{ "content": [ { "type": "text", "text": "# perl5243delta (man)\n\n## NAME\n\nperl5243delta - what is new for perl v5.24.3\n\n## DESCRIPTION\n\nThis document describes differences between the 5.24.2 release and the 5.24.3 release.\n\n## Sections\n\n- **NAME**\n- **DESCRIPTION**\n- **Security** (10 subsections)\n- **Acknowledgements** (1 subsections)\n- **SEE ALSO**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "perl5243delta", "section": "", "mode": "man", "summary": "perl5243delta - what is new for perl v5.24.3", "synopsis": null, "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 5, "subsections": [] }, { "name": "Security", "lines": 1, "subsections": [ { "name": "[CVE-2017-12837] Heap buffer overflow in regular expression compiler", "lines": 4 }, { "name": "[CVE-2017-12883] Buffer over-read in regular expression parser", "lines": 4 }, { "name": "[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows", "lines": 4 }, { "name": "Incompatible Changes", "lines": 3 }, { "name": "Modules and Pragmata", "lines": 1 }, { "name": "Updated Modules and Pragmata", "lines": 11 }, { "name": "Configuration and Compilation", "lines": 14 }, { "name": "Platform Support", "lines": 1 }, { "name": "Platform-Specific Notes", "lines": 10 }, { "name": "Selected Bug Fixes", "lines": 85 } ] }, { "name": "Acknowledgements", "lines": 25, "subsections": [ { "name": "Reporting Bugs", "lines": 13 } ] }, { "name": "SEE ALSO", "lines": 11, "subsections": [] } ], "sections": { "NAME": { "content": "perl5243delta - what is new for perl v5.24.3\n", "subsections": [] }, "DESCRIPTION": { "content": "This document describes differences between the 5.24.2 release and the 5.24.3 release.\n\nIf you are upgrading from an earlier release such as 5.24.1, first read perl5242delta, which\ndescribes differences between 5.24.1 and 5.24.2.\n", "subsections": [] }, "Security": { "content": "", "subsections": [ { "name": "[CVE-2017-12837] Heap buffer overflow in regular expression compiler", "content": "Compiling certain regular expression patterns with the case-insensitive modifier could cause\na heap buffer overflow and crash perl. This has now been fixed. [GH #16021]\n\n" }, { "name": "[CVE-2017-12883] Buffer over-read in regular expression parser", "content": "For certain types of syntax error in a regular expression pattern, the error message could\neither contain the contents of a random, possibly large, chunk of memory, or could crash\nperl. This has now been fixed. [GH #16025] \n" }, { "name": "[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows", "content": "A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the\nbuffer completely since it was superfluous anyway. [GH #16051]\n\n" }, { "name": "Incompatible Changes", "content": "There are no changes intentionally incompatible with 5.24.2. If any exist, they are bugs,\nand we request that you submit a report. See \"Reporting Bugs\" below.\n" }, { "name": "Modules and Pragmata", "content": "" }, { "name": "Updated Modules and Pragmata", "content": "• Module::CoreList has been upgraded from version 5.2017071524 to 5.2017092224.\n\n• POSIX has been upgraded from version 1.65 to 1.6501.\n\n• Time::HiRes has been upgraded from version 1.9733 to 1.9741.\n\n[GH #15396] [GH #15401]\n [GH #15524]\n [cpan #120032]\n\n" }, { "name": "Configuration and Compilation", "content": "• When building with GCC 6 and link-time optimization (the -flto option to gcc), Configure\nwas treating all probed symbols as present on the system, regardless of whether they\nactually exist. This has been fixed. [GH #15322]\n\n\n• Configure now aborts if both \"-Duselongdouble\" and \"-Dusequadmath\" are requested. [GH\n#14944] \n\n• Fixed a bug in which Configure could append \"-quadmath\" to the archname even if it was\nalready present. [GH #15423] \n\n• Clang builds with \"-DPERLGLOBALSTRUCT\" or \"-DPERLGLOBALSTRUCTPRIVATE\" have been\nfixed (by disabling Thread Safety Analysis for these configurations).\n" }, { "name": "Platform Support", "content": "" }, { "name": "Platform-Specific Notes", "content": "VMS\n• \"configure.com\" now recognizes the VSI-branded C compiler.\n\nWindows\n• Building XS modules with GCC 6 in a 64-bit build of Perl failed due to incorrect\nmapping of \"strtoll\" and \"strtoull\". This has now been fixed. [GH #16074]\n [cpan #121683]\n [cpan #122353]\n\n" }, { "name": "Selected Bug Fixes", "content": "• \"/@0{0*->@*/*0\" and similar contortions used to crash, but no longer do, but merely\nproduce a syntax error. [GH #15333] \n\n• \"do\" or \"require\" with an argument which is a reference or typeglob which, when\nstringified, contains a null character, started crashing in Perl 5.20, but has now been\nfixed. [GH #15337] \n\n• Expressions containing an \"&&\" or \"||\" operator (or their synonyms \"and\" and \"or\") were\nbeing compiled incorrectly in some cases. If the left-hand side consisted of either a\nnegated bareword constant or a negated \"do {}\" block containing a constant expression,\nand the right-hand side consisted of a negated non-foldable expression, one of the\nnegations was effectively ignored. The same was true of \"if\" and \"unless\" statement\nmodifiers, though with the left-hand and right-hand sides swapped. This long-standing\nbug has now been fixed. [GH #15285] \n\n• \"reset\" with an argument no longer crashes when encountering stash entries other than\nglobs. [GH #15314] \n\n• Assignment of hashes to, and deletion of, typeglobs named *:::::: no longer causes\ncrashes. [GH #15307] \n\n• Assignment variants of any bitwise ops under the \"bitwise\" feature would crash if the\nleft-hand side was an array or hash. [GH #15346]\n\n\n• \"socket\" now leaves the error code returned by the system in $! on failure. [GH #15383]\n\n\n• Parsing bad POSIX charclasses no longer leaks memory. [GH #15382]\n\n\n• Since Perl 5.20, line numbers have been off by one when perl is invoked with the -x\nswitch. This has been fixed. [GH #15413] \n\n• Some obscure cases of subroutines and file handles being freed at the same time could\nresult in crashes, but have been fixed. The crash was introduced in Perl 5.22. [GH\n#15435] \n\n• Some regular expression parsing glitches could lead to assertion failures with regular\nexpressions such as \"/(?<=/\" and \"/(?\n\n• \"gethostent\" and similar functions now perform a null check internally, to avoid crashing\nwith the torsocks library. This was a regression from Perl 5.22. [GH #15478]\n\n\n• Mentioning the same constant twice in a row (which is a syntax error) no longer fails an\nassertion under debugging builds. This was a regression from Perl 5.20. [GH #15017]\n\n\n• In Perl 5.24 \"fchown\" was changed not to accept negative one as an argument because in\nsome platforms that is an error. However, in some other platforms that is an acceptable\nargument. This change has been reverted. [GH #15523]\n.\n\n• \"@{x\" followed by a newline where \"x\" represents a control or non-ASCII character no\nlonger produces a garbled syntax error message or a crash. [GH #15518]\n\n\n• A regression in Perl 5.24 with \"tr/\\N{U+...}/foo/\" when the code point was between 128\nand 255 has been fixed. [GH #15475] .\n\n• Many issues relating to \"printf \"%a\"\" of hexadecimal floating point were fixed. In\naddition, the \"subnormals\" (formerly known as \"denormals\") floating point numbers are now\nsupported both with the plain IEEE 754 floating point numbers (64-bit or 128-bit) and the\nx86 80-bit \"extended precision\". Note that subnormal hexadecimal floating point literals\nwill give a warning about \"exponent underflow\". [GH #15495]\n [GH #15502]\n [GH #15503]\n [GH #15504]\n [GH #15505]\n [GH #15510]\n [GH #15512]\n\n\n• The parser could sometimes crash if a bareword came after \"evalbytes\". [GH #15586]\n\n\n• Fixed a place where the regex parser was not setting the syntax error correctly on a\nsyntactically incorrect pattern. [GH #15565]\n\n\n• A vulnerability in Perl's \"sprintf\" implementation has been fixed by avoiding a possible\nmemory wrap. [GH #15970] \n" } ] }, "Acknowledgements": { "content": "Perl 5.24.3 represents approximately 2 months of development since Perl 5.24.2 and contains\napproximately 3,200 lines of changes across 120 files from 23 authors.\n\nExcluding auto-generated files, documentation and release tools, there were approximately\n1,600 lines of changes to 56 .pm, .t, .c and .h files.\n\nPerl continues to flourish into its third decade thanks to a vibrant community of users and\ndevelopers. The following people are known to have contributed the improvements that became\nPerl 5.24.3:\n\nAaron Crane, Craig A. Berry, Dagfinn Ilmari Mannsåker, Dan Collins, Daniel Dragan, Dave\nCross, David Mitchell, Eric Herman, Father Chrysostomos, H.Merijn Brand, Hugo van der Sanden,\nJames E Keenan, Jarkko Hietaniemi, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,\nMatthew Horsfall, Stevan Little, Steve Hay, Steven Humphrey, Tony Cook, Yves Orton.\n\nThe list above is almost certainly incomplete as it is automatically generated from version\ncontrol history. In particular, it does not include the names of the (very much appreciated)\ncontributors who reported issues to the Perl bug tracker.\n\nMany of the changes included in this version originated in the CPAN modules included in\nPerl's core. We're grateful to the entire CPAN community for helping Perl to flourish.\n\nFor a more complete list of all of Perl's historical contributors, please see the AUTHORS\nfile in the Perl source distribution.\n", "subsections": [ { "name": "Reporting Bugs", "content": "If you find what you think is a bug, you might check the articles recently posted to the\ncomp.lang.perl.misc newsgroup and the perl bug database at . There\nmay also be information at , the Perl Home Page.\n\nIf you believe you have an unreported bug, please run the perlbug program included with your\nrelease. Be sure to trim your bug down to a tiny but sufficient test case. Your bug report,\nalong with the output of \"perl -V\", will be sent off to perlbug@perl.org to be analysed by\nthe Perl porting team.\n\nIf the bug you are reporting has security implications which make it inappropriate to send to\na publicly archived mailing list, then see \"SECURITY VULNERABILITY CONTACT INFORMATION\" in\nperlsec for details of how to report the issue.\n" } ] }, "SEE ALSO": { "content": "The Changes file for an explanation of how to view exhaustive details on what changed.\n\nThe INSTALL file for how to build Perl.\n\nThe README file for general stuff.\n\nThe Artistic and Copying files for copyright information.\n\n\n\nperl v5.34.0 2025-07-25 PERL5243DELTA(1)", "subsections": [] } } } }