| PERL5180DELTA(1) | Perl Programmers Reference Guide | PERL5180DELTA(1) |
perl5180delta - what is new for perl v5.18.0
This document describes differences between the v5.16.0 release and the v5.18.0 release.
If you are upgrading from an earlier release such as v5.14.0, first read perl5160delta, which describes differences between v5.14.0 and v5.16.0.
Newly-added experimental features will now require this incantation:
no warnings "experimental::feature_name";
use feature "feature_name"; # would warn without the prev line
There is a new warnings category, called "experimental", containing warnings that the feature pragma emits when enabling experimental features.
Newly-added experimental features will also be given special warning IDs, which consist of "experimental::" followed by the name of the feature. (The plan is to extend this mechanism eventually to all warnings, to allow them to be enabled or disabled individually, and not just by category.)
By saying
no warnings "experimental::feature_name";
you are taking responsibility for any breakage that future changes to, or removal of, the feature may cause.
Since some features (like "~~" or "my $_") now emit experimental warnings, and you may want to disable them in code that is also run on perls that do not recognize these warning categories, consider using the "if" pragma like this:
no if $] >= 5.018, warnings => "experimental::feature_name";
Existing experimental features may begin emitting these warnings, too. Please consult perlexperiment for information on which features are considered experimental.
Changes to the implementation of hashes in perl v5.18.0 will be one of the most visible changes to the behavior of existing code.
By default, two distinct hash variables with identical keys and values may now provide their contents in a different order where it was previously identical.
When encountering these changes, the key to cleaning up from them is to accept that hashes are unordered collections and to act accordingly.
Hash randomization
The seed used by Perl's hash function is now random. This means that the order which keys/values will be returned from functions like "keys()", "values()", and "each()" will differ from run to run.
This change was introduced to make Perl's hashes more robust to algorithmic complexity attacks, and also because we discovered that it exposes hash ordering dependency bugs and makes them easier to track down.
Toolchain maintainers might want to invest in additional infrastructure to test for things like this. Running tests several times in a row and then comparing results will make it easier to spot hash order dependencies in code. Authors are strongly encouraged not to expose the key order of Perl's hashes to insecure audiences.
Further, every hash has its own iteration order, which should make it much more difficult to determine what the current hash seed is.
New hash functions
Perl v5.18 includes support for multiple hash functions, and changed the default (to ONE_AT_A_TIME_HARD), you can choose a different algorithm by defining a symbol at compile time. For a current list, consult the INSTALL document. Note that as of Perl v5.18 we can only recommend use of the default or SIPHASH. All the others are known to have security issues and are for research purposes only.
PERL_HASH_SEED environment variable now takes a hex value
"PERL_HASH_SEED" no longer accepts an integer as a parameter; instead the value is expected to be a binary value encoded in a hex string, such as "0xf5867c55039dc724". This is to make the infrastructure support hash seeds of arbitrary lengths, which might exceed that of an integer. (SipHash uses a 16 byte seed.)
PERL_PERTURB_KEYS environment variable added
The "PERL_PERTURB_KEYS" environment variable allows one to control the level of randomization applied to "keys" and friends.
When "PERL_PERTURB_KEYS" is 0, perl will not randomize the key order at all. The chance that "keys" changes due to an insert will be the same as in previous perls, basically only when the bucket size is changed.
When "PERL_PERTURB_KEYS" is 1, perl will randomize keys in a non-repeatable way. The chance that "keys" changes due to an insert will be very high. This is the most secure and default mode.
When "PERL_PERTURB_KEYS" is 2, perl will randomize keys in a repeatable way. Repeated runs of the same program should produce the same output every time.
"PERL_HASH_SEED" implies a non-default "PERL_PERTURB_KEYS" setting. Setting "PERL_HASH_SEED=0" (exactly one 0) implies "PERL_PERTURB_KEYS=0" (hash key randomization disabled); setting "PERL_HASH_SEED" to any other value implies "PERL_PERTURB_KEYS=2" (deterministic and repeatable hash key randomization). Specifying "PERL_PERTURB_KEYS" explicitly to a different level overrides this behavior.
Hash::Util::hash_seed() now returns a string
Hash::Util::hash_seed() now returns a string instead of an integer. This is to make the infrastructure support hash seeds of arbitrary lengths which might exceed that of an integer. (SipHash uses a 16 byte seed.)
Output of PERL_HASH_SEED_DEBUG has been changed
The environment variable PERL_HASH_SEED_DEBUG now makes perl show both the hash function perl was built with, and the seed, in hex, in use for that process. Code parsing this output, should it exist, must change to accommodate the new format. Example of the new format:
$ PERL_HASH_SEED_DEBUG=1 ./perl -e1
HASH_FUNCTION = MURMUR3 HASH_SEED = 0x1476bb9f
Perl now supports Unicode 6.2. A list of changes from Unicode 6.1 is at <http://www.unicode.org/versions/Unicode6.2.0>.
It is possible to define your own names for characters for use in "\N{...}", "charnames::vianame()", etc. These names can now be comprised of characters from the whole Unicode range. This allows for names to be in your native language, and not just English. Certain restrictions apply to the characters that may be used (you can't define a name that has punctuation in it, for example). See "CUSTOM ALIASES" in charnames.
The following new DTrace probes have been added:
This new variable provides access to the filehandle that was last read. This is the handle used by $. and by "tell" and "eof" without arguments.
This is an experimental feature to allow matching against the union, intersection, etc., of sets of code points, similar to Unicode::Regex::Set. It can also be used to extend "/x" processing to [bracketed] character classes, and as a replacement of user-defined properties, allowing more complex expressions than they do. See "Extended Bracketed Character Classes" in perlrecharclass.
This new feature is still considered experimental. To enable it:
use 5.018;
no warnings "experimental::lexical_subs";
use feature "lexical_subs";
You can now declare subroutines with "state sub foo", "my sub foo", and "our sub foo". ("state sub" requires that the "state" feature be enabled, unless you write it as "CORE::state sub foo".)
"state sub" creates a subroutine visible within the lexical scope in which it is declared. The subroutine is shared between calls to the outer sub.
"my sub" declares a lexical subroutine that is created each time the enclosing block is entered. "state sub" is generally slightly faster than "my sub".
"our sub" declares a lexical alias to the package subroutine of the same name.
For more information, see "Lexical Subroutines" in perlsub.
The loop controls "next", "last" and "redo", and the special "dump" operator, now allow arbitrary expressions to be used to compute labels at run time. Previously, any argument that was not a constant was treated as the empty string.
Several more built-in functions have been added as subroutines to the CORE:: namespace - namely, those non-overridable keywords that can be implemented without custom parsers: "defined", "delete", "exists", "glob", "pos", "prototype", "scalar", "split", "study", and "undef".
As some of these have prototypes, "prototype('CORE::...')" has been changed to not make a distinction between overridable and non-overridable keywords. This is to make "prototype('CORE::pos')" consistent with "prototype(&CORE::pos)".
"kill" has always allowed a negative signal number, which kills the process group instead of a single process. It has also allowed signal names. But it did not behave consistently, because negative signal names were treated as 0. Now negative signals names like "-INT" are supported and treated the same way as -2 [perl #112990].
Some of the changes in the hash overhaul were made to enhance security. Please read that section.
The documentation for "Storable" now includes a section which warns readers of the danger of accepting Storable documents from untrusted sources. The short version is that deserializing certain types of data can lead to loading modules and other code execution. This is documented behavior and wanted behavior, but this opens an attack vector for malicious entities.
If users could provide a translation string to Locale::Maketext, this could be used to invoke arbitrary Perl subroutines available in the current process.
This has been fixed, but it is still possible to invoke any method provided by "Locale::Maketext" itself or a subclass that you are using. One of these methods in turn will invoke the Perl core's "sprintf" subroutine.
In summary, allowing users to provide translation strings without auditing them is a bad idea.
This vulnerability is documented in CVE-2012-6329.
Poorly written perl code that allows an attacker to specify the count to perl's "x" string repeat operator can already cause a memory exhaustion denial-of-service attack. A flaw in versions of perl before v5.15.5 can escalate that into a heap buffer overrun; coupled with versions of glibc before 2.16, it possibly allows the execution of arbitrary code.
The flaw addressed to this commit has been assigned identifier CVE-2012-5195 and was researched by Tim Brown.
Some of the changes in the hash overhaul are not fully compatible with previous versions of perl. Please read that section.
Previously, it warned, and the Unicode REPLACEMENT CHARACTER was substituted. Unicode now recommends that this situation be a syntax error. Also, the previous behavior led to some confusing warnings and behaviors, and since the REPLACEMENT CHARACTER has no use other than as a stand-in for some unknown character, any code that has this problem is buggy.
Since v5.12.0, it has been deprecated to use certain characters in user-defined "\N{...}" character names. These now cause a syntax error. For example, it is now an error to begin a name with a digit, such as in
my $undraftable = "\N{4F}"; # Syntax error!
or to have commas anywhere in the name. See "CUSTOM ALIASES" in charnames.
Unicode 6.0 reused the name "BELL" for a different code point than it traditionally had meant. Since Perl v5.14, use of this name still referred to U+0007, but would raise a deprecation warning. Now, "BELL" refers to U+1F514, and the name for U+0007 is "ALERT". All the functions in charnames have been correspondingly updated.
Unicode has now withdrawn their previous recommendation for regular expressions to automatically handle cases where a single character can match multiple characters case-insensitively, for example, the letter LATIN SMALL LETTER SHARP S and the sequence "ss". This is because it turns out to be impracticable to do this correctly in all circumstances. Because Perl has tried to do this as best it can, it will continue to do so. (We are considering an option to turn it off.) However, a new restriction is being added on such matches when they occur in [bracketed] character classes. People were specifying things such as "/[\0-\xff]/i", and being surprised that it matches the two character sequence "ss" (since LATIN SMALL LETTER SHARP S occurs in this range). This behavior is also inconsistent with using a property instead of a range: "\p{Block=Latin1}" also includes LATIN SMALL LETTER SHARP S, but "/[\p{Block=Latin1}]/i" does not match "ss". The new rule is that for there to be a multi-character case-insensitive match within a bracketed character class, the character must be explicitly listed, and not as an end point of a range. This more closely obeys the Principle of Least Astonishment. See "Bracketed Character Classes" in perlrecharclass. Note that a bug [perl #89774], now fixed as part of this change, prevented the previous behavior from working fully.
Due to an oversight, single character variable names in v5.16 were completely unrestricted. This opened the door to several kinds of insanity. As of v5.18, these now follow the rules of other identifiers, in addition to accepting characters that match the "\p{POSIX_Punct}" property.
There is no longer any difference in the parsing of identifiers specified by using braces versus without braces. For instance, perl used to allow "${foo:bar}" (with a single colon) but not $foo:bar. Now that both are handled by a single code path, they are both treated the same way: both are forbidden. Note that this change is about the range of permissible literal identifiers, not other expressions.
No one could recall why "\s" didn't match "\cK", the vertical tab. Now it does. Given the extreme rarity of that character, very little breakage is expected. That said, here's what it means:
"\s" in a regex now matches a vertical tab in all circumstances.
Literal vertical tabs in a regex literal are ignored when the "/x" modifier is used.
Leading vertical tabs, alone or mixed with other whitespace, are now ignored when interpreting a string as a number. For example:
$dec = " \cK \t 123"; $hex = " \cK \t 0xF"; say 0 + $dec; # was 0 with warning, now 123 say int $dec; # was 0, now 123 say oct $hex; # was 0, now 15
The implementation of this feature has been almost completely rewritten. Although its main intent is to fix bugs, some behaviors, especially related to the scope of lexical variables, will have changed. This is described more fully in the "Selected Bug Fixes" section.
It is no longer possible to abuse the way the parser parses "s///e" like this:
%_=(_,"Just another ");
$_="Perl hacker,\n";
s//_}->{_/e;print
Instead of assigning to an implicit lexical $_, "given" now makes the global $_ an alias for its argument, just like "foreach". However, it still uses lexical $_ if there is lexical $_ in scope (again, just like "foreach") [perl #114020].
Smart match, added in v5.10.0 and significantly revised in v5.10.1, has been a regular point of complaint. Although there are a number of ways in which it is useful, it has also proven problematic and confusing for both users and implementors of Perl. There have been a number of proposals on how to best address the problem. It is clear that smartmatch is almost certainly either going to change or go away in the future. Relying on its current behavior is not recommended.
Warnings will now be issued when the parser sees "~~", "given", or "when". To disable these warnings, you can add this line to the appropriate scope:
no if $] >= 5.018, warnings => "experimental::smartmatch";
Consider, though, replacing the use of these features, as they may change behavior again before becoming stable.
Since it was introduced in Perl v5.10, it has caused much confusion with no obvious solution:
It is our hope that lexical $_ can be rehabilitated, but this may cause changes in its behavior. Please use it with caution until it becomes stable.
Previously, when reading from a stream with I/O layers such as "encoding", the readline() function, otherwise known as the "<>" operator, would read N bytes from the top-most layer. [perl #79960]
Now, N characters are read instead.
There is no change in behaviour when reading from streams with no extra layers, since bytes map exactly to characters.
"glob" overrides used to be passed a magical undocumented second argument that identified the caller. Nothing on CPAN was using this, and it got in the way of a bug fix, so it was removed. If you really need to identify the caller, see Devel::Callsite on CPAN.
The body of a here document inside a quote-like operator now always begins on the line after the "<<foo" marker. Previously, it was documented to begin on the line following the containing quote-like operator, but that was only sometimes the case [perl #114040].
You may no longer write something like:
m/a/and 1
Instead you must write
m/a/ and 1
with whitespace separating the operator from the closing delimiter of the regular expression. Not having whitespace has resulted in a deprecation warning since Perl v5.14.0.
"qw" lists used to fool the parser into thinking they were always surrounded by parentheses. This permitted some surprising constructions such as "foreach $x qw(a b c) {...}", which should really be written "foreach $x (qw(a b c)) {...}". These would sometimes get the lexer into the wrong state, so they didn't fully work, and the similar "foreach qw(a b c) {...}" that one might expect to be permitted never worked at all.
This side effect of "qw" has now been abolished. It has been deprecated since Perl v5.13.11. It is now necessary to use real parentheses everywhere that the grammar calls for them.
Turning on any lexical warnings used first to disable all default warnings if lexical warnings were not already enabled:
$*; # deprecation warning
use warnings "void";
$#; # void warning; no deprecation warning
Now, the "debugging", "deprecated", "glob", "inplace" and "malloc" warnings categories are left on when turning on lexical warnings (unless they are turned off by "no warnings", of course).
This may cause deprecation warnings to occur in code that used to be free of warnings.
Those are the only categories consisting only of default warnings. Default warnings in other categories are still disabled by "use warnings "category"", as we do not yet have the infrastructure for controlling individual warnings.
Due to an accident of history, "state sub" and "our sub" were equivalent to a plain "sub", so one could even create an anonymous sub with "our sub { ... }". These are now disallowed outside of the "lexical_subs" feature. Under the "lexical_subs" feature they have new meanings described in "Lexical Subroutines" in perlsub.
A value stored in an environment variable has always been stringified when inherited by child processes.
In this release, when assigning to %ENV, values are immediately stringified, and converted to be only a byte string.
First, it is forced to be only a string. Then if the string is utf8 and the equivalent of "utf8::downgrade()" works, that result is used; otherwise, the equivalent of "utf8::encode()" is used, and a warning is issued about wide characters ("Diagnostics").
When "require" encounters an unreadable file, it now dies. It used to ignore the file and continue searching the directories in @INC [perl #113422].
The various "gv_fetchmeth_*" XS functions used to treat a package whose named ended with "::SUPER" specially. A method lookup on the "Foo::SUPER" package would be treated as a "SUPER" method lookup on the "Foo" package. This is no longer the case. To do a "SUPER" lookup, pass the "Foo" stash and the "GV_SUPER" flag.
After some changes earlier in v5.17, "split"'s behavior has been simplified: if the PATTERN argument evaluates to a string containing one space, it is treated the way that a literal string containing one space once was.
The following modules will be removed from the core distribution in a future release, and will at that time need to be installed from CPAN. Distributions on CPAN which require these modules will need to list them as prerequisites.
The core versions of these modules will now issue "deprecated"-category warnings to alert you to this fact. To silence these deprecation warnings, install the modules in question from CPAN.
Note that these are (with rare exceptions) fine modules that you are encouraged to continue to use. Their disinclusion from core primarily hinges on their necessity to bootstrapping a fully functional, CPAN-capable Perl installation, not usually on concerns over their design.
For using non-ASCII literal characters in source text, please refer to utf8. For dealing with textual I/O data, please refer to Encode and open.
The following utilities will be removed from the core distribution in a future release as their associated modules have been deprecated. They will remain available with the applicable CPAN distribution.
This interpreter-global variable used to track the total number of Perl objects in the interpreter. It is no longer maintained and will be removed altogether in Perl v5.20.
When a regular expression pattern is compiled with "/x", Perl treats 6 characters as white space to ignore, such as SPACE and TAB. However, Unicode recommends 11 characters be treated thusly. We will conform with this in a future Perl version. In the meantime, use of any of the missing characters will raise a deprecation warning, unless turned off. The five characters are:
U+0085 NEXT LINE
U+200E LEFT-TO-RIGHT MARK
U+200F RIGHT-TO-LEFT MARK
U+2028 LINE SEPARATOR
U+2029 PARAGRAPH SEPARATOR
A user-defined character name with trailing or multiple spaces in a row is likely a typo. This now generates a warning when defined, on the assumption that uses of it will be unlikely to include the excess whitespace.
All the functions used to classify characters will be removed from a future version of Perl, and should not be used. With participating C compilers (e.g., gcc), compiling any file that uses any of these will generate a warning. These were not intended for public use; there are equivalent, faster, macros for most of them.
See "Character classes" in perlapi. The complete list is:
"is_uni_alnum", "is_uni_alnumc", "is_uni_alnumc_lc", "is_uni_alnum_lc", "is_uni_alpha", "is_uni_alpha_lc", "is_uni_ascii", "is_uni_ascii_lc", "is_uni_blank", "is_uni_blank_lc", "is_uni_cntrl", "is_uni_cntrl_lc", "is_uni_digit", "is_uni_digit_lc", "is_uni_graph", "is_uni_graph_lc", "is_uni_idfirst", "is_uni_idfirst_lc", "is_uni_lower", "is_uni_lower_lc", "is_uni_print", "is_uni_print_lc", "is_uni_punct", "is_uni_punct_lc", "is_uni_space", "is_uni_space_lc", "is_uni_upper", "is_uni_upper_lc", "is_uni_xdigit", "is_uni_xdigit_lc", "is_utf8_alnum", "is_utf8_alnumc", "is_utf8_alpha", "is_utf8_ascii", "is_utf8_blank", "is_utf8_char", "is_utf8_cntrl", "is_utf8_digit", "is_utf8_graph", "is_utf8_idcont", "is_utf8_idfirst", "is_utf8_lower", "is_utf8_mark", "is_utf8_perl_space", "is_utf8_perl_word", "is_utf8_posix_digit", "is_utf8_print", "is_utf8_punct", "is_utf8_space", "is_utf8_upper", "is_utf8_xdigit", "is_utf8_xidcont", "is_utf8_xidfirst".
In addition these three functions that have never worked properly are deprecated: "to_uni_lower_lc", "to_uni_title_lc", and "to_uni_upper_lc".
There are three pairs of characters that Perl recognizes as metacharacters in regular expression patterns: "{}", "[]", and "()". These can be used as well to delimit patterns, as in:
m{foo}
s(foo)(bar)
Since they are metacharacters, they have special meaning to regular expression patterns, and it turns out that you can't turn off that special meaning by the normal means of preceding them with a backslash, if you use them, paired, within a pattern delimited by them. For example, in
m{foo\{1,3\}}
the backslashes do not change the behavior, and this matches "f o" followed by one to three more occurrences of "o".
Usages like this, where they are interpreted as metacharacters, are exceedingly rare; we think there are none, for example, in all of CPAN. Hence, this deprecation should affect very little code. It does give notice, however, that any such code needs to change, which will in turn allow us to change the behavior in future Perl versions so that the backslashes do have an effect, and without fear that we are silently breaking any existing code.
A deprecation warning is now raised if the "(" and "?" are separated by white space or comments in "(?...)" regular expression constructs. Similarly, if the "(" and "*" are separated in "(*VERB...)" constructs.
In theory, you can currently build perl without PerlIO. Instead, you'd use a wrapper around stdio or sfio. In practice, this isn't very useful. It's not well tested, and without any support for IO layers or (thus) Unicode, it's not much of a perl. Building without PerlIO will most likely be removed in the next version of perl.
PerlIO supports a "stdio" layer if stdio use is desired. Similarly a sfio layer could be produced in the future, if needed.
Both Windows CE and z/OS have been historically under-maintained, and are currently neither successfully building nor regularly being smoke tested. Efforts are underway to change this situation, but it should not be taken for granted that the platforms are safe and supported. If they do not become buildable and regularly smoked, support for them may be actively removed in future releases. If you have an interest in these platforms and you can lend your time, expertise, or hardware to help support these platforms, please let the perl development effort know by emailing "perl5-porters@perl.org".
Some platforms that appear otherwise entirely dead are also on the short list for removal between now and v5.20.0:
We also think it likely that current versions of Perl will no longer build AmigaOS, DJGPP, NetWare (natively), OS/2 and Plan 9. If you are using Perl on such a platform and have an interest in ensuring Perl's future on them, please contact us.
We believe that Perl has long been unable to build on mixed endian architectures (such as PDP-11s), and intend to remove any remaining support code. Similarly, code supporting the long unmaintained GNU dld will be removed soon if no-one makes themselves known as an active user.
Perl has supported the idiom of swapping $< and $> (and likewise $( and $)) to temporarily drop permissions since 5.0, like this:
($<, $>) = ($>, $<);
However, this idiom modifies the real user/group id, which can have undesirable side-effects, is no longer useful on any platform perl supports and complicates the implementation of these variables and list assignment in general.
As an alternative, assignment only to $> is recommended:
local $> = $<;
See also: Setuid Demystified <http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf>.
There are several bugs and inconsistencies involving combinations of "\Q" and escapes like "\x", "\L", etc., within a "\Q...\E" pair. These need to be fixed, and doing so will necessarily change current behavior. The changes have not yet been settled.
Do not enable this unless you know exactly what you are getting yourself into.
For a complete list of updates, run:
$ corelist --diff 5.16.0 5.18.0
You can substitute your favorite version in place of 5.16.0, too.
Work around an edge case on Linux with Busybox's unzip.
ptar now supports the -T option as well as dashless options [rt.cpan.org #75473], [rt.cpan.org #75475].
Auto-encode filenames marked as UTF-8 [rt.cpan.org #75474].
Don't use "tell" on IO::Zlib handles [rt.cpan.org #64339].
Don't try to "chown" on symlinks.
"autodie" now plays nicely with the 'open' pragma.
The "stashoff" method of COPs has been added. This provides access to an internal field added in perl 5.16 under threaded builds [perl #113034].
"B::COP::stashpv" now supports UTF-8 package names and embedded NULs.
All "CVf_*" and "GVf_*" and more SV-related flag values are now provided as constants in the "B::" namespace and available for export. The default export list has not changed.
This makes the module work with the new pad API.
The "-nobanner" option has been fixed, and "format"s can now be dumped. When passed a sub name to dump, it will check also to see whether it is the name of a format. If a sub and a format share the same name, it will dump both.
This adds support for the new "OpMAYBE_TRUEBOOL" and "OPpTRUEBOOL" flags.
This adds support (experimentally) for "B::PADLIST", which was added in Perl 5.17.4.
Avoid warning when run under "perl -w".
It now deparses loop controls with the correct precedence, and multiple statements in a "format" line are also now deparsed correctly.
This release suppresses trailing semicolons in formats.
This release adds stub deparsing for lexical subroutines.
It no longer dies when deparsing "sort" without arguments. It now correctly omits the comma for "system $prog @args" and "exec $prog @args".
The overrides for "hex" and "oct" have been rewritten, eliminating several problems, and making one incompatible change:
Carp is no longer confused when "caller" returns undef for a package that has been deleted.
The "longmess()" and "shortmess()" functions are now documented.
Unrecognized HTML escape sequences are now handled better, problematic trailing newlines are no longer inserted after <form> tags by "startform()" or "start_form()", and bogus "Insecure Dependency" warnings appearing with some versions of perl are now worked around.
The constructor now respects overridden accessor methods [perl #29230].
The misuse of Perl's "magic" API has been fixed.
Upgrade bundled zlib to version 1.2.7.
Fix build failures on Irix, Solaris, and Win32, and also when building as C++ [rt.cpan.org #69985], [rt.cpan.org #77030], [rt.cpan.org #75222].
The misuse of Perl's "magic" API has been fixed.
"compress()", "uncompress()", "memGzip()" and "memGunzip()" have been speeded up by making parameter validation more efficient.
Treat undef requirements to "from_string_hash" as 0 (with a warning).
Added "requirements_for_module" method.
Allow adding blib/script to PATH.
Save the history between invocations of the shell.
Handle multiple "makemakerargs" and "makeflags" arguments better.
This resolves issues with the SQLite source engine.
It has been optimized to only build a seen-scalar hash as necessary, thereby speeding up serialization drastically.
Additional tests were added in order to improve statement, branch, condition and subroutine coverage. On the basis of the coverage analysis, some of the internals of Dumper.pm were refactored. Almost all methods are now documented.
The main Perl module no longer uses the "@_" construct.
This fixes compilation with C++ compilers and makes the module work with the new pad API.
Fix "Digest::Perl::MD5" OO fallback [rt.cpan.org #66634].
This fixes a double-free bug, which might have caused vulnerabilities in some cases.
This is due to a minor code change in the XS for the VMS implementation.
This fixes warnings about using "CODE" sections without an "OUTPUT" section.
The Mac alias x-mac-ce has been added, and various bugs have been fixed in Encode::Unicode, Encode::UTF7 and Encode::GSM0338.
Its SPLICE implementation no longer misbehaves in list context.
Manifest files are now correctly embedded for those versions of VC++ which make use of them. [perl #111782, #111798].
A list of symbols to export can now be passed to "link()" when on Windows, as on other OSes [perl #115100].
The generated C code now avoids unnecessarily incrementing "PL_amagic_generation" on Perl versions where it's done automatically (or on current Perl where the variable no longer exists).
This avoids a bogus warning for initialised XSUB non-parameters [perl #112776].
"copy()" no longer zeros files when copying into the same directory, and also now fails (as it has long been documented to do) when attempting to copy a file over itself.
The internal cache of file names that it keeps for each caller is now freed when that caller is freed. This means "use File::DosGlob 'glob'; eval 'scalar <*>'" no longer leaks memory.
Added the 'file_default' option for URLs that do not have a file component.
Use "File::HomeDir" when available, and provide "PERL5_CPANPLUS_HOME" to override the autodetection.
Always re-fetch CHECKSUMS if "fetchdir" is set.
This fixes inconsistent unixy path handling on VMS.
Individual files may now appear in list of directories to be searched [perl #59750].
File::Glob has had exactly the same fix as File::DosGlob. Since it is what Perl's own "glob" operator itself uses (except on VMS), this means "eval 'scalar <*>'" no longer leaks.
A space-separated list of patterns return long lists of results no longer results in memory corruption or crashes. This bug was introduced in Perl 5.16.0. [perl #114984]
"abs2rel" could produce incorrect results when given two relative paths or the root directory twice [perl #111510].
"File::stat" ignores the filetest pragma, and warns when used in combination therewith. But it was not warning for "-r". This has been fixed [perl #111640].
"-p" now works, and does not return false for pipes [perl #111638].
Previously "File::stat"'s overloaded "-x" and "-X" operators did not give the correct results for directories or executable files when running as root. They had been treating executable permissions for root just like for any other user, performing group membership tests etc for files not owned by root. They now follow the correct Unix behaviour - for a directory they are always true, and for a file if any of the three execute permission bits are set then they report that root can execute the file. Perl's builtin "-x" and "-X" operators have always been correct.
Fixes various bugs involving directory removal. Defers unlinking tempfiles if the initial unlink fails, which fixes problems on NFS.
The undocumented optional fifth parameter to "TIEHASH" has been removed. This was intended to provide control of the callback used by "gdbm*" functions in case of fatal errors (such as filesystem problems), but did not work (and could never have worked). No code on CPAN even attempted to use it. The callback is now always the previous default, "croak". Problems on some platforms with how the "C" "croak" function is called have also been resolved.
"hash_unlocked" and "hashref_unlocked" now returns true if the hash is unlocked, instead of always returning false [perl #112126].
"hash_unlocked", "hashref_unlocked", "lock_hash_recurse" and "unlock_hash_recurse" are now exportable [perl #112126].
Two new functions, "hash_locked" and "hashref_locked", have been added. Oddly enough, these two functions were already exported, even though they did not exist [perl #112126].
Add SSL verification features [github #6], [github #9].
Include the final URL in the response hashref.
Add "local_address" option.
This improves SSL support.
"sync()" can now be called on read-only file handles [perl #64772].
IO::Socket tries harder to cache or otherwise fetch socket information.
Use "POSIX::_exit" instead of "exit" in "run_forked" [rt.cpan.org #76901].
The "open3()" function no longer uses "POSIX::close()" to close file descriptors since that breaks the ref-counting of file descriptors done by PerlIO in cases where the file descriptors are shared by PerlIO streams, leading to attempts to close the file descriptors a second time when any such PerlIO streams are closed later on.
It includes some new codes.
Fix the "MERGE" cache option.
Fixed bug where modules without $VERSION might have a version of '0' listed in 'provides' metadata, which will be rejected by PAUSE.
Fixed bug in PodParser to allow numerals in module names.
Fixed bug where giving arguments twice led to them becoming arrays, resulting in install paths like ARRAY(0xdeadbeef)/lib/Foo.pm.
A minor bug fix allows markup to be used around the leading "Name" in a POD "abstract" line, and some documentation improvements have been made.
Version information is now stored as a delta, which greatly reduces the size of the CoreList.pm file.
This restores compatibility with older versions of perl and cleans up the corelist data for various modules.
Fix use of "requires" on perls installed to a path with spaces.
Various enhancements include the new use of Module::Metadata.
The creation of a Module::Metadata object for a typical module file has been sped up by about 40%, and some spurious warnings about $VERSIONs have been suppressed.
Amongst other changes, triggers are now allowed on events, which gives a powerful way to modify behaviour.
This fixes some test failures on Windows.
Reflect the removal of the boolkeys opcode and the addition of the clonecv, introcv and padcv opcodes.
"no overload" now warns for invalid arguments, just like "use overload".
This is the module implementing the ":encoding(...)" I/O layer. It no longer corrupts memory or crashes when the encoding back-end reallocates the buffer or gives it a typeglob or shared hash key scalar.
The buffer scalar supplied may now only contain code points 0xFF or lower. [perl #109828]
This fixes a bug detecting the VOS operating system.
The option "--libpods" has been reinstated. It is deprecated, and its use does nothing other than issue a warning that it is no longer supported.
Since the HTML files generated by pod2html claim to have a UTF-8 charset, actually write the files out using UTF-8 [perl #111446].
Numerous improvements have been made, mostly to Pod::Simple::XHTML, which also has a compatibility change: the "codes_in_verbatim" option is now disabled by default. See cpan/Pod-Simple/ChangeLog for the full details.
Single character [class]es like "/[s]/" or "/[s]/i" are now optimized as if they did not have the brackets, i.e. "/s/" or "/s/i".
See note about "op_comp" in the "Internal Changes" section below.
Fix interactions with "Devel::Cover".
Don't eval code under "no strict".
Fix an overloading issue with "sum".
"first" and "reduce" now check the callback first (so &first(1) is disallowed).
Fix "tainted" on magical values [rt.cpan.org #55763].
Fix "sum" on previously magical values [rt.cpan.org #61118].
Fix reading past the end of a fixed buffer [rt.cpan.org #72700].
No longer require "stat" on filehandles.
Use "fc" for casefolding.
Constants and functions required for IP multicast source group membership have been added.
"unpack_sockaddr_in()" and "unpack_sockaddr_in6()" now return just the IP address in scalar context, and "inet_ntop()" now guards against incorrect length scalars being passed in.
This fixes an uninitialized memory read.
Modifying $_[0] within "STORABLE_freeze" no longer results in crashes [perl #112358].
An object whose class implements "STORABLE_attach" is now thawed only once when there are multiple references to it in the structure being thawed [perl #111918].
Restricted hashes were not always thawed correctly [perl #73972].
Storable would croak when freezing a blessed REF object with a "STORABLE_freeze()" method [perl #113880].
It can now freeze and thaw vstrings correctly. This causes a slight incompatible change in the storage format, so the format version has increased to 2.9.
This contains various bugfixes, including compatibility fixes for older versions of Perl and vstring handling.
This contains several bug fixes relating to "getservbyname()", "setlogsock()"and log levels in "syslog()", together with fixes for Windows, Haiku-OS and GNU/kFreeBSD. See cpan/Sys-Syslog/Changes for the full details.
Add support for italics.
Improve error handling.
Fix glob semantics on Win32 [rt.cpan.org #49732].
Don't use "Win32::GetShortPathName" when calling perl [rt.cpan.org #47890].
Ignore -T when reading shebang [rt.cpan.org #64404].
Handle the case where we don't know the wait status of the test more gracefully.
Make the test summary 'ok' line overridable so that it can be changed to a plugin to make the output of prove idempotent.
Don't run world-writable files.
This adds the option to warn about or ignore attempts to clone structures that can't be cloned, as opposed to just unconditionally dying in that case.
This adds support for dual-valued values as created by Scalar::Util::dualvar.
"READ" now respects the offset argument to "read" [perl #112826].
Seconds values greater than 59 but less than 60 no longer cause "timegm()" and "timelocal()" to croak.
This adds a function all_casefolds() that returns all the casefolds.
New APIs have been added for getting and setting the current code page.
perlcheat
perldata
perldiag
perlfaq
perlfunc
perlop
Diagnostics
The following additions or changes have been made to diagnostic output, including warnings and fatal error messages. For the complete list of diagnostic messages, see perldiag.
New Errors
This message now occurs when a here document label has an initial quotation mark but the final quotation mark is missing.
This replaces a bogus and misleading error message about not finding the label itself [perl #114104].
This error is thrown when a child pseudo-process in the ithreads implementation on Windows was not scheduled within the time period allowed and therefore was not able to initialize properly [perl #88840].
This error has been added for "(?&0)", which is invalid. It used to produce an incomprehensible error message [perl #101666].
Calling an undefined value as a subroutine now produces this error message. It used to, but was accidentally disabled, first in Perl 5.004 for non-magical variables, and then in Perl v5.14 for magical (e.g., tied) variables. It has now been restored. In the mean time, undef was treated as an empty string [perl #113576].
To use lexical subs, you must first enable them:
no warnings 'experimental::lexical_subs';
use feature 'lexical_subs';
my sub foo { ... }
New Warnings
(W closure) During compilation, an inner named subroutine or eval is attempting to capture an outer lexical subroutine that is not currently available. This can happen for one of two reasons. First, the lexical subroutine may be declared in an outer anonymous subroutine that has not yet been created. (Remember that named subs are created at compile time, while anonymous subs are created at run-time.) For example,
sub { my sub a {...} sub f { \&a } }
At the time that f is created, it can't capture the current the "a" sub, since the anonymous subroutine hasn't been created yet. Conversely, the following won't give a warning since the anonymous subroutine has by now been created and is live:
sub { my sub a {...} eval 'sub f { \&a }' }->();
The second situation is caused by an eval accessing a variable that has gone out of scope, for example,
sub f {
my sub a {...}
sub { eval '\&a' }
}
f()->();
Here, when the '\&a' in the eval is being compiled, f() is not currently being executed, so its &a is not available for capture.
(W misc) A "my" or "state" subroutine has been redeclared in the current scope or statement, effectively eliminating all access to the previous instance. This is almost always a typographical error. Note that the earlier subroutine will still exist until the end of the scope or until all closure references to it are destroyed.
(S experimental) This warning is emitted if you enable an experimental feature via "use feature". Simply suppress the warning if you want to use the feature, but know that in doing so you are taking the risk of using an experimental feature which may change or be removed in a future Perl version:
no warnings "experimental::lexical_subs";
use feature "lexical_subs";
(W overflow) You called "sleep" with a number that was larger than it can reliably handle and "sleep" probably slept for less time than requested.
Attempts to put wide characters into environment variables via %ENV now provoke this warning.
"chr()" now warns when passed a negative value [perl #83048].
"srand()" now warns when passed a value that doesn't fit in a "UV" (since the value will be truncated rather than overflowing) [perl #40605].
Running perl with the "-i" flag now warns if no input files are provided on the command line [perl #113410].
The warning that use of $* and $# is no longer supported is now generated for every location that references them. Previously it would fail to be generated if another variable using the same typeglob was seen first (e.g. "@*" before $*), and would not be generated for the second and subsequent uses. (It's hard to fix the failure to generate warnings at all without also generating them every time, and warning every time is consistent with the warnings that $[ used to generate.)
Constant overloading that returns "undef" results in this error message. For numeric constants, it used to say "Constant(undef)". "undef" has been replaced with the number itself.
This warning was not suppressible, even with "no warnings". Now it is suppressible, and has been moved from the "internal" category to the "printf" category.
This fatal error has been turned into a warning that reads:
Quantifier {n,m} with n > m can't match in regex
(W regexp) Minima should be less than or equal to maxima. If you really want your regexp to match something 0 times, just put {0}.
h2xs
When set, it includes 'api_versionstring' in 'archname'. E.g. x86_64-linux-5.13.6-thread-multi. It is unset by default.
This feature was requested by Tim Bunce, who observed that "INSTALL_BASE" creates a library structure that does not differentiate by perl version. Instead, it places architecture specific files in "$install_base/lib/perl5/$archname". This makes it difficult to use a common "INSTALL_BASE" library path with multiple versions of perl.
By setting "-Duseversionedarchname", the $archname will be distinct for architecture and API version, allowing mixed use of "INSTALL_BASE".
If "PERL_NO_INLINE_FUNCTIONS" is defined, don't include "inline.h"
This permits test code to include the perl headers for definitions without creating a link dependency on the perl library (which may not exist yet).
AIX
Configure now always adds "-qlanglvl=extc99" to the CC flags on AIX when using xlC. This will make it easier to compile a number of XS-based modules that assume C99 [perl #113778].
clang++
There is now a workaround for a compiler bug that prevented compiling with clang++ since Perl v5.15.7 [perl #112786].
C++
When compiling the Perl core as C++ (which is only semi-supported), the mathom functions are now compiled as "extern "C"", to ensure proper binary compatibility. (However, binary compatibility isn't generally guaranteed anyway in the situations where this would matter.)
Darwin
Stop hardcoding an alignment on 8 byte boundaries to fix builds using -Dusemorebits.
Haiku
Perl should now work out of the box on Haiku R1 Alpha 4.
MidnightBSD
"libc_r" was removed from recent versions of MidnightBSD and older versions work better with "pthread". Threading is now enabled using "pthread" which corrects build errors with threading enabled on 0.4-CURRENT.
Solaris
In Configure, avoid running sed commands with flags not supported on Solaris.
VMS
Win32
Perl no longer mangles the environment block, e.g. when launching a new sub-process, when the environment contains non-ASCII characters. Known problems still remain, however, when the environment contains characters outside of the current ANSI codepage (e.g. see the item about Unicode in %ENV in <http://perl5.git.perl.org/perl.git/blob/HEAD:/Porting/todo.pod>). [perl #113536]
Machine code size reductions, already made to the DLLs of XS modules in Perl v5.17.2, have now been extended to the perl DLL itself.
Building with VC++ 6.0 was inadvertently broken in Perl v5.17.2 but has now been fixed again.
WinCE
Building on WinCE is now possible once again, although more work is required to fully restore a clean build.
So this is now a syntax error:
if (!SvUPGRADE(sv)) { croak(...); }
If you have code like that, simply replace it with
SvUPGRADE(sv);
or to avoid compiler warnings with older perls, possibly
(void)SvUPGRADE(sv);
It can be enabled in a perl build by running Configure with -Accflags=-DPERL_NEW_COPY_ON_WRITE, and we would encourage XS authors to try their code with such an enabled perl, and provide feedback. Unfortunately, there is not yet a good guide to updating XS code to cope with COW. Until such a document is available, consult the perl5-porters mailing list.
It breaks a few XS modules by allowing copy-on-write scalars to go through code paths that never encountered them before.
Use the SvIsCOW macro (as before) to identify a copy-on-write scalar.
"PADLIST"s are now longer "AV"s, but their own type instead. "PADLIST"s now contain a "PAD" and a "PADNAMELIST" of "PADNAME"s, rather than "AV"s for the pad and the list of pad names. "PAD"s, "PADNAMELIST"s, and "PADNAME"s are to be accessed as such through the newly added pad API instead of the plain "AV" and "SV" APIs. See perlapi for details.
The staleness of the overload tables is now checked when overload methods are invoked, rather than during "bless".
"A" magic is gone. The changes to the handling of the "SVf_AMAGIC" flag eliminate the need for it.
"PL_amagic_generation" has been removed as no longer necessary. For XS modules, it is now a macro alias to "PL_na".
The fallback overload setting is now stored in a stash entry separate from overloadedness itself.
Commit da6b625f78f5f133 in August 2011 inadvertently broke the code that looks up values in "PL_stashcache". As it's only a cache, quite correctly everything carried on working without it.
$_ = 'x' x 1_000_000;
1 while /(.)/;
used to skip the buffer copy for performance reasons, but suffered from $1 etc changing if the original string changed. That's now been fixed.
Objects that were created before a class had any overloading used to remain non-overloaded even if the class gained overloading through "use overload" or @ISA changes, and even after "bless". This has been fixed [perl #112708].
/(?{ $x='{' })/
This means that this error message is no longer generated:
Sequence (?{...}) not terminated or not {}-balanced in regex
but a new error may be seen:
Sequence (?{...}) not terminated with ')'
In addition, literal code blocks within run-time patterns are only compiled once, at perl compile-time:
for my $p (...) {
# this 'FOO' block of code is compiled once,
# at the same time as the surrounding 'for' loop
/$p{(?{FOO;})/;
}
for my $i (0..2) {
push @r, qr/^(??{$i})$/;
}
"1" =~ $r[1]; # matches
my $r = qr/abc(?{....})def/;
/xyz$r/;
my $code = '(??{$x})';
for my $x (1..3) {
# recompile to see fresh value of $x each time
$x =~ /$code/;
}
"AB" =~ /a(??{'b'})/i;
use re 'eval'; $c = '(?{ warn "foo" })'; /$c/;
/(?{ warn "foo" })/;
formerly gave:
foo at (re_eval 1) line 1.
foo at (re_eval 2) line 1.
and now gives:
foo at (eval 1) line 1.
foo at /some/prog line 2.
This mirrors the behaviour of the hash iterator when the hash is cleared.
The interaction of UTF8-flagged strings and %ENV on HP-UX 11.00 is currently dodgy in some not-yet-fully-diagnosed way. Expect test failures in t/op/magic.t, followed by unknown behavior when storing wide characters in the environment.
Hojung Yoon (AMORETTE), 24, of Seoul, South Korea, went to his long rest on May 8, 2013 with llama figurine and autographed TIMTOADY card. He was a brilliant young Perl 5 & 6 hacker and a devoted member of Seoul.pm. He programmed Perl, talked Perl, ate Perl, and loved Perl. We believe that he is still programming in Perl with his broken IBM laptop somewhere. He will be missed.
Perl v5.18.0 represents approximately 12 months of development since Perl v5.16.0 and contains approximately 400,000 lines of changes across 2,100 files from 113 authors.
Perl continues to flourish into its third decade thanks to a vibrant community of users and developers. The following people are known to have contributed the improvements that became Perl v5.18.0:
Aaron Crane, Aaron Trevena, Abhijit Menon-Sen, Adrian M. Enache, Alan Haggai Alavi, Alexandr Ciornii, Andrew Tam, Andy Dougherty, Anton Nikishaev, Aristotle Pagaltzis, Augustina Blair, Bob Ernst, Brad Gilbert, Breno G. de Oliveira, Brian Carlson, Brian Fraser, Charlie Gonzalez, Chip Salzenberg, Chris 'BinGOs' Williams, Christian Hansen, Colin Kuskie, Craig A. Berry, Dagfinn Ilmari Mannsåker, Daniel Dragan, Daniel Perrett, Darin McBride, Dave Rolsky, David Golden, David Leadbeater, David Mitchell, David Nicol, Dominic Hargreaves, E. Choroba, Eric Brine, Evan Miller, Father Chrysostomos, Florian Ragwitz, François Perrad, George Greer, Goro Fuji, H.Merijn Brand, Herbert Breunung, Hugo van der Sanden, Igor Zaytsev, James E Keenan, Jan Dubois, Jasmine Ahuja, Jerry D. Hedden, Jess Robinson, Jesse Luehrs, Joaquin Ferrero, Joel Berger, John Goodyear, John Peacock, Karen Etheridge, Karl Williamson, Karthik Rajagopalan, Kent Fredric, Leon Timmermans, Lucas Holt, Lukas Mai, Marcus Holland-Moritz, Markus Jansen, Martin Hasch, Matthew Horsfall, Max Maischein, Michael G Schwern, Michael Schroeder, Moritz Lenz, Nicholas Clark, Niko Tyni, Oleg Nesterov, Patrik Hägglund, Paul Green, Paul Johnson, Paul Marquess, Peter Martini, Rafael Garcia-Suarez, Reini Urban, Renee Baecker, Rhesa Rozendaal, Ricardo Signes, Robin Barker, Ronald J. Kimball, Ruslan Zakirov, Salvador Fandiño, Sawyer X, Scott Lanning, Sergey Alekseev, Shawn M Moore, Shirakata Kentaro, Shlomi Fish, Sisyphus, Smylers, Steffen Müller, Steve Hay, Steve Peters, Steven Schubiger, Sullivan Beck, Sven Strickroth, Sébastien Aperghis-Tramoni, Thomas Sibley, Tobias Leich, Tom Wyant, Tony Cook, Vadim Konovalov, Vincent Pit, Volker Schatz, Walt Mankowski, Yves Orton, Zefram.
The list above is almost certainly incomplete as it is automatically generated from version control history. In particular, it does not include the names of the (very much appreciated) contributors who reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN modules included in Perl's core. We're grateful to the entire CPAN community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl source distribution.
If you find what you think is a bug, you might check the articles recently posted to the comp.lang.perl.misc newsgroup and the perl bug database at http://rt.perl.org/perlbug/ . There may also be information at http://www.perl.org/ , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug program included with your release. Be sure to trim your bug down to a tiny but sufficient test case. Your bug report, along with the output of "perl -V", will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
If the bug you are reporting has security implications, which make it inappropriate to send to a publicly archived mailing list, then please send it to perl5-security-report@perl.org. This points to a closed subscription unarchived mailing list, which includes all the core committers, who will be able to help assess the impact of issues, figure out a resolution, and help co-ordinate the release of patches to mitigate or fix the problem across all platforms on which Perl is supported. Please only use this address for security issues in the Perl core, not for modules independently distributed on CPAN.
The Changes file for an explanation of how to view exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
| 2023-11-25 | perl v5.36.0 |