=pod
=encoding utf8
=head1 NAME
perl5320delta - what is new for perl v5.32.0
=head1 DESCRIPTION
This document describes differences between the 5.30.0 release and the 5.32.0
release.
If you are upgrading from an earlier release such as 5.28.0, first read
L, which describes differences between 5.28.0 and 5.30.0.
=head1 Core Enhancements
=head2 The isa Operator
A new experimental infix operator called C tests whether a given object
is an instance of a given class or a class derived from it:
if( $obj isa Package::Name ) { ... }
For more detail see L.
=head2 Unicode 13.0 is supported
See L for details.
=head2 Chained comparisons capability
Some comparison operators, as their associativity, I with some
operators of the same precedence (but never with operators of different
precedence).
if ( $x < $y <= $z ) {...}
behaves exactly like:
if ( $x < $y && $y <= $z ) {...}
(assuming that C<"$y"> is as simple a scalar as it looks.)
You can read more about this in L under
L.
=head2 New Unicode properties C and C supported
Unicode has revised its regular expression requirements:
L.
As part of that they are wanting more properties to be exposed, ones
that aren't part of the strict UCD (Unicode character database). These
two are used for examining inputs for security purposes. Details on
their usage is at L.
=head2 It is now possible to write C, or
C
The Unicode Name property is now accessible in regular expression
patterns, as an alternative to C<\N{...}>.
A comparison of the two methods is given in
L.
The second example above shows that wildcard subpatterns are also usable
in this property. See L.
=head2 Improvement of C, C, and C
The C, C, and C functions now
work on shift state locales and are thread-safe on C99 and above
compilers when executed on a platform that has locale thread-safety; the
length parameters are now optional.
These functions are always executed under the current C language locale.
(See L.) Most locales are stateless, but a few, notably the
very rarely encountered ISO 2022, maintain a state between calls to
these functions. Previously the state was cleared on every call, but
now the state is not reset unless the appropriate parameter is C.
On threaded perls, the C99 functions L, L, and
L, when available, are substituted for the plain functions.
This makes these functions thread-safe when executing on a locale
thread-safe platform.
The string length parameters in C and C are now optional;
useful only if you wish to restrict the length parsed in the source
string to less than the actual length.
=head2 Alpha assertions are no longer experimental
See L, L,
L>, and L.
Use of these no longer generates a warning; existing code that disables
the warning category C will continue to work
without any changes needed. Enabling the category has no effect.
=head2 Script runs are no longer experimental
See L. Use of these no longer generates a warning;
existing code that disables the warning category
C will continue to work without any
changes needed. Enabling the category has no effect.
=head2 Feature checks are now faster
Previously feature checks in the parser required a hash lookup when
features were set outside of a feature bundle, this has been optimized
to a bit mask check. [L]
=head2 Perl is now developed on GitHub
Perl is now developed on GitHub. You can find us at
L.
Non-security bugs should now be reported via GitHub. Security issues should
continue to be reported as documented in L.
=head2 Compiled patterns can now be dumped before optimization
This is primarily useful for tracking down bugs in the regular
expression compiler. This dump happens on C<-DDEBUGGING> perls, if you
specify C<-Drv> on the command line; or on any perl if the pattern is
compiled within the scope of S> or
S>. (All but the second case display
other information as well.)
=head1 Security
=head2 [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
A signed C integer overflow in the storage space calculations for
nested regular expression quantifiers could cause a heap buffer overflow in
Perl's regular expression compiler that overwrites memory allocated after the
regular expression storage space with attacker supplied data.
The target system needs a sufficient amount of memory to allocate partial
expansions of the nested quantifiers prior to the overflow occurring. This
requirement is unlikely to be met on 64-bit systems.
Discovered by: ManhND of The Tarantula Team, VinCSS (a member of Vingroup).
=head2 [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression
Integer overflows in the calculation of offsets between instructions for the
regular expression engine could cause corruption of the intermediate language
state of a compiled regular expression. An attacker could abuse this behaviour
to insert instructions into the compiled form of a Perl regular expression.
Discovered by: Hugo van der Sanden and Slaven Rezic.
=head2 [CVE-2020-12723] Buffer overflow caused by a crafted regular expression
Recursive calls to C by Perl's regular expression compiler to
optimize the intermediate language representation of a regular expression could
cause corruption of the intermediate language state of a compiled regular
expression.
Discovered by: Sergey Aleynikov.
=head2 Additional Note
An application written in Perl would only be vulnerable to any of the above
flaws if it evaluates regular expressions supplied by the attacker. Evaluating
regular expressions in this fashion is known to be dangerous since the regular
expression engine does not protect against denial of service attacks in this
usage scenario.
=head1 Incompatible Changes
=head2 Certain pattern matching features are now prohibited in compiling
Unicode property value wildcard subpatterns
These few features are either inappropriate or interfere with the
algorithm used to accomplish this task. The complete list is in
L.
=head2 Unused functions C and C are removed
These functions could never have worked due to a defective interface
specification. There is clearly no demand for them, given that no one
has ever complained in the many years the functions were claimed to be
available, hence so-called "support" for them is now dropped.
=head2 A bug fix for C<(?[...])> may have caused some patterns to no
longer compile
See L. The heuristics previously used may have let
some constructs compile (perhaps not with the programmer's intended
effect) that should have been errors. None are known, but it is
possible that some erroneous constructs no longer compile.
=head2 C<\p{I}> properties now always override official
Unicode ones
Previously, if and only if a user-defined property was declared prior to
the compilation of the regular expression pattern that contains it, its
definition was used instead of any official Unicode property with the
same name. Now, it always overrides the official property. This
change could break existing code that relied (likely unwittingly) on the
previous behavior. Without this fix, if Unicode released a new version
with a new property that happens to have the same name as the one you
had long been using, your program would break when you upgraded to a
perl that used that new Unicode version. See L. [L]
=head2 Modifiable variables are no longer permitted in constants
Code like:
my $var;
$sub = sub () { $var };
where C<$var> is referenced elsewhere in some sort of modifiable context now
produces an exception when the sub is defined.
This error can be avoided by adding a return to the sub definition:
$sub = sub () { return $var };
This has been deprecated since Perl 5.22.
[L]
=head2 Use of L|perlfunc/vec EXPR,OFFSET,BITS> on strings with code points above 0xFF is forbidden
Such strings are represented internally in UTF-8, and C is a
bit-oriented operation that will likely give unexpected results on those
strings. This was deprecated in perl 5.28.0.
=head2 Use of code points over 0xFF in string bitwise operators
Some uses of these were already illegal after a previous deprecation
cycle. The remaining uses are now prohibited, having been deprecated in perl
5.28.0. See L.
=head2 C does not accept arguments
This usage was deprecated in perl 5.28.0 and is now fatal.
=head2 Plain "0" string now treated as a number for range operator
Previously a range C<"0" .. "-1"> would produce a range of numeric
strings from "0" through "99"; this now produces an empty list, just
as C<0 .. -1> does. This also means that C<"0" .. "9"> now produces a
list of integers, where previously it would produce a list of strings.
This was due to a special case that treated strings starting with "0"
as strings so ranges like C<"00" .. "03"> produced C<"00", "01", "02", "03">,
but didn't specially handle the string C<"0">.
[L]
=head2 C<\K> now disallowed in look-ahead and look-behind assertions
This was disallowed because it causes unexpected behaviour, and no-one
could define what the desired behaviour should be.
[L]
=head1 Performance Enhancements
=over 4
=item *
C has been sped up for systems that don't have their own
C implementation.
=item *
C (and so, C, C, and C)
have been sped up.
=item *
C has been sped up.
=item *
C is now noticeably faster in cases such as C<< sort {$a <=> $b} >> or
C<< sort {$b <=> $a} >>. [L]
=back
=head1 Modules and Pragmata
=head2 Updated Modules and Pragmata
=over 4
=item *
L has been upgraded from version 2.32 to 2.36.
=item *
L has been upgraded from version 2.29 to 2.32.
=item *
L has been upgraded from version 1.76 to 1.80.
=item *
L has been upgraded from version 1.49 to 1.54.
=item *
L has been upgraded from version 1.22 to 1.23.
=item *
L has been upgraded from version 1.45 to 1.48.
=item *
L has been upgraded from version 0.65 to 0.66.
=item *
L has been upgraded from version 2.084 to 2.093.
=item *
L has been upgraded from version 2.084 to 2.093.
=item *
L has been upgraded from version 2.22 to 2.27.
=item *
L has been upgraded from version 1.843 to 1.853.
=item *
L has been upgraded from version 3.52 to 3.57.
The test files generated on Win32 are now identical to when they are
generated on POSIX-like systems.
=item *
L has been upgraded from version 1.36 to 1.37.
=item *
L has been upgraded from version 2.55 to 2.55_01.
=item *
L has been upgraded from version 1.18 to 1.21.
Previously, when dumping elements of an array and encountering an undefined
value, the string printed would have been C. This has been
changed to what was apparently originally intended: C.
=item *
L has been upgraded from version 1.45 to 1.47.
=item *
L has been upgraded from version 3.01 to 3.06.
=item *
L has been upgraded from version 2.22 to 3.00.
=item *
L has been upgraded from version 1.10 to 1.11.
=item *
L has been upgraded from version 5.73 to 5.74.
=item *
L has been upgraded from version 0.280231 to 0.280234.
=item *
L has been upgraded from version 7.34 to 7.44.
=item *
L has been upgraded from version 1.54 to 1.58.
A new C feature has been added, which is enabled by default
but allows turning off L.
=item *
L has been upgraded from version 1.36 to 1.37.
On Win32, the tests no longer require either a file in the drive root
directory, or a writable root directory.
=item *
L has been upgraded from version 1.32 to 1.33.
=item *
L has been upgraded from version 1.08 to 1.09.
=item *
L has been upgraded from version 0.95 to 0.96.
=item *
L has been upgraded from version 2.5 to 2.51.
=item *
L has been upgraded from version 0.22 to 0.23.
The Synopsis has been updated as the example code stopped working with
newer perls.
[L]
=item *
L has been upgraded from version 0.18 to 0.19.
=item *
L has been upgraded from version 0.43 to 0.44.
Document the C environment variable.
=item *
L has been upgraded from version 1.40 to 1.43.
L no longer caches a zero protocol value, since this
indicates that the implementation will select a protocol. This means
that on platforms that don't implement C for a given
socket type the protocol method may return C.
The supplied I is now always honoured on calls to the C
method. [L]
=item *
IO-Compress has been upgraded from version 2.084 to 2.093.
=item *
L has been upgraded from version 1.02 to 1.04.
=item *
L has been upgraded from version 1.20 to 1.21.
=item *
L has been upgraded from version 4.02 to 4.04.
=item *
L has been upgraded from version 1.999816 to 1.999818.
=item *
L has been upgraded from version 0.5008 to 0.5009.
=item *
L has been upgraded from version 5.20190522 to 5.20200620.
=item *
L has been upgraded from version 0.68 to 0.70.
=item *
L has been upgraded from version 1.000036 to 1.000037.
=item *
L has been upgraded from version 1.22 to 1.23.
=item *
L has been upgraded from version 2.71 to 2.72.
=item *
L has been upgraded from version 1.43 to 1.47.
=item *
L has been upgraded from version 1.11 to 1.12.
=item *
L has been upgraded from version 1.30 to 1.31.
=item *
L has been upgraded from version 0.237 to 0.238.
=item *
L has been upgraded from version 5.20190126 to 5.20200523.
=item *
L has been upgraded from version 1.10 to 1.11.
=item *
L has been upgraded from version 0.27 to 0.28.
=item *
L has been upgraded from version 0.17 to 0.18.
=item *
L has been upgraded from version 1.24 to 1.25.
=item *
L has been upgraded from version 3.35 to 3.40.
=item *
L has been upgraded from version 4.11 to 4.14.
=item *
L has been upgraded from version 1.88 to 1.94.
=item *
L has been upgraded from version 0.37 to 0.40.
=item *
L has been upgraded from version 2.40 to 2.41.
=item *
L has been upgraded from version 1.50 to 1.55.
=item *
L has been upgraded from version 1.25 to 1.26.
=item *
L has been upgraded from version 2.027 to 2.029.
=item *
L has been upgraded from version 3.15 to 3.21.
Use of C from L is now optional in tests. This works
around a circular dependency with L when installing on very
old perls from CPAN.
Vstring magic strings over 2GB are now disallowed.
Regular expressions objects weren't properly counted for object id
purposes on retrieve. This would corrupt the resulting structure, or
cause a runtime error in some cases. [L]
=item *
L has been upgraded from version 1.22 to 1.23.
=item *
L has been upgraded from version 0.35 to 0.36.
=item *
L has been upgraded from version 4.06 to 5.01.
=item *
L has been upgraded from version 1.302162 to 1.302175.
=item *
L has been upgraded from version 3.04 to 3.05.
=item *
L has been upgraded from version 3.13 to 3.14.
=item *
L has been upgraded from version 2.22 to 2.25.
=item *
L has been upgraded from version 1.60 to 1.61.
=item *
L has been upgraded from version 1.02 to 1.06.
=item *
L has been upgraded from version 0.10 to 0.13.
=item *
L has been upgraded from version 1.04 to 1.05.
=item *
L has been upgraded from version 4.5 to 4.6.
=item *
L has been upgraded from version 1.9760 to 1.9764.
Removed obsolete code such as support for pre-5.6 perl and classic
MacOS. [L]
=item *
L has been upgraded from version 1.33 to 1.3401.
=item *
L has been upgraded from version 1.26 to 1.27.
=item *
L has been upgraded from version 0.72 to 0.75.
=item *
L has been upgraded from version 2.44 to 2.45.
=item *
L has been upgraded from version 1.44 to 1.47.
=item *
L has been upgraded from version 0.52 to 0.53.
=item *
L has been upgraded from version 0.1203 to 0.1203_01.
=item *
L has been upgraded from version 1.00 to 1.09.
=back
=head2 Removed Modules and Pragmata
=over 4
=item *
Pod::Parser has been removed from the core distribution.
It still is available for download from CPAN. This resolves [L].
=back
=head1 Documentation
=head2 Changes to Existing Documentation
We have attempted to update the documentation to reflect the changes
listed in this document. If you find any we have missed, open an issue
at L.
Additionally, the following selected changes have been made:
=head3 L
=over 4
=item *
Simplify a few regnode definitions
Update C and C definitions.
=item *
Add ANYOFHs regnode
This node is like C, but is used when more than one leading byte
is the same in all the matched code points.
C is used to avoid having to convert from UTF-8 to code point for
something that won't match. It checks that the first byte in the UTF-8
encoded target is the desired one, thus ruling out most of the possible
code points.
=back
=head3 L
=over 4
=item *
C updated to mention it will croak if the SV cannot be
downgraded.
=item *
C updated to mention that the UTF-8 flag will not be changed by
this function, and a terminating NUL byte is guaranteed.
=item *
Documentation for C has been added.
=item *
The documentation for C, C, and C has been
updated and clarified.
=back
=head3 L
=over 4
=item *
Add documentation for experimental 'isa' operator
(S experimental::isa) This warning is emitted if you use the (C)
operator. This operator is currently experimental and its behaviour may
change in future releases of Perl.
=back
=head3 L
=over 4
=item C
Like L|/__FILE__> and L|/__LINE__>, the filename and
line number returned here may be altered by the mechanism described at
L.
=item C<__FILE__>
It can be altered by the mechanism described at
L.
=item C<__LINE__>
It can be altered by the mechanism described at
L.
=item C
Now mentions that you cannot return from C.
=item C
The C section had been renovated significantly.
=back
=head3 L
=over 4
=item *
No longer suggesting using perl's C. Modern system C is
assumed to be much better than perl's implementation now.
=item *
Documentation about F flags has been removed. F now has
sufficient comments within it. Anyone changing that file will see those
comments first, so entries here are now redundant.
=item *
Updated documentation for C
=item *
Added missing C<=for apidoc> lines
=back
=head3 L
=over 4
=item *
The differences between Perl strings and C strings are now detailed.
=back
=head3 L
=over 4
=item *
The documentation for the repetition operator C have been clarified.
[L]
=back
=head3 L
=over 4
=item *
The documentation surrounding C and handle usage has been modernized
to prefer 3-arg open and lexical variables instead of barewords.
=item *
Various updates and fixes including making all examples strict-safe and
replacing C<-w> with C