PERL5320DELTA(1) | Perl Programmers Reference Guide | PERL5320DELTA(1) |
perl5320delta - what is new for perl v5.32.0
This document describes differences between the 5.30.0 release and the 5.32.0 release.
If you are upgrading from an earlier release such as 5.28.0, first read perl5300delta, which describes differences between 5.28.0 and 5.30.0.
A new experimental infix operator called "isa" tests whether a given object is an instance of a given class or a class derived from it:
if( $obj isa Package::Name ) { ... }
For more detail see "Class Instance Operator" in perlop.
See <https://www.unicode.org/versions/Unicode13.0.0/> for details.
Some comparison operators, as their associativity, chain with some operators of the same precedence (but never with operators of different precedence).
if ( $x < $y <= $z ) {...}
behaves exactly like:
if ( $x < $y && $y <= $z ) {...}
(assuming that "$y" is as simple a scalar as it looks.)
You can read more about this in perlop under "Operator Precedence and Associativity" in perlop.
Unicode has revised its regular expression requirements: <https://www.unicode.org/reports/tr18/tr18-21.html>. As part of that they are wanting more properties to be exposed, ones that aren't part of the strict UCD (Unicode character database). These two are used for examining inputs for security purposes. Details on their usage is at <https://www.unicode.org/reports/tr39/>.
The Unicode Name property is now accessible in regular expression patterns, as an alternative to "\N{...}". A comparison of the two methods is given in "Comparison of \N{...} and \p{name=...}" in perlunicode.
The second example above shows that wildcard subpatterns are also usable in this property. See "Wildcards in Property Values" in perlunicode.
The "POSIX::mblen()", "mbtowc", and "wctomb" functions now work on shift state locales and are thread-safe on C99 and above compilers when executed on a platform that has locale thread-safety; the length parameters are now optional.
These functions are always executed under the current C language locale. (See perllocale.) Most locales are stateless, but a few, notably the very rarely encountered ISO 2022, maintain a state between calls to these functions. Previously the state was cleared on every call, but now the state is not reset unless the appropriate parameter is "undef".
On threaded perls, the C99 functions mbrlen(3), mbrtowc(3), and wcrtomb(3), when available, are substituted for the plain functions. This makes these functions thread-safe when executing on a locale thread-safe platform.
The string length parameters in "mblen" and "mbtowc" are now optional; useful only if you wish to restrict the length parsed in the source string to less than the actual length.
See "(*pla:pattern)" in perlre, "(*plb:pattern)" in perlre, "(*nla:pattern)" in perlre>, and "(*nlb:pattern)" in perlre. Use of these no longer generates a warning; existing code that disables the warning category "experimental::alpha_assertions" will continue to work without any changes needed. Enabling the category has no effect.
See "Script Runs" in perlre. Use of these no longer generates a warning; existing code that disables the warning category "experimental::script_run" will continue to work without any changes needed. Enabling the category has no effect.
Previously feature checks in the parser required a hash lookup when features were set outside of a feature bundle, this has been optimized to a bit mask check. [GH #17229 <https://github.com/Perl/perl5/issues/17229>]
Perl is now developed on GitHub. You can find us at <https://github.com/Perl/perl5>.
Non-security bugs should now be reported via GitHub. Security issues should continue to be reported as documented in perlsec.
This is primarily useful for tracking down bugs in the regular expression compiler. This dump happens on "-DDEBUGGING" perls, if you specify "-Drv" on the command line; or on any perl if the pattern is compiled within the scope of "use re qw(Debug DUMP_PRE_OPTIMIZE)" or "use re qw(Debug COMPILE EXTRA)". (All but the second case display other information as well.)
A signed "size_t" integer overflow in the storage space calculations for nested regular expression quantifiers could cause a heap buffer overflow in Perl's regular expression compiler that overwrites memory allocated after the regular expression storage space with attacker supplied data.
The target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64-bit systems.
Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
Integer overflows in the calculation of offsets between instructions for the regular expression engine could cause corruption of the intermediate language state of a compiled regular expression. An attacker could abuse this behaviour to insert instructions into the compiled form of a Perl regular expression.
Discovered by: Hugo van der Sanden and Slaven Rezic.
Recursive calls to "S_study_chunk()" by Perl's regular expression compiler to optimize the intermediate language representation of a regular expression could cause corruption of the intermediate language state of a compiled regular expression.
Discovered by: Sergey Aleynikov.
An application written in Perl would only be vulnerable to any of the above flaws if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.
These few features are either inappropriate or interfere with the algorithm used to accomplish this task. The complete list is in "Wildcards in Property Values" in perlunicode.
These functions could never have worked due to a defective interface specification. There is clearly no demand for them, given that no one has ever complained in the many years the functions were claimed to be available, hence so-called "support" for them is now dropped.
See "Selected Bug Fixes". The heuristics previously used may have let some constructs compile (perhaps not with the programmer's intended effect) that should have been errors. None are known, but it is possible that some erroneous constructs no longer compile.
Previously, if and only if a user-defined property was declared prior to the compilation of the regular expression pattern that contains it, its definition was used instead of any official Unicode property with the same name. Now, it always overrides the official property. This change could break existing code that relied (likely unwittingly) on the previous behavior. Without this fix, if Unicode released a new version with a new property that happens to have the same name as the one you had long been using, your program would break when you upgraded to a perl that used that new Unicode version. See "User-Defined Character Properties" in perlunicode. [GH #17205 <https://github.com/Perl/perl5/issues/17205>]
Code like:
my $var; $sub = sub () { $var };
where $var is referenced elsewhere in some sort of modifiable context now produces an exception when the sub is defined.
This error can be avoided by adding a return to the sub definition:
$sub = sub () { return $var };
This has been deprecated since Perl 5.22. [GH #17020] <https://github.com/Perl/perl5/issues/17020>
Such strings are represented internally in UTF-8, and "vec" is a bit-oriented operation that will likely give unexpected results on those strings. This was deprecated in perl 5.28.0.
Some uses of these were already illegal after a previous deprecation cycle. The remaining uses are now prohibited, having been deprecated in perl 5.28.0. See perldeprecation.
This usage was deprecated in perl 5.28.0 and is now fatal.
Previously a range "0" .. "-1" would produce a range of numeric strings from "0" through "99"; this now produces an empty list, just as "0 .. -1" does. This also means that "0" .. "9" now produces a list of integers, where previously it would produce a list of strings.
This was due to a special case that treated strings starting with "0" as strings so ranges like "00" .. "03" produced "00", "01", "02", "03", but didn't specially handle the string "0". [GH #16770] <https://github.com/Perl/perl5/issues/16770>
This was disallowed because it causes unexpected behaviour, and no-one could define what the desired behaviour should be. [GH #14638] <https://github.com/Perl/perl5/issues/14638>
The test files generated on Win32 are now identical to when they are generated on POSIX-like systems.
Previously, when dumping elements of an array and encountering an undefined value, the string printed would have been "empty array". This has been changed to what was apparently originally intended: "empty slot".
A new "indirect" feature has been added, which is enabled by default but allows turning off indirect object syntax.
On Win32, the tests no longer require either a file in the drive root directory, or a writable root directory.
The Synopsis has been updated as the example code stopped working with newer perls. [GH #17399 <https://github.com/Perl/perl5/issues/17399>]
Document the "IGNORE_WIN32_LOCALE" environment variable.
IO::Socket no longer caches a zero protocol value, since this indicates that the implementation will select a protocol. This means that on platforms that don't implement "SO_PROTOCOL" for a given socket type the protocol method may return "undef".
The supplied TO is now always honoured on calls to the "send()" method. [GH #16891] <https://github.com/Perl/perl5/issues/16891>
Use of "note()" from Test::More is now optional in tests. This works around a circular dependency with Test::More when installing on very old perls from CPAN.
Vstring magic strings over 2GB are now disallowed.
Regular expressions objects weren't properly counted for object id purposes on retrieve. This would corrupt the resulting structure, or cause a runtime error in some cases. [GH #17037] <https://github.com/Perl/perl5/issues/17037>
Removed obsolete code such as support for pre-5.6 perl and classic MacOS. [GH #17096] <https://github.com/Perl/perl5/issues/17096>
We have attempted to update the documentation to reflect the changes listed in this document. If you find any we have missed, open an issue at <https://github.com/Perl/perl5/issues>.
Additionally, the following selected changes have been made:
perldebguts
Update "BOUND" and "NBOUND" definitions.
This node is like "ANYOFHb", but is used when more than one leading byte is the same in all the matched code points.
"ANYOFHb" is used to avoid having to convert from UTF-8 to code point for something that won't match. It checks that the first byte in the UTF-8 encoded target is the desired one, thus ruling out most of the possible code points.
perlapi
perldiag
(S experimental::isa) This warning is emitted if you use the ("isa") operator. This operator is currently experimental and its behaviour may change in future releases of Perl.
perlfunc
perlguts
perlhacktips
perlintro
perlipc
perlop
This is an experimental feature and is available when enabled by "use feature 'isa'". It emits a warning in the "experimental::isa" category.
perlpod
perlport
perlreref
perlvar
perlapi, perlintern
perlxs
POSIX
Additionally, the following selected changes have been made:
Updating of links
Where applicable, the URLs in the documentation have been moved from using the "http://" protocol to "https://". This also affects the location of the bug tracker at <https://rt.perl.org>.
The following additions or changes have been made to diagnostic output, including warnings and fatal error messages. For the complete list of diagnostic messages, see perldiag.
New Errors
This is a replacement for several error messages listed under "Changes to Existing Diagnostics".
(F) No hexadecimal digits were found following "0x" or no binary digits were found following "0b".
New Warnings
This is actually not a new message, but it is now output when the warnings category "portable" is enabled.
When raised during regular expression pattern compilation, the warning has extra text added at the end marking where precisely in the pattern it occurred.
This replaces a warning that was much less specific, and which gave false information. This new warning parallels the similar already-existing one raised for "\o{}".
...now has extra text added at the end, when raised during regular expression pattern compilation, marking where precisely in the pattern it occurred.
...now has extra text added at the end, when raised during regular expression pattern compilation, marking where precisely in the pattern it occurred.
...now has extra text added at the end, when raised during regular expression pattern compilation, marking where precisely in the pattern it occurred.
...now has extra text added at the end, when raised during regular expression pattern compilation, marking where precisely in the pattern it occurred.
...now includes the phrase "terminates \o early", and has extra text added at the end, when raised during regular expression pattern compilation, marking where precisely in the pattern it occurred. In some instances the text of the resolution has been clarified.
As of Perl 5.32, this message is no longer generated. Instead, "Non-octal character '%c' terminates \o early. Resolved as "%s"" in perldiag is used instead.
Some instances of this message previously output the hex digits "A", "B", "C", "D", "E", and "F" in lower case. Now they are all consistently upper case.
This error message has been slightly reformatted from the original "Can't use global %s in "%s"", and in particular misleading error messages like "Can't use global $_ in "my"" are now rendered as "Can't use global $_ in subroutine signature".
This error message replaces the former "Constants from lexical variables potentially modified elsewhere are deprecated. This will not be allowed in Perl 5.32" to reflect the fact that this previously deprecated usage has now been transformed into an exception. The message's classification has also been updated from D (deprecated) to F (fatal).
See also "Incompatible Changes".
This is due to new circumstances having been added in Perl 5.30 that weren't covered by the earlier wording.
streamzip creates a zip file from stdin. The program will read data from stdin, compress it into a zip container and, by default, write a streamed zip file to stdout.
This tool that regenerates perlintern and perlapi has been overhauled significantly, restoring consistency in flags used in embed.fnc and Devel::PPPort and allowing removal of many redundant "=for apidoc" entries in code.
Tests were added and changed to reflect the other additions and changes in this release. Furthermore, these significant changes were made:
For the second we now decode the locale name ourselves, and always decode it as UTF-8. [GH #16922] <https://github.com/Perl/perl5/issues/16922>
./Configure <other options> -Accflags=-DNO_LOCALE_MESSAGES
./Configure <other Configure options> -Accflags=-DNO_LOCALE
The causes of the failures range from the self-test itself is flawed, and the module actually works fine, up to the module doesn't work at all on EBCDIC platforms.
This is particularly noticeable where the code is compiled within a separate thread, as threads tend to have small stacks by default.
Prior to this patch, the override was only sometimes in effect.
Previously a subparse was bracketed with generated "(" and ")" tokens, so a spurious ")" would close the construct without doing the normal subparse clean up, confusing the parser and possible causing an assertion failure.
Such constructs are now surrounded by artificial tokens that can't be included in the source. [GH #15814] <https://github.com/Perl/perl5/issues/15814>
Jeff Goff (JGOFF or DrForr), an integral part of the Perl and Raku communities and a dear friend to all of us, has passed away on March 13th, 2020. DrForr was a prominent member of the communities, attending and speaking at countless events, contributing to numerous projects, and assisting and helping in any way he could.
His passing leaves a hole in our hearts and in our communities and he will be sorely missed.
Perl 5.32.0 represents approximately 13 months of development since Perl 5.30.0 and contains approximately 220,000 lines of changes across 1,800 files from 89 authors.
Excluding auto-generated files, documentation and release tools, there were approximately 140,000 lines of changes to 880 .pm, .t, .c and .h files.
Perl continues to flourish into its fourth decade thanks to a vibrant community of users and developers. The following people are known to have contributed the improvements that became Perl 5.32.0:
Aaron Crane, Alberto Simo~es, Alexandr Savca, Andreas Koenig, Andrew Fresh, Andy Dougherty, Ask Bjorn Hansen, Atsushi Sugawara, Bernhard M. Wiedemann, brian d foy, Bryan Stenson, Chad Granum, Chase Whitener, Chris 'BinGOs' Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, Dan Book, Daniel Dragan, Dan Kogai, Dave Cross, Dave Rolsky, David Cantrell, David Mitchell, Dominic Hargreaves, E. Choroba, Felipe Gasper, Florian Weimer, Graham Knop, Haakon Haegland, Hauke D, H.Merijn Brand, Hugo van der Sanden, Ichinose Shogo, James E Keenan, Jason McIntosh, Jerome Duval, Johan Vromans, John Lightsey, John Paul Adrian Glaubitz, Kang-min Liu, Karen Etheridge, Karl Williamson, Leon Timmermans, Manuel Mausz, Marc Green, Matthew Horsfall, Matt Turner, Max Maischein, Michael Haardt, Nicholas Clark, Nicolas R., Niko Tyni, Pali, Paul Evans, Paul Johnson, Paul Marquess, Peter Eisentraut, Peter John Acklam, Peter Oliver, Petr PisaX, Renee Baecker, Ricardo Signes, Richard Leach, Russ Allbery, Samuel Smith, Santtu Ojanperae, Sawyer X, Sergey Aleynikov, Sergiy Borodych, Shirakata Kentaro, Shlomi Fish, Sisyphus, Slaven Rezic, Smylers, Stefan Seifert, Steve Hay, Steve Peters, Svyatoslav, Thibault Duponchelle, Todd Rinaldo, Tomasz Konojacki, Tom Hukins, Tony Cook, Unicode Consortium, VanL, Vickenty Fesunov, Vitali Peil, Yves Orton, Zefram.
The list above is almost certainly incomplete as it is automatically generated from version control history. In particular, it does not include the names of the (very much appreciated) contributors who reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN modules included in Perl's core. We're grateful to the entire CPAN community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl source distribution.
If you find what you think is a bug, you might check the perl bug database at <https://github.com/Perl/perl5/issues>. There may also be information at <http://www.perl.org/>, the Perl Home Page.
If you believe you have an unreported bug, please open an issue at <https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a tiny but sufficient test case.
If the bug you are reporting has security implications which make it inappropriate to send to a public issue tracker, then see "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of how to report the issue.
If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you can do so by running the "perlthanks" program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of thanks.
The Changes file for an explanation of how to view exhaustive details on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
2021-05-04 | perl v5.34.0 |