldoc upgraded to version 3.14
*
Pod::LaTeX upgraded to version 0.58
*
Pod::Parser upgraded to version 1.30
*
Symbol upgraded to version 1.06
*
Term::ANSIColor upgraded to version 1.09
*
Test::Harness upgraded to version 2.48
*
Test::Simple upgraded to version 0.54
*
Text::Wrap upgraded to version 2001.09293, to fix a bug when wrap() was
called with a non-space separator.
*
threads::shared upgraded to version 0.93
*
Time::HiRes upgraded to version 1.66
*
Time::Local upgraded to version 1.11
*
Unicode::Normalize upgraded to version 0.32
*
utf8 upgraded to version 1.05
*
Win32 upgraded to version 0.24, which provides Win32::GetFileVersion
Utility Changes
find2perl enhancements
"find2perl" has new options "-iname", "-path" and "-ipath".
Performance Enhancements
The internal pointer mapping hash used during ithreads cloning now uses an
arena for memory allocation. In tests this reduced ithreads cloning time by
about 10%.
Installation and Configuration Improvements
*
The Win32 ``dmake'' makefile.mk has been updated to make it compatible
with the latest versions of dmake.
*
"PERL_MALLOC", "DEBUG_MSTATS", "PERL_HASH_SEED_EXPLICIT" and "NO_HASH_SEED"
should now work in Win32 makefiles.
Selected Bug Fixes
*
The socket() function on Win32 has been fixed so that it is able to use
transport providers which specify a protocol of 0 (meaning any protocol
is allowed) once more. (This was broken in 5.8.6, and typically caused
the use of ICMP sockets to fail.)
*
Another obscure bug involving "substr" and UTF-8 caused by bad internal
offset caching has been identified and fixed.
*
A bug involving the loading of UTF-8 tables by the regexp engine has been
fixed - code such as ""\x{100}" =~ /[[:print:]]/" will no longer give
corrupt results.
*
Case conversion operations such as "uc" on a long Unicode string could
exhaust memory. This has been fixed.
*
"index"/"rindex" were buggy for some combinations of Unicode and
non-Unicode data. This has been fixed.
*
"read" (and presumably "sysread") would expose the UTF-8 internals when
reading from a byte oriented file handle into a UTF-8 scalar. This has
been fixed.
*
Several "pack"/"unpack" bug fixes:
*
Checksums with "b" or "B" formats were broken.
*
"unpack" checksums could overflow with the "C" format.
*
"U0" and "C0" are now scoped to "()""pack" sub-templates.
*
Counted length prefixes now don't change "C0"/"U0" mode.
*
"pack""Z0" used to destroy the preceding character.
*
"P"/"p""pack" formats used to only recognise literal "undef"
*
Using closures with ithreads could cause perl to crash. This was due to
failure to correctly lock internal OP structures, and has been fixed.
*
The return value of "close" now correctly reflects any file errors that
occur while flushing the handle's data, instead of just giving failure if
the actual underlying file close operation failed.
*
"not() || 1" used to segfault. "not()" now behaves like not(0), which was
the pre 5.6.0 behaviour.
*
"h2ph" has various enhancements to cope with constructs in header files that
used to result in incorrect or invalid output.
New or Changed Diagnostics
There is a new taint error, ``%ENV is aliased to %s''. This error is thrown
when taint checks are enabled and when *ENV has been aliased, so that
%ENV has no env-magic anymore and hence the environment cannot be verified
as taint-free.
The internals of "pack" and "unpack" have been updated. All legitimate
templates should work as before, but there may be some changes in the error
reported for complex failure cases. Any behaviour changes for non-error cases
are bugs, and should be reported.
Changed Internals
There has been a fair amount of refactoring of the "C" source code, partly to
make it tidier and more maintainable. The resulting object code and the
"perl" binary may well be smaller than 5.8.6, and hopefully faster in some
cases, but apart from this there should be no user-detectable changes.
"${^UTF8LOCALE}" has been added to give perl space access to "PL_utf8locale".
The size of the arenas used to allocate SV heads and most SV bodies can now
be changed at compile time. The old size was 1008 bytes, the new default size
is 4080 bytes.
Known Problems
Unicode strings returned from overloaded operators can be buggy. This is a
long standing bug reported since 5.8.6 was released, but we do not yet have
a suitable fix for it.
Platform Specific Problems
On UNICOS, lib/Math/BigInt/t/bigintc.t hangs burning CPU.
ext/B/t/bytecode.t and ext/Socket/t/socketpair.t both fail tests.
These are unlikely to be resolved, as our valiant UNICOS porter's last
Cray is being decommissioned.
Reporting Bugs
If you find what you think is a bug, you might check the articles
recently posted to the comp.lang.perl.misc newsgroup and the perl
bug database at http://bugs.perl.org. There may also be
information at http://www.perl.org, the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down
to a tiny but sufficient test case. Your bug report, along with the
output of "perl -V", will be sent off to perlbug@perl.org to be
analysed by the Perl porting team. You can browse and search
the Perl 5 bugs at http://bugs.perl.org/
SEE ALSO
The Changes file for exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.