perl571delta (1) Linux Manual Page

NAME

perl571delta – what’s new for perl v5.7.1

DESCRIPTION

This document describes differences between the 5.7.0 release and the 5.7.1 release.

(To view the differences between the 5.6.0 release and the 5.7.0 release, see perl570delta.)

Security Vulnerability Closed

(This change was already made in 5.7.0 but bears repeating here.)

A potential security vulnerability in the optional suidperl component of Perl was identified in August 2000. suidperl is neither built nor installed by default. As of April 2001 the only known vulnerable platform is Linux, most likely all Linux distributions. CERT and various vendors and distributors have been alerted about the vulnerability. See http://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt for more information.

The problem was caused by Perl trying to report a suspected security exploit attempt using an external program, /bin/mail. On Linux platforms the /bin/mail program had an undocumented feature which when combined with suidperl gave access to a root shell, resulting in a serious compromise instead of reporting the exploit attempt. If you don’t have /bin/mail, or if you have ‘safe setuid scripts’, or if suidperl is not installed, you are safe.

The exploit attempt reporting feature has been completely removed from all the Perl 5.7 releases (and will be gone also from the maintenance release 5.6.1), so that particular vulnerability isn’t there anymore. However, further security vulnerabilities are, unfortunately, always possible. The suidperl code is being reviewed and if deemed too risky to continue to be supported, it may be completely removed from future releases. In any case, suidperl should only be used by security experts who know exactly what they are doing and why they are using suidperl instead of some other solution such as sudo ( see http://www.courtesan.com/sudo/ ).

Incompatible Changes

•

Although “you shouldn’t do that”, it was possible to write code that depends on Perl’s hashed key order (Data::Dumper does this). The new algorithm “One-at-a-Time” produces a different hashed key order. More details are in “Performance Enhancements”.

•

The list of filenames from glob() (or <…>) is now by default sorted alphabetically to be csh-compliant. (bsd_glob() does still sort platform natively, ASCII or EBCDIC, unless GLOB_ALPHASORT is specified.)

Core Enhancements

AUTOLOAD Is Now Lvaluable

AUTOLOAD is now lvaluable, meaning that you can add the :lvalue attribute to AUTOLOAD subroutines and you can assign to the AUTOLOAD return value.

PerlIO is Now The Default

•

IO is now by default done via PerlIO rather than system’s “stdio”. PerlIO allows “layers” to be “pushed” onto a file handle to alter the handle’s behaviour. Layers can be specified at open time via 3-arg form of open:

   open($fh,'>:crlf :utf8', $path) || ...

or on already opened handles via extended "binmode":

   binmode($fh,':encoding(iso-8859-7)');

The built-in layers are: unix (low level read/write), stdio (as in previous Perls), perlio (re-implementation of stdio buffering in a portable manner), crlf (does CRLF <=> “
” translation as on Win32, but available on any platform). A mmap layer may be available if platform supports it (mostly Unixes).

Layers to be applied by default may be specified via the ‘open’ pragma.

See “Installation and Configuration Improvements” for the effects of PerlIO on your architecture name.

•

File handles can be marked as accepting Perl’s internal encoding of Unicode (UTF-8 or UTF-EBCDIC depending on platform) by a pseudo layer “:utf8” :

   open($fh,">:utf8","Uni.txt");

Note for EBCDIC users: the pseudo layer “:utf8” is erroneously named for you since it’s not UTF-8 what you will be getting but instead UTF-EBCDIC. See perlunicode, utf8, and http://www.unicode.org/unicode/reports/tr16/ for more information. In future releases this naming may change.

•

File handles can translate character encodings from/to Perl’s internal Unicode form on read/write via the “:encoding()” layer.

•

File handles can be opened to “in memory” files held in Perl scalars via:

   open($fh,'>', \$variable) || ...

•

Anonymous temporary files are available without need to ‘use FileHandle’ or other module via

   open($fh,"+>", undef) || ...

That is a literal undef, not an undefined value.

•

The list form of "open" is now implemented for pipes (at least on Unix):

   open($fh,"-|", 'cat', '/etc/motd')

creates a pipe, and runs the equivalent of exec(‘cat’, ‘/etc/motd’) in the child process.

•

The following builtin functions are now overridable: chop(), chomp(), each(), keys(), pop(), push(), shift(), splice(), unshift().

•

Formats now support zero-padded decimal fields.

•

Perl now tries internally to use integer values in numeric conversions and basic arithmetics (+ – * /) if the arguments are integers, and tries also to keep the results stored internally as integers. This change leads into often slightly faster and always less lossy arithmetics. (Previously Perl always preferred floating point numbers in its math.)

•

The printf() and sprintf() now support parameter reordering using the "%\d+\$" and "*\d+\$" syntaxes. For example

    print "%2\$s %1\$s
", "foo", "bar";

will print “bar foo
”; This feature helps in writing internationalised software.

•

Unicode in general should be now much more usable. Unicode can be used in hash keys, Unicode in regular expressions should work now, Unicode in tr/// should work now (though tr/// seems to be a particularly tricky to get right, so you have been warned)

•

The Unicode Character Database coming with Perl has been upgraded to Unicode 3.1. For more information, see http://www.unicode.org/ , and http://www.unicode.org/unicode/reports/tr27/

For developers interested in enhancing Perl’s Unicode capabilities: almost all the UCD files are included with the Perl distribution in the lib/unicode subdirectory. The most notable omission, for space considerations, is the Unihan database.

•

The Unicode character classes \p{Blank} and \p{SpacePerl} have been added. “Blank” is like C isblank(), that is, it contains only “horizontal whitespace” (the space character is, the newline isn’t), and the “SpacePerl” is the Unicode equivalent of "\s" (\p{Space} isn’t, since that includes the vertical tabulator character, whereas "\s" doesn’t.)

Signals Are Now Safe

Perl used to be fragile in that signals arriving at inopportune moments could corrupt Perl’s internal state.

Modules and Pragmata

New Modules

•

B::Concise, by Stephen McCamant, is a new compiler backend for walking the Perl syntax tree, printing concise info about ops. The output is highly customisable.

See B::Concise for more information.

•

Class::ISA, by Sean Burke, for reporting the search path for a class’s ISA tree, has been added.

See Class::ISA for more information.

•

Cwd has now a split personality: if possible, an extension is used, (this will hopefully be both faster and more secure and robust) but if not possible, the familiar Perl library implementation is used.

•

Digest, a frontend module for calculating digests (checksums), from Gisle Aas, has been added.

See Digest for more information.

•

Digest::MD5 for calculating MD5 digests (checksums), by Gisle Aas, has been added.

use Digest::MD5 'md5_hex';
$digest = md5_hex("Thirsty Camel");
print $digest, "
";
# 01d19d9d2045e005c3f1b80e8b164de1

NOTE: the MD5 backward compatibility module is deliberately not included since its use is discouraged.

See Digest::MD5 for more information.

•

Encode, by Nick Ing-Simmons, provides a mechanism to translate between different character encodings. Support for Unicode, ISO-8859-*, ASCII, CP*, KOI8-R, and three variants of EBCDIC are compiled in to the module. Several other encodings (like Japanese, Chinese, and MacIntosh encodings) are included and will be loaded at runtime.

Any encoding supported by Encode module is also available to the “:encoding()” layer if PerlIO is used.

See Encode for more information.

•

Filter::Simple is an easy-to-use frontend to Filter::Util::Call, from Damian Conway.

#in MyFilter.pm:
package MyFilter;
use Filter::Simple sub
{
while (my($from, $to) = splice @_, 0, 2) {
s / $from / $to / g;
}
};
1;
#in user’s code:
use MyFilter qr / red / = > ‘green’;
print “red
”;
#this code is filtered, will print “green
” print “bored
”;
#this code is filtered, will print “bogreen
” no MyFilter;
print “red
”;
#this code is not filtered, will print “red
”

See Filter::Simple for more information.

•

Filter::Util::Call, by Paul Marquess, provides you with the framework to write Source Filters in Perl. For most uses the frontend Filter::Simple is to be preferred. See Filter::Util::Call for more information.

•

Locale::Constants, Locale::Country, Locale::Currency, and Locale::Language, from Neil Bowers, have been added. They provide the codes for various locale standards, such as “fr” for France, “usd” for US Dollar, and “jp” for Japanese.

use Locale::Country;
$country = code2country(‘jp’);
#$country gets ‘Japan’ $code = country2code(‘Norway’);
#$code gets ‘no’

See Locale::Constants, Locale::Country, Locale::Currency, and Locale::Language for more information.

•

MIME::Base64, by Gisle Aas, allows you to encode data in base64.

use MIME::Base64;
$encoded = encode_base64(‘Aladdin:open sesame’);
$decoded = decode_base64($encoded);
print $encoded, “
”;
#”QWxhZGRpbjpvcGVuIHNlc2FtZQ==”

See MIME::Base64 for more information.

•

MIME::QuotedPrint, by Gisle Aas, allows you to encode data in quoted-printable encoding.

use MIME::QuotedPrint;
$encoded = encode_qp(“Smiley in Unicode: