Commit graph

191 commits

Author SHA1 Message Date
kim
1b49d5a96e perl5: Avoid a patch that clashes with CVS keyword expansion 2021-08-20 22:37:34 +00:00
kim
d9aa2435b5 perl5: Address CVE-2021-36770 2021-08-20 22:06:23 +00:00
rin
a95ab37fb0 perl5: Compare inode numbers as string. Bump revision.
PR pkg/55997

Internal stat() function for perl stores inode number as string, if it
cannot be represented by host's integer. However, unfortunately, some
components compare them as integer.

Therefore, if 64-bit integers are not supported, files cannot be handled,
whose inode number is larger than UINT32_MAX.

Usually, inode numbers on real filesystems are well below UINT32_MAX. But,
inode numbers larger than UINT32_MAX are assigned for tmpfs on LP64 kernels.
This results in build failures for perl on COMPAT_NETBSD32 if working
directory is tmpfs, and perl-64bitint and friends are not specified.

Now, inode numbers are compared as string, which works just fine even if
64-bit integers are not supported.

Cherry-picked from upstream. See https://github.com/Perl/perl5/pull/18788
and related pull-requests for more details.
2021-05-29 13:04:21 +00:00
wiz
83f7126a09 perl: update to 5.34.0.
= Core Enhancements

= Experimental Try/Catch Syntax

An initial experimental attempt at providing C<try>/C<catch> notation has
been added.

    use feature 'try';

    try {
        a_function();
    }
    catch ($e) {
        warn "An error occurred: $e";
    }

For more information, see L<perlsyn/"Try Catch Exception Handling">.

= C<qr/{,n}/> is now accepted

An empty lower bound is now accepted for regular expression quantifiers,
like C<{,3}>.

= Blanks freely allowed within but adjacent to curly braces

(in double-quotish contexts and regular expression patterns)

This means you can write things like S<C<\x{ FFFC }>> if you like.  This
applies to all such constructs, namely C<\b{}>, C<\g{}>, C<\k{}>,
C<\N{}>, C<\o{}>, and C<\x{}>; as well as the regular expression
quantifier C<{I<m>,I<n>}>.  C<\p{}> and C<\P{}> retain their
already-existing, even looser, rules mandated by the Unicode standard
(see L<perluniprops/Properties accessible through \p{} and \P{}>).

This ability is in effect regardless of the presence of the C</x>
regular expression pattern modifier.

Additionally, the comma in a regular expression braced quantifier may
have blanks (tabs or spaces) before and/or after the comma, like
S<C<qr/a{ 5, 7 }/>>.

= New octal syntax C<0oI<ddddd>>

It is now possible to specify octal literals with C<0o> prefixes,
as in C<0o123_456>, parallel to the existing construct to specify
hexadecimal literal C<0xI<ddddd>> and binary literal C<0bI<ddddd>>.
Also, the builtin C<oct()> function now accepts this new syntax.

See L<perldata/Scalar value constructors> and L<perlfunc/oct EXPR>.

= Performance Enhancements

=item *

Fix a memory leak in RegEx
[L<GH #18604|https://github.com/Perl/perl5/issues/18604>]

= Modules and Pragmata

= New Modules and Pragmata

=item *

L<ExtUtils::PL2Bat> 0.004 has been added to the Perl core.

This module is a generalization of the C<pl2bat> script. It being a script has
led to at least two forks of this code; this module will unify them under one
implementation with tests.

(and lots more changes)
2021-05-24 17:46:25 +00:00
ryoon
b78585f91e perl5: Fix build under Haiku R1/beta2
And fix functionality of modules. tested with devel/p5-gettext.
2021-03-15 14:23:12 +00:00
wiz
a109ccc5c5 perl: update to 5.32.1.
Incompatible Changes

There are no changes intentionally incompatible with Perl 5.32.0.
If any exist, they are bugs, and we request that you submit a
report. See "Reporting Bugs" below.

Modules and Pragmata

Updated Modules and Pragmata

    Data::Dumper has been upgraded from version 2.174 to 2.174_01.

    A number of memory leaks have been fixed.

    DynaLoader has been upgraded from version 1.47 to 1.47_01.

    Module::CoreList has been upgraded from version 5.20200620 to
    5.20210123.

    Opcode has been upgraded from version 1.47 to 1.48.

    A warning has been added about evaluating untrusted code with
    the perl interpreter.

    Safe has been upgraded from version 2.41 to 2.41_01.

    A warning has been added about evaluating untrusted code with
    the perl interpreter.

Documentation

New Documentation

perlgov

Documentation of the newly formed rules of governance for Perl.

perlsecpolicy

Documentation of how the Perl security team operates and how the
team evaluates new security reports.

Changes to Existing Documentation

We have attempted to update the documentation to reflect the changes
listed in this document. If you find any we have missed, open an
issue at https://github.com/Perl/perl5/issues.

Additionally, the following selected changes have been made:

perlop

    Document range op behaviour change.

Diagnostics

The following additions or changes have been made to diagnostic
output, including warnings and fatal error messages. For the complete
list of diagnostic messages, see perldiag.

Changes to Existing Diagnostics

    \K not permitted in lookahead/lookbehind in regex; marked by
    <-- HERE in m/%s/

    This error was incorrectly produced in some cases involving
    nested lookarounds. This has been fixed.

    [GH #18123]

Configuration and Compilation

    Newer 64-bit versions of the Intel C/C++ compiler are now
    recognized and have the correct flags set.

    We now trap SIGBUS when Configure checks for va_copy.

    On several systems the attempt to determine if we need va_copy
    or similar results in a SIGBUS instead of the expected SIGSEGV,
    which previously caused a core dump.

    [GH #18148]

Testing

Tests were added and changed to reflect the other additions and
changes in this release.

Platform Support

Platform-Specific Notes

MacOS (Darwin)

    The hints file for darwin has been updated to handle future
    macOS versions beyond 10. Perl can now be built on macOS Big
    Sur.

    [GH #17946, GH #18406] Minix

    Build errors on Minix have been fixed.

    [GH #17908]

Selected Bug Fixes

    Some list assignments involving undef on the left-hand side
    were over-optimized and produced incorrect results.

    [GH #16685, GH #17816]

    Fixed a bug in which some regexps with recursive subpatterns
    matched incorrectly.

    [GH #18096]

    Fixed a deadlock that hung the build when Perl is compiled for
    debugging memory problems and has PERL_MEM_LOG enabled.

    [GH #18341]

    Fixed a crash in the use of chained comparison operators when
    run under "no warnings 'uninitialized'".

    [GH #17917, GH #18380]

    Exceptions thrown from destructors during global destruction
    are no longer swallowed.

    [GH #18063]
2021-01-25 09:33:19 +00:00
mrg
54eac8fe50 fix the build on netbsd/vax. 2020-09-17 10:02:20 +00:00
js
82dfb407e9 [lang/perl5] Fix rpath on QNX 2020-09-04 10:08:46 +00:00
wiz
3a07e84d27 perl: update to 5.32.0.
https://perldoc.perl.org/5.32.0/perldelta.html

Core Enhancements

    The isa Operator
    Unicode 13.0 is supported
    Chained comparisons capability
    New Unicode properties Identifier_Status and Identifier_Type supported
    It is now possible to write qr/\p{Name=...}/, or qr!\p{na=/(SMILING|GRINNING) FACE/}!
    Improvement of POSIX::mblen(), mbtowc, and wctomb
    Alpha assertions are no longer experimental
    Script runs are no longer experimental
    Feature checks are now faster
    Perl is now developed on GitHub
    Compiled patterns can now be dumped before optimization

Security

    [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
    [CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression
    [CVE-2020-12723] Buffer overflow caused by a crafted regular expression
    Additional Note

Incompatible Changes

    Certain pattern matching features are now prohibited in compiling Unicode property value wildcard subpatterns
    Unused functions POSIX::mbstowcs and POSIX::wcstombs are removed
    A bug fix for (?[...]) may have caused some patterns to no longer compile
    \p{_user-defined_} properties now always override official Unicode ones
    Modifiable variables are no longer permitted in constants
    Use of perlfunc/vec EXPR,OFFSET,BITS on strings with code points above 0xFF is forbidden
    Use of code points over 0xFF in string bitwise operators
    Sys::Hostname::hostname() does not accept arguments
    Plain "0" string now treated as a number for range operator
    \K now disallowed in look-ahead and look-behind assertions

Performance Enhancements
Modules and Pragmata

    Updated Modules and Pragmata
    Removed Modules and Pragmata

Documentation

    Changes to Existing Documentation

Diagnostics

    New Diagnostics
    Changes to Existing Diagnostics

Utility Changes

    the perlbug manpage
    the streamzip manpage
2020-08-31 18:00:37 +00:00
sjmulder
fe042602ac lang/perl5: Make compatible with macOS 11 'Big Sur'
- Import hints/darwin.sh patch from open pull request.
 - The fenv test program in Configure caused warnings for not including
   headers for printf() and exit(), causing the script to consider
   fenv.h unusable.

Note that Big Sur identifies as 10.16 on Intel Macs, but as 11.0 on
Apple Silicon (ARM).
2020-07-22 15:23:56 +00:00
adam
ece7483a6c perl5: updated to 5.30.1
what is new for perl v5.30.1

Incompatible Changes
       There are no changes intentionally incompatible with 5.30.1.  If any
       exist, they are bugs, and we request that you submit a report.  See
       "Reporting Bugs" below.

Modules and Pragmata
   Updated Modules and Pragmata
       o   Module::CoreList has been upgraded from version 5.20190522 to
           5.20191110.

Documentation
   Changes to Existing Documentation
       We have attempted to update the documentation to reflect the changes
       listed in this document.  If you find any we have missed, send email to
       perlbug@perl.org <mailto:perlbug@perl.org>.

       Additionally, documentation has been updated to reference GitHub as the
       new canonical repository and to describe the new GitHub pull request
       workflow.

Configuration and Compilation
       o   The "ECHO" macro is now defined.  This is used in a "dtrace" rule
           that was originally changed for FreeBSD, and the FreeBSD make
           apparently predefines it.  The Solaris make does not predefine
           "ECHO" which broke this rule on Solaris.

Testing
       Tests were added and changed to reflect the other additions and changes
       in this release.

Platform Support
   Platform-Specific Notes
       Win32
           The locale tests could crash on Win32 due to a Windows bug, and
           separately due to the CRT throwing an exception if the locale name
           wasn't validly encoded in the current code page.

           For the second we now decode the locale name ourselves, and always
           decode it as UTF-8.

Selected Bug Fixes
       o   Setting $) now properly sets supplementary group ids, if you have
           the necessary privileges.

       o   "readline @foo" now evaluates @foo in scalar context.  Previously,
           it would be evaluated in list context, and since readline() pops
           only one argument from the stack, the stack could underflow, or be
           left with unexpected values on it.

       o   sv_gets() now recovers better if the target SV is modified by a
           signal handler.

       o   Matching a non-"SVf_UTF8" string against a regular expression
           containing Unicode literals could leak an SV on each match attempt.

       o   "sprintf("%.*a", -10000, $x)" would cause a buffer overflow due to
           mishandling of the negative precision value.

       o   "scalar()" on a reference could cause an erroneous assertion
           failure during compilation.
2019-11-14 09:56:56 +00:00
maya
317cc1d48a perl5: evaluating this regex to force utf8_heavy.pl to load no longer works,
use a unicode 'tr///' instead.

Fixes Bugzilla checksetup.pl, which uses Safe.

Thanks to many on #perl on freenode.
PR pkg/54625
Bump PKGREVISION
2019-11-11 21:32:12 +00:00
maya
0bac4406d3 perl5: backport upstream commits to remove a codepath that assumes
unaligned accesses are OK.
Remove relevant hacks.mk entry to disable optimizations.

PR pkg/53568
2019-10-10 17:59:57 +00:00
adam
e97a889232 perl: updated to 5.30.0
what is new for perl v5.30.0

Core Enhancements
   Limited variable length lookbehind in regular expression pattern matching is now experimentally supported
       Using a lookbehind assertion (like "(?<=foo?)" or "(?<!ba{1,9}r)" previously would generate an error and
       refuse to compile.  Now it compiles (if the maximum lookbehind is at most 255 characters), but raises a
       warning in the new "experimental::vlb" warnings category.  This is to caution you that the precise behavior
       is subject to change based on feedback from use in the field.

       See "(?<=pattern)" in perlre and "(?<!pattern)" in perlre.

   The upper limit "n" specifiable in a regular expression quantifier of the form "{m,n}" has been doubled to 65534
       The meaning of an unbounded upper quantifier "{m,}" remains unchanged.  It matches 2**31 - 1 times on most
       platforms, and more on ones where a C language short variable is more than 4 bytes long.

   Unicode 12.1 is supported
       Because of a change in Unicode release cycles, Perl jumps from Unicode 10.0 in Perl 5.28 to Unicode 12.1 in
       Perl 5.30.

       For details on the Unicode changes, see <https://www.unicode.org/versions/Unicode11.0.0/> for 11.0;
       <https://www.unicode.org/versions/Unicode12.0.0/> for 12.0; and
       <https://www.unicode.org/versions/Unicode12.1.0/> for 12.1.  (Unicode 12.1 differs from 12.0 only in the
       addition of a single character, that for the new Japanese era name.)

       The Word_Break property, as in past Perl releases, remains tailored to behave more in line with expectations
       of Perl users.  This means that sequential runs of horizontal white space characters are not broken apart,
       but kept as a single run.  Unicode 11 changed from past versions to be more in line with Perl, but it left
       several white space characters as causing breaks: TAB, NO BREAK SPACE, and FIGURE SPACE (U+2007).  We have
       decided to continue to use the previous Perl tailoring with regards to these.

   Wildcards in Unicode property value specifications are now partially supported
       You can now do something like this in a regular expression pattern

        qr! \p{nv= /(?x) \A [0-5] \z / }!

       which matches all Unicode code points whose numeric value is between 0 and 5 inclusive.  So, it could match
       the Thai or Bengali digits whose numeric values are 0, 1, 2, 3, 4, or 5.

       This marks another step in implementing the regular expression features the Unicode Consortium suggests.

       Most properties are supported, with the remainder planned for 5.32.  Details are in "Wildcards in Property
       Values" in perlunicode.

   qr'\N{name}' is now supported
       Previously it was an error to evaluate a named character "\N{...}" within a single quoted regular expression
       pattern (whose evaluation is deferred from the normal place).  This restriction is now removed.

   Turkic UTF-8 locales are now seamlessly supported
       Turkic languages have different casing rules than other languages for the characters "i" and "I".  The
       uppercase of "i" is LATIN CAPITAL LETTER I WITH DOT ABOVE (U+0130); and the lowercase of "I" is LATIN SMALL
       LETTER DOTLESS I (U+0131).  Unicode furnishes alternate casing rules for use with Turkic languages.
       Previously, Perl ignored these, but now, it uses them when it detects that it is operating under a Turkic
       UTF-8 locale.

   It is now possible to compile perl to always use thread-safe locale operations.
       Previously, these calls were only used when the perl was compiled to be multi-threaded.  To always enable
       them, add

        -Accflags='-DUSE_THREAD_SAFE_LOCALE'

       to your Configure flags.

   Eliminate opASSIGN macro usage from core
       This macro is still defined but no longer used in core

   "-Drv" now means something on "-DDEBUGGING" builds
       Now, adding the verbose flag ("-Dv") to the "-Dr" flag turns on all possible regular expression debugging.

Incompatible Changes
   Assigning non-zero to $[ is fatal
       Setting $[ to a non-zero value has been deprecated since Perl 5.12 and now throws a fatal error.  See
       "Assigning non-zero to $[ is fatal" in perldeprecation.

   Delimiters must now be graphemes
       See "Use of unassigned code point or non-standalone grapheme for a delimiter." in perldeprecation

   Some formerly deprecated uses of an unescaped left brace "{" in regular expression patterns are now illegal
       But to avoid breaking code unnecessarily, most instances that issued a deprecation warning, remain legal and
       now have a non-deprecation warning raised.  See "Unescaped left braces in regular expressions" in
       perldeprecation.

   Previously deprecated sysread()/syswrite() on :utf8 handles is now fatal
       Calling sysread(), syswrite(), send() or recv() on a ":utf8" handle, whether applied explicitly or
       implicitly, is now fatal.  This was deprecated in perl 5.24.

       There were two problems with calling these functions on ":utf8" handles:

       o   All four functions only paid attention to the ":utf8" flag.  Other layers were completely ignored, so a
           handle with ":encoding(UTF-16LE)" layer would be treated as UTF-8.  Other layers, such as compression
           are completely ignored with or without the ":utf8" flag.

       o   sysread() and recv() would read from the handle, skipping any validation by the layers, and do no
           validation of their own.  This could lead to invalidly encoded perl scalars.


   my() in false conditional prohibited

       Declarations such as "my $x if 0" are no longer permitted.

   Fatalize $* and $#
       These special variables, long deprecated, now throw exceptions when used.

   Fatalize unqualified use of dump()
       The "dump()" function, long discouraged, may no longer be used unless it is fully qualified, i.e.,
       "CORE::dump()".

   Remove File::Glob::glob()
       The "File::Glob::glob()" function, long deprecated, has been removed and now throws an exception which
       advises use of "File::Glob::bsd_glob()" instead.

   "pack()" no longer can return malformed UTF-8
       It croaks if it would otherwise return a UTF-8 string that contains malformed UTF-8.  This protects against
       potential security threats.  This is considered a bug fix as well.

   Any set of digits in the Common script are legal in a script run of another script
       There are several sets of digits in the Common script.  "[0-9]" is the most familiar.  But there are also
       "[\x{FF10}-\x{FF19}]" (FULLWIDTH DIGIT ZERO - FULLWIDTH DIGIT NINE), and several sets for use in
       mathematical notation, such as the MATHEMATICAL DOUBLE-STRUCK DIGITs.  Any of these sets should be able to
       appear in script runs of, say, Greek.  But the design of 5.30 overlooked all but the ASCII digits "[0-9]",
       so the design was flawed.  This has been fixed, so is both a bug fix and an incompatibility.

       All digits in a run still have to come from the same set of ten digits.

   JSON::PP enables allow_nonref by default
       As JSON::XS 4.0 changed its policy and enabled allow_nonref by default, JSON::PP also enabled allow_nonref
       by default.

Deprecations
   In XS code, use of various macros dealing with UTF-8.
       This deprecation was scheduled to become fatal in 5.30, but has been delayed to 5.32 due to problems that
       showed up with some CPAN modules.  For details of what's affected, see perldeprecation.

Performance Enhancements
       o   Translating from UTF-8 into the code point it represents now is done via a deterministic finite
           automaton, speeding it up.  As a typical example, "ord("\x7fff")" now requires 12% fewer instructions
           than before.  The performance of checking that a sequence of bytes is valid UTF-8 is similarly improved,
           again by using a DFA.

       o   Eliminate recursion from finalize_op().

       o   A handful of small optimizations related to character folding and character classes in regular
           expressions.

       o   Optimization of "IV" to "UV" conversions.

       o   Speed up of the integer stringification algorithm by processing two digits at a time instead of one.

       o   Improvements based on LGTM analysis and recommendation.

       o   Code optimizations in regcomp.c, regcomp.h, regexec.c.

       o   Regular expression pattern matching of things like "qr/[^a]/" is significantly sped up, where a is any
           ASCII character.  Other classes can get this speed up, but which ones is complicated and depends on the
           underlying bit patterns of those characters, so differs between ASCII and EBCDIC platforms, but all case
           pairs, like "qr/[Gg]/" are included, as is "[^01]".
2019-08-11 10:14:17 +00:00
adam
ae63fa6910 perl5: patch-aa should be gone 2019-04-23 09:28:21 +00:00
adam
b4b7a7b19b perl5: updated to 5.28.2
NAME
       perldelta - what is new for perl v5.28.2

DESCRIPTION
       This document describes differences between the 5.28.1 release and the 5.28.2 release.

       If you are upgrading from an earlier release such as 5.28.0, first read perl5281delta, which describes
       differences between 5.28.0 and 5.28.1.

Incompatible Changes
   Any set of digits in the Common script are legal in a script run of another script
       There are several sets of digits in the Common script.  "[0-9]" is the most familiar.  But there are also
       "[\x{FF10}-\x{FF19}]" (FULLWIDTH DIGIT ZERO - FULLWIDTH DIGIT NINE), and several sets for use in
       mathematical notation, such as the MATHEMATICAL DOUBLE-STRUCK DIGITs.  Any of these sets should be able to
       appear in script runs of, say, Greek.  But the previous design overlooked all but the ASCII digits "[0-9]",
       so the design was flawed.  This has been fixed, so is both a bug fix and an incompatibility.

       All digits in a run still have to come from the same set of ten digits.

Modules and Pragmata
   Updated Modules and Pragmata
       o   Module::CoreList has been upgraded from version 5.20181129_28 to 5.20190419.

       o   PerlIO::scalar has been upgraded from version 0.29 to 0.30.

       o   Storable has been upgraded from version 3.08 to 3.08_01.

Platform Support
   Platform-Specific Notes
       Windows
           The Windows Server 2003 SP1 Platform SDK build, with its early x64 compiler and tools, was accidentally
           broken in Perl 5.27.9.  This has now been fixed.

       Mac OS X
           Perl's build and testing process on Mac OS X for "-Duseshrplib" builds is now compatible with Mac OS X
           System Integrity Protection (SIP).

           SIP prevents binaries in /bin (and a few other places) being passed the "DYLD_LIBRARY_PATH" environment
           variable.  For our purposes this prevents "DYLD_LIBRARY_PATH" from being passed to the shell, which
           prevents that variable being passed to the testing or build process, so running "perl" couldn't find
           libperl.dylib.

           To work around that, the initial build of the perl executable expects to find libperl.dylib in the build
           directory, and the library path is then adjusted during installation to point to the installed library.

Selected Bug Fixes
       o   If an in-place edit is still in progress during global destruction and the process exit code (as stored
           in $?) is zero, perl will now treat the in-place edit as successful, replacing the input file with any
           output produced.

           This allows code like:

             perl -i -ne 'print "Foo"; last'

           to replace the input file, while code like:

             perl -i -ne 'print "Foo"; die'

           will not.

       o   A regression in Perl 5.28 caused the following code to fail

            close(STDIN); open(CHILD, "|wc -l")'

           because the child's stdin would be closed on exec.  This has now been fixed.

       o   "pack "u", "invalid uuencoding"" now properly NUL terminates the zero-length SV produced.

       o   Failing to compile a format now aborts compilation.  Like other errors in sub-parses this could leave
           the parser in a strange state, possibly crashing perl if compilation continued.

       o   See "Any set of digits in the Common script are legal in a script run of another script".
2019-04-23 09:27:46 +00:00
adam
f39dcf685b perl5: updated to 5.28.1
what is new for perl v5.28.1:

Security
   [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
       Integer arithmetic in "Perl_my_setenv()" could wrap when the combined length of the environment variable
       name and value exceeded around 0x7fffffff.  This could lead to writing beyond the end of an allocated buffer
       with attacker supplied data.

   [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
       A crafted regular expression could cause heap-buffer-overflow write during compilation, potentially allowing
       arbitrary code execution.

Incompatible Changes
       There are no changes intentionally incompatible with 5.28.0.  If any exist, they are bugs, and we request
       that you submit a report.  See "Reporting Bugs" below.

Modules and Pragmata
   Updated Modules and Pragmata
       o   Module::CoreList has been upgraded from version 5.20180622 to 5.20181129_28.

Selected Bug Fixes
       o   Perl 5.28 introduced an "index()" optimization when comparing to -1 (or indirectly, e.g. >= 0).  When
           this optimization was triggered inside a "when" clause it caused a warning ("Argument %s isn't numeric
           in smart match").  This has now been fixed.

       o   Matching of decimal digits in script runs, introduced in Perl 5.28, had a bug that led to "1\N{THAI
           DIGIT FIVE}" matching "/^(*sr:\d+)$/" when it should not.  This has now been fixed.

       o   The new in-place editing code no longer leaks directory handles.
2018-12-02 13:39:56 +00:00
sevan
5b7eeb1c6e Add support for Minix 2018-10-29 14:25:25 +00:00
taca
638bca20a4 lang/perl5: $^X fallback work when platform-specific technique fails
Apply 03b94aa47e981af3c7b0118bfb11facda2b95251 from upstream make $^X
fallback work when platform-specific technique fails.

Bump PKGREVISION.
2018-10-15 03:01:37 +00:00
gson
1f7dd4faa4 lang/perl5: Fix file descriptor leak in in-place editing
Back-port perl commit 3d5e9c119db6b727684fe75dfcfe5831c4351bec to
fix a file descriptor leak in in-place editing which is breaking
the build of xentools48.  Should fix PR 53578.  Bump PKGREVISION.
2018-09-19 13:52:33 +00:00
schmonz
e2ac173aa8 Fix Storable build on OS X where DYLD_LIBRARY_PATH is no longer
inherited by child processes.
2018-09-01 08:03:02 +00:00
wiz
42cfe1b53f perl: update to 5.28.0.
Removed some ancient patches. Fix a pkglint warning.

Core Enhancements

    Unicode 10.0 is supported
    delete on key/value hash slices
    Experimentally, there are now alphabetic synonyms for some regular expression assertions
    Mixed Unicode scripts are now detectable
    In-place editing with perl -i is now safer
    Initialisation of aggregate state variables
    Full-size inode numbers
    The sprintf %j format size modifier is now available with pre-C99 compilers
    Close-on-exec flag set atomically
    String- and number-specific bitwise ops are no longer experimental
    Locales are now thread-safe on systems that support them
    New read-only predefined variable ${^SAFE_LOCALES}

Security

    [CVE-2017-12837] Heap buffer overflow in regular expression compiler
    [CVE-2017-12883] Buffer over-read in regular expression parser
    [CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
    Default Hash Function Change

Incompatible Changes

    Subroutine attribute and signature order
    Comma-less variable lists in formats are no longer allowed
    The :locked and :unique attributes have been removed
    \N{} with nothing between the braces is now illegal
    Opening the same symbol as both a file and directory handle is no longer allowed
    Use of bare << to mean <<"" is no longer allowed
    Setting $/ to a reference to a non-positive integer no longer allowed
    Unicode code points with values exceeding IV_MAX are now fatal
    The B::OP::terse method has been removed
    Use of inherited AUTOLOAD for non-methods is no longer allowed
    Use of strings with code points over 0xFF is not allowed for bitwise string operators
    Setting ${^ENCODING} to a defined value is now illegal
    Backslash no longer escapes colon in PATH for the -S switch
    the -DH (DEBUG_H) misfeature has been removed
    Yada-yada is now strictly a statement
    Sort algorithm can no longer be specified
    Over-radix digits in floating point literals
    Return type of unpackstring()

Deprecations

    Use of vec on strings with code points above 0xFF is deprecated
    Some uses of unescaped "{" in regexes are no longer fatal
    Use of unescaped "{" immediately after a "(" in regular expression patterns is deprecated
    Assignment to $[ will be fatal in Perl 5.30
    hostname() won't accept arguments in Perl 5.32
    Module removals

Performance Enhancements

Modules and Pragmata

    Removal of use vars
    Use of DynaLoader changed to XSLoader in many modules
    Updated Modules and Pragmata
    Removed Modules and Pragmata

More details are in the included perldelta.pod.
2018-08-22 08:37:46 +00:00
jperkin
73cc913ea2 perl5: Don't add -ansi either. 2018-01-15 10:07:50 +00:00
jperkin
ba5eedce5d perl5: Fix CFLAGS.
We need to remove -std=c89 so that compilers which default to C99 don't fail,
and don't automatically add -fstack-protector flags, leave it to the user to
decide via PKGSRC_USE_SSP.  Fixes clang on SmartOS.  Bump PKGREVISION.
2018-01-12 11:32:20 +00:00
wiz
d09d1c7f8a perl: Remove patch-dist_Carp_lib_Carp.pm
This patch is a workaround for a perl core problem.
The patch has not been accepted upstream, and in its current form
introduces other bugs, see https://rt.perl.org/Ticket/Display.html?id=132448

Bump PKGREVISION.
2017-11-16 10:28:26 +00:00
he
3af4738b91 Update perl to version 5.26.1.
Pkgsrc changes:
 * Remove patch which has been integrated upstream

Upstream changes:

NAME
       perldelta - what is new for perl v5.26.1

DESCRIPTION
       This document describes differences between the 5.26.0 release and the
       5.26.1 release.

       If you are upgrading from an earlier release such as 5.24.0, first read
       perl5260delta, which describes differences between 5.24.0 and 5.26.0.

Security
   [CVE-2017-12837] Heap buffer overflow in regular expression compiler
       Compiling certain regular expression patterns with the case-insensitive
       modifier could cause a heap buffer overflow and crash perl.  This has
       now been fixed.  [perl #131582]
       <https://rt.perl.org/Public/Bug/Display.html?id=131582>

   [CVE-2017-12883] Buffer over-read in regular expression parser
       For certain types of syntax error in a regular expression pattern, the
       error message could either contain the contents of a random, possibly
       large, chunk of memory, or could crash perl.  This has now been fixed.
       [perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>

   [CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
       A possible stack buffer overflow in the %ENV code on Windows has been
       fixed by removing the buffer completely since it was superfluous
       anyway.  [perl #131665]
       <https://rt.perl.org/Public/Bug/Display.html?id=131665>

Incompatible Changes
       There are no changes intentionally incompatible with 5.26.0.  If any
       exist, they are bugs, and we request that you submit a report.  See
       "Reporting Bugs" below.

Modules and Pragmata
   Updated Modules and Pragmata
       *   base has been upgraded from version 2.25 to 2.26.

           The effects of dotless @INC on this module have been limited by the
           introduction of a more refined and accurate solution for removing
           '.' from @INC while reducing the false positives.

       *   charnames has been upgraded from version 1.44 to 1.45.

       *   Module::CoreList has been upgraded from version 5.20170530 to
           5.20170922_26.

Platform Support
   Platform-Specific Notes
       FreeBSD
           *   Building with g++ on FreeBSD-11.0 has been fixed.  [perl
               #131337]
               <https://rt.perl.org/Public/Bug/Display.html?id=131337>

       Windows
           *   Support for compiling perl on Windows using Microsoft Visual
               Studio 2017 (containing Visual C++ 14.1) has been added.

           *   Building XS modules with GCC 6 in a 64-bit build of Perl failed
               due to incorrect mapping of "strtoll" and "strtoull".  This has
               now been fixed.  [perl #131726]
               <https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
               #121683]
               <https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
               #122353]
               <https://rt.cpan.org/Public/Bug/Display.html?id=122353>

Selected Bug Fixes
       *   Several built-in functions previously had bugs that could cause
           them to write to the internal stack without allocating room for the
           item being written.  In rare situations, this could have led to a
           crash.  These bugs have now been fixed, and if any similar bugs are
           introduced in future, they will be detected automatically in
           debugging builds.  [perl #131732]
           <https://rt.perl.org/Public/Bug/Display.html?id=131732>

       *   Using a symbolic ref with postderef syntax as the key in a hash
           lookup was yielding an assertion failure on debugging builds.
           [perl #131627]
           <https://rt.perl.org/Public/Bug/Display.html?id=131627>

       *   List assignment ("aassign") could in some rare cases allocate an
           entry on the mortal stack and leave the entry uninitialized.  [perl
           #131570] <https://rt.perl.org/Public/Bug/Display.html?id=131570>

       *   Attempting to apply an attribute to an "our" variable where a
           function of that name already exists could result in a NULL pointer
           being supplied where an SV was expected, crashing perl.  [perl
           #131597] <https://rt.perl.org/Public/Bug/Display.html?id=131597>

       *   The code that vivifies a typeglob out of a code ref made some false
           assumptions that could lead to a crash in cases such as $::{"A"} =
           sub {}; \&{"A"}.  This has now been fixed.  [perl #131085]
           <https://rt.perl.org/Public/Bug/Display.html?id=131085>

       *   "my_atof2" no longer reads beyond the terminating NUL, which
           previously occurred if the decimal point is immediately before the
           NUL.  [perl #131526]
           <https://rt.perl.org/Public/Bug/Display.html?id=131526>

       *   Occasional "Malformed UTF-8 character" crashes in "s//" on utf8
           strings have been fixed.  [perl #131575]
           <https://rt.perl.org/Public/Bug/Display.html?id=131575>

       *   "perldoc -f s" now finds "s///".  [perl #131371]
           <https://rt.perl.org/Public/Bug/Display.html?id=131371>

       *   Some erroneous warnings after utf8 conversion have been fixed.
           [perl #131190]
           <https://rt.perl.org/Public/Bug/Display.html?id=131190>

       *   The "jmpenv" frame to catch Perl exceptions is set up lazily, and
           this used to be a bit too lazy.  The catcher is now set up earlier,
           preventing some possible crashes.  [perl #105930]
           <https://rt.perl.org/Public/Bug/Display.html?id=105930>

       *   Spurious "Assuming NOT a POSIX class" warnings have been removed.
           [perl #131522]
           <https://rt.perl.org/Public/Bug/Display.html?id=131522>

Acknowledgements
       Perl 5.26.1 represents approximately 4 months of development since Perl
       5.26.0 and contains approximately 8,900 lines of changes across 85
       files from 23 authors.

       Excluding auto-generated files, documentation and release tools, there
       were approximately 990 lines of changes to 38 .pm, .t, .c and .h files.

       Perl continues to flourish into its third decade thanks to a vibrant
       community of users and developers.  The following people are known to
       have contributed the improvements that became Perl 5.26.1:

       Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs'
       Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David Mitchell, E.
       Choroba, Eric Herman, Father Chrysostomos, Jacques Germishuys, James E
       Keenan, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,
       Matthew Horsfall, Ricardo Signes, Sawyer X, Steve Hay, Tony Cook, Yves
       Orton, Zefram.

       The list above is almost certainly incomplete as it is automatically
       generated from version control history.  In particular, it does not
       include the names of the (very much appreciated) contributors who
       reported issues to the Perl bug tracker.

       Many of the changes included in this version originated in the CPAN
       modules included in Perl's core.  We're grateful to the entire CPAN
       community for helping Perl to flourish.

       For a more complete list of all of Perl's historical contributors,
       please see the AUTHORS file in the Perl source distribution.

Reporting Bugs
       If you find what you think is a bug, you might check the perl bug
       database at <https://rt.perl.org/> .  There may also be information at
       <http://www.perl.org/> , the Perl Home Page.

       If you believe you have an unreported bug, please run the perlbug
       program included with your release.  Be sure to trim your bug down to a
       tiny but sufficient test case.  Your bug report, along with the output
       of "perl -V", will be sent off to perlbug@perl.org to be analysed by
       the Perl porting team.

       If the bug you are reporting has security implications which make it
       inappropriate to send to a publicly archived mailing list, then see
       "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
       how to report the issue.

Give Thanks
       If you wish to thank the Perl 5 Porters for the work we had done in
       Perl 5, you can do so by running the "perlthanks" program:

           perlthanks

       This will send an email to the Perl 5 Porters list with your show of
       thanks.

SEE ALSO
       The Changes file for an explanation of how to view exhaustive details
       on what changed.

       The INSTALL file for how to build Perl.

       The README file for general stuff.

       The Artistic and Copying files for copyright information.
2017-10-04 12:54:17 +00:00
maya
e47ee7d41b perl5: patch for CVE-2017-12837, CVE-2017-12883
CVE-2017-12837: heap buffer overflow in regular expression compiler
CVE-2017-12883: buffer over-read in regular expression parser

From upstream commits:
https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5

bump PKGREVISION
2017-09-23 05:29:07 +00:00
wiz
f52eddb001 Use ldflags during build.
Allow -Wl,-z arguments into lddlflags.

Fixes RELRO build.

Bump PKGREVISION.

While here, remove bogus comment from patch and remove reference
to two non-existing files.
2017-07-07 05:54:24 +00:00
jperkin
1330eb25c6 Fix build with dtrace option. 2017-06-06 12:37:50 +00:00
bsiegert
cd3e4f86c1 Apply patch from latest OpenBSD errata (CVE-2017-6512) here, too. 2017-06-05 18:58:44 +00:00
ryoon
93d34c255b Update to 5.26.0
Changelog:
NAME
       perldelta - what is new for perl v5.26.0

DESCRIPTION
       This document describes the differences between the 5.24.0 release and
       the 5.26.0 release.

Notice
       This release includes three updates with widespread effects:

       o   "." no longer in @INC

           For security reasons, the current directory (".") is no longer
           included by default at the end of the module search path (@INC).
           This may have widespread implications for the building, testing and
           installing of modules, and for the execution of scripts.  See the
           section "Removal of the current directory (".") from @INC" for the
           full details.

       o   "do" may now warn

           "do" now gives a deprecation warning when it fails to load a file
           which it would have loaded had "." been in @INC.

       o   In regular expression patterns, a literal left brace "{" should be
           escaped

           See "Unescaped literal "{" characters in regular expression
           patterns are no longer permissible".

Core Enhancements
   Lexical subroutines are no longer experimental
       Using the "lexical_subs" feature introduced in v5.18 no longer emits a
       warning.  Existing code that disables the "experimental::lexical_subs"
       warning category that the feature previously used will continue to
       work.  The "lexical_subs" feature has no effect; all Perl code can use
       lexical subroutines, regardless of what feature declarations are in
       scope.

   Indented Here-documents
       This adds a new modifier "~" to here-docs that tells the parser that it
       should look for "/^\s*$DELIM\n/" as the closing delimiter.

       These syntaxes are all supported:

           <<~EOF;
           <<~\EOF;
           <<~'EOF';
           <<~"EOF";
           <<~`EOF`;
           <<~ 'EOF';
           <<~ "EOF";
           <<~ `EOF`;

       The "~" modifier will strip, from each line in the here-doc, the same
       whitespace that appears before the delimiter.

       Newlines will be copied as-is, and lines that don't include the proper
       beginning whitespace will cause perl to croak.

       For example:

           if (1) {
             print <<~EOF;
               Hello there
               EOF
           }

       prints "Hello there\n" with no leading whitespace.

   New regular expression modifier "/xx"
       Specifying two "x" characters to modify a regular expression pattern
       does everything that a single one does, but additionally TAB and SPACE
       characters within a bracketed character class are generally ignored and
       can be added to improve readability, like "/[ ^ A-Z d-f p-x ]/xx".
       Details are at "/x and /xx" in perlre.

   "@{^CAPTURE}", "%{^CAPTURE}", and "%{^CAPTURE_ALL}"
       "@{^CAPTURE}" exposes the capture buffers of the last match as an
       array.  So $1 is "${^CAPTURE}[0]".  This is a more efficient equivalent
       to code like "substr($matched_string,$-[0],$+[0]-$-[0])", and you don't
       have to keep track of the $matched_string either.  This variable has no
       single character equivalent.  Note that, like the other regex magic
       variables, the contents of this variable is dynamic; if you wish to
       store it beyond the lifetime of the match you must copy it to another
       array.

       "%{^CAPTURE}" is equivalent to "%+" (i.e., named captures).  Other than
       being more self-documenting there is no difference between the two
       forms.

       "%{^CAPTURE_ALL}" is equivalent to "%-" (i.e., all named captures).
       Other than being more self-documenting there is no difference between
       the two forms.

   Declaring a reference to a variable
       As an experimental feature, Perl now allows the referencing operator to
       come after "my()", "state()", "our()", or "local()".  This syntax must
       be enabled with "use feature 'declared_refs'".  It is experimental, and
       will warn by default unless "no warnings 'experimental::refaliasing'"
       is in effect.  It is intended mainly for use in assignments to
       references.  For example:

           use experimental 'refaliasing', 'declared_refs';
           my \$a = \$b;

       See "Assigning to References" in perlref for more details.

   Unicode 9.0 is now supported
       A list of changes is at
       <http://www.unicode.org/versions/Unicode9.0.0/>.  Modules that are
       shipped with core Perl but not maintained by p5p do not necessarily
       support Unicode 9.0.  Unicode::Normalize does work on 9.0.

   Use of "\p{script}" uses the improved Script_Extensions property
       Unicode 6.0 introduced an improved form of the Script ("sc") property,
       and called it Script_Extensions ("scx").  Perl now uses this improved
       version when a property is specified as just "\p{script}".  This should
       make programs more accurate when determining if a character is used in
       a given script, but there is a slight chance of breakage for programs
       that very specifically needed the old behavior.  The meaning of
       compound forms, like "\p{sc=script}" are unchanged.  See "Scripts" in
       perlunicode.

   Perl can now do default collation in UTF-8 locales on platforms that
       support it
       Some platforms natively do a reasonable job of collating and sorting in
       UTF-8 locales.  Perl now works with those.  For portability and full
       control, Unicode::Collate is still recommended, but now you may not
       need to do anything special to get good-enough results, depending on
       your application.  See "Category "LC_COLLATE": Collation: Text
       Comparisons and Sorting" in perllocale.

   Better locale collation of strings containing embedded "NUL" characters
       In locales that have multi-level character weights, "NUL"s are now
       ignored at the higher priority ones.  There are still some gotchas in
       some strings, though.  See "Collation of strings containing embedded
       "NUL" characters" in perllocale.

   "CORE" subroutines for hash and array functions callable via reference
       The hash and array functions in the "CORE" namespace ("keys", "each",
       "values", "push", "pop", "shift", "unshift" and "splice") can now be
       called with ampersand syntax ("&CORE::keys(\%hash") and via reference
       ("my $k = \&CORE::keys; $k->(\%hash)").  Previously they could only be
       used when inlined.

   New Hash Function For 64-bit Builds
       We have switched to a hybrid hash function to better balance
       performance for short and long keys.

       For short keys, 16 bytes and under, we use an optimised variant of One
       At A Time Hard, and for longer keys we use Siphash 1-3.  For very long
       keys this is a big improvement in performance.  For shorter keys there
       is a modest improvement.

Security
   Removal of the current directory (".") from @INC
       The perl binary includes a default set of paths in @INC.  Historically
       it has also included the current directory (".") as the final entry,
       unless run with taint mode enabled ("perl -T").  While convenient, this
       has security implications: for example, where a script attempts to load
       an optional module when its current directory is untrusted (such as
       /tmp), it could load and execute code from under that directory.

       Starting with v5.26, "." is always removed by default, not just under
       tainting.  This has major implications for installing modules and
       executing scripts.

       The following new features have been added to help ameliorate these
       issues.

       o   Configure -Udefault_inc_excludes_dot

           There is a new Configure option, "default_inc_excludes_dot"
           (enabled by default) which builds a perl executable without ".";
           unsetting this option using "-U" reverts perl to the old behaviour.
           This may fix your path issues but will reintroduce all the security
           concerns, so don't build a perl executable like this unless you're
           really confident that such issues are not a concern in your
           environment.

       o   "PERL_USE_UNSAFE_INC"

           There is a new environment variable recognised by the perl
           interpreter.  If this variable has the value 1 when the perl
           interpreter starts up, then "." will be automatically appended to
           @INC (except under tainting).

           This allows you restore the old perl interpreter behaviour on a
           case-by-case basis.  But note that this is intended to be a
           temporary crutch, and this feature will likely be removed in some
           future perl version.  It is currently set by the "cpan" utility and
           "Test::Harness" to ease installation of CPAN modules which have not
           been updated to handle the lack of dot.  Once again, don't use this
           unless you are sure that this will not reintroduce any security
           concerns.

       o   A new deprecation warning issued by "do".

           While it is well-known that "use" and "require" use @INC to search
           for the file to load, many people don't realise that "do "file""
           also searches @INC if the file is a relative path.  With the
           removal of ".", a simple "do "file.pl"" will fail to read in and
           execute "file.pl" from the current directory.  Since this is
           commonly expected behaviour, a new deprecation warning is now
           issued whenever "do" fails to load a file which it otherwise would
           have found if a dot had been in @INC.

       Here are some things script and module authors may need to do to make
       their software work in the new regime.

       o   Script authors

           If the issue is within your own code (rather than within included
           modules), then you have two main options.  Firstly, if you are
           confident that your script will only be run within a trusted
           directory (under which you expect to find trusted files and
           modules), then add "." back into the path; e.g.:

               BEGIN {
                   my $dir = "/some/trusted/directory";
                   chdir $dir or die "Can't chdir to $dir: $!\n";
                   # safe now
                   push @INC, '.';
               }

               use "Foo::Bar"; # may load /some/trusted/directory/Foo/Bar.pm
               do "config.pl"; # may load /some/trusted/directory/config.pl

           On the other hand, if your script is intended to be run from within
           untrusted directories (such as /tmp), then your script suddenly
           failing to load files may be indicative of a security issue.  You
           most likely want to replace any relative paths with full paths; for
           example,

               do "foo_config.pl"

           might become

               do "$ENV{HOME}/foo_config.pl"

           If you are absolutely certain that you want your script to load and
           execute a file from the current directory, then use a "./" prefix;
           for example:

               do "./foo_config.pl"

       o   Installing and using CPAN modules

           If you install a CPAN module using an automatic tool like "cpan",
           then this tool will itself set the "PERL_USE_UNSAFE_INC"
           environment variable while building and testing the module, which
           may be sufficient to install a distribution which hasn't been
           updated to be dot-aware.  If you want to install such a module
           manually, then you'll need to replace the traditional invocation:

               perl Makefile.PL && make && make test && make install

           with something like

               (export PERL_USE_UNSAFE_INC=1; \
                perl Makefile.PL && make && make test && make install)

           Note that this only helps build and install an unfixed module.
           It's possible for the tests to pass (since they were run under
           "PERL_USE_UNSAFE_INC=1"), but for the module itself to fail to
           perform correctly in production.  In this case, you may have to
           temporarily modify your script until a fixed version of the module
           is released.  For example:

               use Foo::Bar;
               {
                   local @INC = (@INC, '.');
                   # assuming read_config() needs '.' in @INC
                   $config = Foo::Bar->read_config();
               }

           This is only rarely expected to be necessary.  Again, if doing
           this, assess the resultant risks first.

       o   Module Authors

           If you maintain a CPAN distribution, it may need updating to run in
           a dotless environment.  Although "cpan" and other such tools will
           currently set the "PERL_USE_UNSAFE_INC" during module build, this
           is a temporary workaround for the set of modules which rely on "."
           being in @INC for installation and testing, and this may mask
           deeper issues.  It could result in a module which passes tests and
           installs, but which fails at run time.

           During build, test, and install, it will normally be the case that
           any perl processes will be executing directly within the root
           directory of the untarred distribution, or a known subdirectory of
           that, such as t/.  It may well be that Makefile.PL or t/foo.t will
           attempt to include local modules and configuration files using
           their direct relative filenames, which will now fail.

           However, as described above, automatic tools like cpan will (for
           now) set the "PERL_USE_UNSAFE_INC" environment variable, which
           introduces dot during a build.

           This makes it likely that your existing build and test code will
           work, but this may mask issues with your code which only manifest
           when used after install.  It is prudent to try and run your build
           process with that variable explicitly disabled:

               (export PERL_USE_UNSAFE_INC=0; \
                perl Makefile.PL && make && make test && make install)

           This is more likely to show up any potential problems with your
           module's build process, or even with the module itself.  Fixing
           such issues will ensure both that your module can again be
           installed manually, and that it will still build once the
           "PERL_USE_UNSAFE_INC" crutch goes away.

           When fixing issues in tests due to the removal of dot from @INC,
           reinsertion of dot into @INC should be performed with caution, for
           this too may suppress real errors in your runtime code.  You are
           encouraged wherever possible to apply the aforementioned approaches
           with explicit absolute/relative paths, or to relocate your needed
           files into a subdirectory and insert that subdirectory into @INC
           instead.

           If your runtime code has problems under the dotless @INC, then the
           comments above on how to fix for script authors will mostly apply
           here too.  Bear in mind though that it is considered bad form for a
           module to globally add a dot to @INC, since it introduces both a
           security risk and hides issues of accidentally requiring dot in
           @INC, as explained above.

   Escaped colons and relative paths in PATH
       On Unix systems, Perl treats any relative paths in the "PATH"
       environment variable as tainted when starting a new process.
       Previously, it was allowing a backslash to escape a colon (unlike the
       OS), consequently allowing relative paths to be considered safe if the
       PATH was set to something like "/\:.".  The check has been fixed to
       treat "." as tainted in that example.

   New "-Di" switch is now required for PerlIO debugging output
       This is used for debugging of code within PerlIO to avoid recursive
       calls.  Previously this output would be sent to the file specified by
       the "PERLIO_DEBUG" environment variable if perl wasn't running setuid
       and the "-T" or "-t" switches hadn't been parsed yet.

       If perl performed output at a point where it hadn't yet parsed its
       switches this could result in perl creating or overwriting the file
       named by "PERLIO_DEBUG" even when the "-T" switch had been supplied.

       Perl now requires the "-Di" switch to be present before it will produce
       PerlIO debugging output.  By default this is written to "stderr", but
       can optionally be redirected to a file by setting the "PERLIO_DEBUG"
       environment variable.

       If perl is running setuid or the "-T" switch was supplied,
       "PERLIO_DEBUG" is ignored and the debugging output is sent to "stderr"
       as for any other "-D" switch.

Incompatible Changes
   Unescaped literal "{" characters in regular expression patterns are no
       longer permissible
       You have to now say something like "\{" or "[{]" to specify to match a
       LEFT CURLY BRACKET; otherwise, it is a fatal pattern compilation error.
       This change will allow future extensions to the language.

       These have been deprecated since v5.16, with a deprecation message
       raised for some uses starting in v5.22.  Unfortunately, the code added
       to raise the message was buggy and failed to warn in some cases where
       it should have.  Therefore, enforcement of this ban for these cases is
       deferred until Perl 5.30, but the code has been fixed to raise a
       default-on deprecation message for them in the meantime.

       Some uses of literal "{" occur in contexts where we do not foresee the
       meaning ever being anything but the literal, such as the very first
       character in the pattern, or after a "|" meaning alternation.  Thus

        qr/{fee|{fie/

       matches either of the strings "{fee" or "{fie".  To avoid forcing
       unnecessary code changes, these uses do not need to be escaped, and no
       warning is raised about them, and there are no current plans to change
       this.

       But it is always correct to escape "{", and the simple rule to remember
       is to always do so.

       See Unescaped left brace in regex is illegal here.

   "scalar(%hash)" return signature changed
       The value returned for "scalar(%hash)" will no longer show information
       about the buckets allocated in the hash.  It will simply return the
       count of used keys.  It is thus equivalent to "0+keys(%hash)".

       A form of backward compatibility is provided via
       "Hash::Util::bucket_ratio()" which provides the same behavior as
       "scalar(%hash)" provided in Perl 5.24 and earlier.

   "keys" returned from an lvalue subroutine
       "keys" returned from an lvalue subroutine can no longer be assigned to
       in list context.

           sub foo : lvalue { keys(%INC) }
           (foo) = 3; # death
           sub bar : lvalue { keys(@_) }
           (bar) = 3; # also an error

       This makes the lvalue sub case consistent with "(keys %hash) = ..." and
       "(keys @_) = ...", which are also errors.  [perl #128187]
       <https://rt.perl.org/Public/Bug/Display.html?id=128187>

   The "${^ENCODING}" facility has been removed
       The special behaviour associated with assigning a value to this
       variable has been removed.  As a consequence, the encoding pragma's
       default mode is no longer supported.  If you still need to write your
       source code in encodings other than UTF-8, use a source filter such as
       Filter::Encoding on CPAN or encoding's "Filter" option.

   "POSIX::tmpnam()" has been removed
       The fundamentally unsafe "tmpnam()" interface was deprecated in Perl
       5.22 and has now been removed.  In its place, you can use, for example,
       the File::Temp interfaces.

   require ::Foo::Bar is now illegal.
       Formerly, "require ::Foo::Bar" would try to read /Foo/Bar.pm.  Now any
       bareword require which starts with a double colon dies instead.

   Literal control character variable names are no longer permissible
       A variable name may no longer contain a literal control character under
       any circumstances.  These previously were allowed in single-character
       names on ASCII platforms, but have been deprecated there since Perl
       5.20.  This affects things like "$\cT", where \cT is a literal control
       (such as a "NAK" or "NEGATIVE ACKNOWLEDGE" character) in the source
       code.

   "NBSP" is no longer permissible in "\N{...}"
       The name of a character may no longer contain non-breaking spaces.  It
       has been deprecated to do so since Perl 5.22.

Deprecations
   String delimiters that aren't stand-alone graphemes are now deprecated
       For Perl to eventually allow string delimiters to be Unicode grapheme
       clusters (which look like a single character, but may be a sequence of
       several ones), we have to stop allowing a single character delimiter
       that isn't a grapheme by itself.  These are unlikely to exist in actual
       code, as they would typically display as attached to the character in
       front of them.

   "\cX" that maps to a printable is no longer deprecated
       This means we have no plans to remove this feature.  It still raises a
       warning, but only if syntax warnings are enabled.  The feature was
       originally intended to be a way to express non-printable characters
       that don't have a mnemonic ("\t" and "\n" are mnemonics for two non-
       printable characters, but most non-printables don't have a mnemonic.)
       But the feature can be used to specify a few printable characters,
       though those are more clearly expressed as the printable itself.  See
       <http://www.nntp.perl.org/group/perl.perl5.porters/2017/02/msg242944.html>.

Performance Enhancements
       o   A hash in boolean context is now sometimes faster, e.g.

               if (!%h) { ... }

           This was already special-cased, but some cases were missed (such as
           "grep %$_, @AoH"), and even the ones which weren't have been
           improved.

       o   New Faster Hash Function on 64 bit builds

           We use a different hash function for short and long keys.  This
           should improve performance and security, especially for long keys.

       o   readline is faster

           Reading from a file line-by-line with "readline()" or "<>" should
           now typically be faster due to a better implementation of the code
           that searches for the next newline character.

       o   Assigning one reference to another, e.g. "$ref1 = $ref2" has been
           optimized in some cases.

       o   Remove some exceptions to creating Copy-on-Write strings. The
           string buffer growth algorithm has been slightly altered so that
           you're less likely to encounter a string which can't be COWed.

       o   Better optimise array and hash assignment: where an array or hash
           appears in the LHS of a list assignment, such as "(..., @a) =
           (...);", it's likely to be considerably faster, especially if it
           involves emptying the array/hash. For example, this code runs about
           a third faster compared to Perl 5.24.0:

               my @a;
               for my $i (1..10_000_000) {
                   @a = (1,2,3);
                   @a = ();
               }

       o   Converting a single-digit string to a number is now substantially
           faster.

       o   The "split" builtin is now slightly faster in many cases: in
           particular for the two specially-handled forms

               my    @a = split ...;
               local @a = split ...;

       o   The rather slow implementation for the experimental subroutine
           signatures feature has been made much faster; it is now comparable
           in speed with the traditional "my ($a, $b, @c) = @_".

       o   Bareword constant strings are now permitted to take part in
           constant folding.  They were originally exempted from constant
           folding in August 1999, during the development of Perl 5.6, to
           ensure that "use strict "subs"" would still apply to bareword
           constants.  That has now been accomplished a different way, so
           barewords, like other constants, now gain the performance benefits
           of constant folding.

           This also means that void-context warnings on constant expressions
           of barewords now report the folded constant operand, rather than
           the operation; this matches the behaviour for non-bareword
           constants.

Modules and Pragmata
   Updated Modules and Pragmata
       o   IO::Compress has been upgraded from version 2.069 to 2.074.

       o   Archive::Tar has been upgraded from version 2.04 to 2.24.

       o   arybase has been upgraded from version 0.11 to 0.12.

       o   attributes has been upgraded from version 0.27 to 0.29.

           The deprecation message for the ":unique" and ":locked" attributes
           now mention that they will disappear in Perl 5.28.

       o   B has been upgraded from version 1.62 to 1.68.

       o   B::Concise has been upgraded from version 0.996 to 0.999.

           Its output is now more descriptive for "op_private" flags.

       o   B::Debug has been upgraded from version 1.23 to 1.24.

       o   B::Deparse has been upgraded from version 1.37 to 1.40.

       o   B::Xref has been upgraded from version 1.05 to 1.06.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   base has been upgraded from version 2.23 to 2.25.

       o   bignum has been upgraded from version 0.42 to 0.47.

       o   Carp has been upgraded from version 1.40 to 1.42.

       o   charnames has been upgraded from version 1.43 to 1.44.

       o   Compress::Raw::Bzip2 has been upgraded from version 2.069 to 2.074.

       o   Compress::Raw::Zlib has been upgraded from version 2.069 to 2.074.

       o   Config::Perl::V has been upgraded from version 0.25 to 0.28.

       o   CPAN has been upgraded from version 2.11 to 2.18.

       o   CPAN::Meta has been upgraded from version 2.150005 to 2.150010.

       o   Data::Dumper has been upgraded from version 2.160 to 2.167.

           The XS implementation now supports Deparse.

       o   DB_File has been upgraded from version 1.835 to 1.840.

       o   Devel::Peek has been upgraded from version 1.23 to 1.26.

       o   Devel::PPPort has been upgraded from version 3.32 to 3.35.

       o   Devel::SelfStubber has been upgraded from version 1.05 to 1.06.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   diagnostics has been upgraded from version 1.34 to 1.36.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   Digest has been upgraded from version 1.17 to 1.17_01.

       o   Digest::MD5 has been upgraded from version 2.54 to 2.55.

       o   Digest::SHA has been upgraded from version 5.95 to 5.96.

       o   DynaLoader has been upgraded from version 1.38 to 1.42.

       o   Encode has been upgraded from version 2.80 to 2.88.

       o   encoding has been upgraded from version 2.17 to 2.19.

           This module's default mode is no longer supported.  It now dies
           when imported, unless the "Filter" option is being used.

       o   encoding::warnings has been upgraded from version 0.12 to 0.13.

           This module is no longer supported.  It emits a warning to that
           effect and then does nothing.

       o   Errno has been upgraded from version 1.25 to 1.28.

           It now documents that using "%!" automatically loads Errno for you.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   ExtUtils::Embed has been upgraded from version 1.33 to 1.34.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   ExtUtils::MakeMaker has been upgraded from version 7.10_01 to 7.24.

       o   ExtUtils::Miniperl has been upgraded from version 1.05 to 1.06.

       o   ExtUtils::ParseXS has been upgraded from version 3.31 to 3.34.

       o   ExtUtils::Typemaps has been upgraded from version 3.31 to 3.34.

       o   feature has been upgraded from version 1.42 to 1.47.

       o   File::Copy has been upgraded from version 2.31 to 2.32.

       o   File::Fetch has been upgraded from version 0.48 to 0.52.

       o   File::Glob has been upgraded from version 1.26 to 1.28.

           It now Issues a deprecation message for "File::Glob::glob()".

       o   File::Spec has been upgraded from version 3.63 to 3.67.

       o   FileHandle has been upgraded from version 2.02 to 2.03.

       o   Filter::Simple has been upgraded from version 0.92 to 0.93.

           It no longer treats "no MyFilter" immediately following "use
           MyFilter" as end-of-file.  [perl #107726]
           <https://rt.perl.org/Public/Bug/Display.html?id=107726>

       o   Getopt::Long has been upgraded from version 2.48 to 2.49.

       o   Getopt::Std has been upgraded from version 1.11 to 1.12.

       o   Hash::Util has been upgraded from version 0.19 to 0.22.

       o   HTTP::Tiny has been upgraded from version 0.056 to 0.070.

           Internal 599-series errors now include the redirect history.

       o   I18N::LangTags has been upgraded from version 0.40 to 0.42.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   IO has been upgraded from version 1.36 to 1.38.

       o   IO::Socket::IP has been upgraded from version 0.37 to 0.38.

       o   IPC::Cmd has been upgraded from version 0.92 to 0.96.

       o   IPC::SysV has been upgraded from version 2.06_01 to 2.07.

       o   JSON::PP has been upgraded from version 2.27300 to 2.27400_02.

       o   lib has been upgraded from version 0.63 to 0.64.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   List::Util has been upgraded from version 1.42_02 to 1.46_02.

       o   Locale::Codes has been upgraded from version 3.37 to 3.42.

       o   Locale::Maketext has been upgraded from version 1.26 to 1.28.

       o   Locale::Maketext::Simple has been upgraded from version 0.21 to
           0.21_01.

       o   Math::BigInt has been upgraded from version 1.999715 to 1.999806.

       o   Math::BigInt::FastCalc has been upgraded from version 0.40 to
           0.5005.

       o   Math::BigRat has been upgraded from version 0.260802 to 0.2611.

       o   Math::Complex has been upgraded from version 1.59 to 1.5901.

       o   Memoize has been upgraded from version 1.03 to 1.03_01.

       o   Module::CoreList has been upgraded from version 5.20170420 to
           5.20170530.

       o   Module::Load::Conditional has been upgraded from version 0.64 to
           0.68.

       o   Module::Metadata has been upgraded from version 1.000031 to
           1.000033.

       o   mro has been upgraded from version 1.18 to 1.20.

       o   Net::Ping has been upgraded from version 2.43 to 2.55.

           IPv6 addresses and "AF_INET6" sockets are now supported, along with
           several other enhancements.

       o   NEXT has been upgraded from version 0.65 to 0.67.

       o   Opcode has been upgraded from version 1.34 to 1.39.

       o   open has been upgraded from version 1.10 to 1.11.

       o   OS2::Process has been upgraded from version 1.11 to 1.12.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   overload has been upgraded from version 1.26 to 1.28.

           Its compilation speed has been improved slightly.

       o   parent has been upgraded from version 0.234 to 0.236.

       o   perl5db.pl has been upgraded from version 1.50 to 1.51.

           It now ignores /dev/tty on non-Unix systems.  [perl #113960]
           <https://rt.perl.org/Public/Bug/Display.html?id=113960>

       o   Perl::OSType has been upgraded from version 1.009 to 1.010.

       o   perlfaq has been upgraded from version 5.021010 to 5.021011.

       o   PerlIO has been upgraded from version 1.09 to 1.10.

       o   PerlIO::encoding has been upgraded from version 0.24 to 0.25.

       o   PerlIO::scalar has been upgraded from version 0.24 to 0.26.

       o   Pod::Checker has been upgraded from version 1.60 to 1.73.

       o   Pod::Functions has been upgraded from version 1.10 to 1.11.

       o   Pod::Html has been upgraded from version 1.22 to 1.2202.

       o   Pod::Perldoc has been upgraded from version 3.25_02 to 3.28.

       o   Pod::Simple has been upgraded from version 3.32 to 3.35.

       o   Pod::Usage has been upgraded from version 1.68 to 1.69.

       o   POSIX has been upgraded from version 1.65 to 1.76.

           This remedies several defects in making its symbols exportable.
           [perl #127821]
           <https://rt.perl.org/Public/Bug/Display.html?id=127821>

           The "POSIX::tmpnam()" interface has been removed, see
           "POSIX::tmpnam() has been removed".

           The following deprecated functions have been removed:

               POSIX::isalnum
               POSIX::isalpha
               POSIX::iscntrl
               POSIX::isdigit
               POSIX::isgraph
               POSIX::islower
               POSIX::isprint
               POSIX::ispunct
               POSIX::isspace
               POSIX::isupper
               POSIX::isxdigit
               POSIX::tolower
               POSIX::toupper

           Trying to import POSIX subs that have no real implementations (like
           "POSIX::atend()") now fails at import time, instead of waiting
           until runtime.

       o   re has been upgraded from version 0.32 to 0.34

           This adds support for the new "/xx" regular expression pattern
           modifier, and a change to the "use re 'strict'" experimental
           feature.  When "re 'strict'" is enabled, a warning now will be
           generated for all unescaped uses of the two characters "}" and "]"
           in regular expression patterns (outside bracketed character
           classes) that are taken literally.  This brings them more in line
           with the ")" character which is always a metacharacter unless
           escaped.  Being a metacharacter only sometimes, depending on an
           action at a distance, can lead to silently having the pattern mean
           something quite different than was intended, which the
           "re 'strict'" mode is intended to minimize.

       o   Safe has been upgraded from version 2.39 to 2.40.

       o   Scalar::Util has been upgraded from version 1.42_02 to 1.46_02.

       o   Storable has been upgraded from version 2.56 to 2.62.

           Fixes [perl #130098]
           <https://rt.perl.org/Public/Bug/Display.html?id=130098>.

       o   Symbol has been upgraded from version 1.07 to 1.08.

       o   Sys::Syslog has been upgraded from version 0.33 to 0.35.

       o   Term::ANSIColor has been upgraded from version 4.04 to 4.06.

       o   Term::ReadLine has been upgraded from version 1.15 to 1.16.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   Test has been upgraded from version 1.28 to 1.30.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   Test::Harness has been upgraded from version 3.36 to 3.38.

       o   Test::Simple has been upgraded from version 1.001014 to 1.302073.

       o   Thread::Queue has been upgraded from version 3.09 to 3.12.

       o   Thread::Semaphore has been upgraded from 2.12 to 2.13.

           Added the "down_timed" method.

       o   threads has been upgraded from version 2.07 to 2.15.

       o   threads::shared has been upgraded from version 1.51 to 1.56.

       o   Tie::Hash::NamedCapture has been upgraded from version 0.09 to
           0.10.

       o   Time::HiRes has been upgraded from version 1.9733 to 1.9741.

           It now builds on systems with C++11 compilers (such as G++ 6 and
           Clang++ 3.9).

           Now uses "clockid_t".

       o   Time::Local has been upgraded from version 1.2300 to 1.25.

       o   Unicode::Collate has been upgraded from version 1.14 to 1.19.

       o   Unicode::UCD has been upgraded from version 0.64 to 0.68.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   version has been upgraded from version 0.9916 to 0.9917.

       o   VMS::DCLsym has been upgraded from version 1.06 to 1.08.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

       o   warnings has been upgraded from version 1.36 to 1.37.

       o   XS::Typemap has been upgraded from version 0.14 to 0.15.

       o   XSLoader has been upgraded from version 0.21 to 0.27.

           Fixed a security hole in which binary files could be loaded from a
           path outside of @INC.

           It now uses 3-arg "open()" instead of 2-arg "open()".  [perl
           #130122] <https://rt.perl.org/Public/Bug/Display.html?id=130122>

Documentation
   New Documentation
       perldeprecation

       This file documents all upcoming deprecations, and some of the
       deprecations which already have been removed.  The purpose of this
       documentation is two-fold: document what will disappear, and by which
       version, and serve as a guide for people dealing with code which has
       features that no longer work after an upgrade of their perl.

   Changes to Existing Documentation
       We have attempted to update the documentation to reflect the changes
       listed in this document.  If you find any we have missed, send email to
       perlbug@perl.org <mailto:perlbug@perl.org>.

       Additionally, all references to Usenet have been removed, and the
       following selected changes have been made:

       perlfunc

       o   Removed obsolete text about "defined()" on aggregates that should
           have been deleted earlier, when the feature was removed.

       o   Corrected documentation of "eval()", and "evalbytes()".

       o   Clarified documentation of "seek()", "tell()" and "sysseek()"
           emphasizing that positions are in bytes and not characters.  [perl
           #128607] <https://rt.perl.org/Public/Bug/Display.html?id=128607>

       o   Clarified documentation of "sort()" concerning the variables $a and
           $b.

       o   In "split()" noted that certain pattern modifiers are legal, and
           added a caution about its use in Perls before v5.11.

       o   Removed obsolete documentation of "study()", noting that it is now
           a no-op.

       o   Noted that "vec()" doesn't work well when the string contains
           characters whose code points are above 255.

       perlguts

       o   Added advice on formatted printing of operands of "Size_t" and
           "SSize_t"

       perlhack

       o   Clarify what editor tab stop rules to use, and note that we are
           migrating away from using tabs, replacing them with sequences of
           SPACE characters.

       perlhacktips

       o   Give another reason to use "cBOOL" to cast an expression to
           boolean.

       o   Note that the macros "TRUE" and "FALSE" are available to express
           boolean values.

       perlinterp

       o   perlinterp has been expanded to give a more detailed example of how
           to hunt around in the parser for how a given operator is handled.

       perllocale

       o   Some locales aren't compatible with Perl.  Note that these can
           cause core dumps.

       perlmod

       o   Various clarifications have been added.

       perlmodlib

       o   Updated the site mirror list.

       perlobj

       o   Added a section on calling methods using their fully qualified
           names.

       o   Do not discourage manual @ISA.

       perlootut

       o   Mention "Moo" more.

       perlop

       o   Note that white space must be used for quoting operators if the
           delimiter is a word character (i.e., matches "\w").

       o   Clarify that in regular expression patterns delimited by single
           quotes, no variable interpolation is done.

       perlre

       o   The first part was extensively rewritten to incorporate various
           basic points, that in earlier versions were mentioned in sort of an
           appendix on Version 8 regular expressions.

       o   Note that it is common to have the "/x" modifier and forget that
           this means that "#" has to be escaped.

       perlretut

       o   Add introductory material.

       o   Note that a metacharacter occurring in a context where it can't
           mean that, silently loses its meta-ness and matches literally.
           "use re 'strict'" can catch some of these.

       perlunicode

       o   Corrected the text about Unicode BYTE ORDER MARK handling.

       o   Updated the text to correspond with changes in Unicode UTS#18,
           concerning regular expressions, and Perl compatibility with what it
           says.

       perlvar

       o   Document @ISA.  It was documented in other places, but not in
           perlvar.

Diagnostics
   New Diagnostics
       New Errors

       o   A signature parameter must start with '$', '@' or '%'

       o   Bareword in require contains "%s"

       o   Bareword in require maps to empty filename

       o   Bareword in require maps to disallowed filename "%s"

       o   Bareword in require must not start with a double-colon: "%s"

       o   %s: command not found

           (A) You've accidentally run your script through bash or another
           shell instead of Perl.  Check the "#!" line, or manually feed your
           script into Perl yourself.  The "#!" line at the top of your file
           could look like:

             #!/usr/bin/perl

       o   %s: command not found: %s

           (A) You've accidentally run your script through zsh or another
           shell instead of Perl.  Check the "#!" line, or manually feed your
           script into Perl yourself.  The "#!" line at the top of your file
           could look like:

             #!/usr/bin/perl

       o   The experimental declared_refs feature is not enabled

           (F) To declare references to variables, as in "my \%x", you must
           first enable the feature:

               no warnings "experimental::declared_refs";
               use feature "declared_refs";

           See "Declaring a reference to a variable".

       o   Illegal character following sigil in a subroutine signature

       o   Indentation on line %d of here-doc doesn't match delimiter

       o   Infinite recursion via empty pattern.

           Using the empty pattern (which re-executes the last successfully-
           matched pattern) inside a code block in another regex, as in "/(?{
           s!!new! })/", has always previously yielded a segfault.  It now
           produces this error.

       o   Malformed UTF-8 string in "%s"

       o   Multiple slurpy parameters not allowed

       o   '#' not allowed immediately following a sigil in a subroutine
           signature

       o   panic: unknown OA_*: %x

       o   Unescaped left brace in regex is illegal here

           Unescaped left braces are now illegal in some contexts in regular
           expression patterns.  In other contexts, they are still just
           deprecated; they will be illegal in Perl 5.30.

       o   Version control conflict marker

           (F) The parser found a line starting with "<<<<<<<", ">>>>>>>", or
           "=======".  These may be left by a version control system to mark
           conflicts after a failed merge operation.

       New Warnings

       o   Can't determine class of operator %s, assuming "BASEOP"

       o   Declaring references is experimental

           (S experimental::declared_refs) This warning is emitted if you use
           a reference constructor on the right-hand side of "my()",
           "state()", "our()", or "local()".  Simply suppress the warning if
           you want to use the feature, but know that in doing so you are
           taking the risk of using an experimental feature which may change
           or be removed in a future Perl version:

               no warnings "experimental::declared_refs";
               use feature "declared_refs";
               $fooref = my \$foo;

           See "Declaring a reference to a variable".

       o   do "%s" failed, '.' is no longer in @INC

           Since "." is now removed from @INC by default, "do" will now
           trigger a warning recommending to fix the "do" statement.

       o   "File::Glob::glob()" will disappear in perl 5.30. Use
           "File::Glob::bsd_glob()" instead.

       o   Unescaped literal '%c' in regex; marked by <-- HERE in m/%s/

       o   Use of unassigned code point or non-standalone grapheme for a
           delimiter will be a fatal error starting in Perl 5.30

           See "Deprecations"

   Changes to Existing Diagnostics
       o   When a "require" fails, we now do not provide @INC when the
           "require" is for a file instead of a module.

       o   When @INC is not scanned for a "require" call, we no longer display
           @INC to avoid confusion.

       o   Attribute "locked" is deprecated, and will disappear in Perl 5.28

           This existing warning has had the and will disappear text added in
           this release.

       o   Attribute "unique" is deprecated, and will disappear in Perl 5.28

           This existing warning has had the and will disappear text added in
           this release.

       o   Calling POSIX::%s() is deprecated

           This warning has been removed, as the deprecated functions have
           been removed from POSIX.

       o   Constants from lexical variables potentially modified elsewhere are
           deprecated. This will not be allowed in Perl 5.32

           This existing warning has had the this will not be allowed text
           added in this release.

       o   Deprecated use of "my()" in false conditional. This will be a fatal
           error in Perl 5.30

           This existing warning has had the this will be a fatal error text
           added in this release.

       o   "dump()" better written as "CORE::dump()". "dump()" will no longer
           be available in Perl 5.30

           This existing warning has had the no longer be available text added
           in this release.

       o   Experimental %s on scalar is now forbidden

           This message is now followed by more helpful text.  [perl #127976]
           <https://rt.perl.org/Public/Bug/Display.html?id=127976>

       o   Experimental "%s" subs not enabled

           This warning was been removed, as lexical subs are no longer
           experimental.

       o   Having more than one /%c regexp modifier is deprecated

           This deprecation warning has been removed, since "/xx" now has a
           new meaning.

       o   %s() is deprecated on ":utf8" handles. This will be a fatal error
           in Perl 5.30 .

           where "%s" is one of "sysread", "recv", "syswrite", or "send".

           This existing warning has had the this will be a fatal error text
           added in this release.

           This warning is now enabled by default, as all "deprecated"
           category warnings should be.

       o   $* is no longer supported. Its use will be fatal in Perl 5.30

           This existing warning has had the its use will be fatal text added
           in this release.

       o   $# is no longer supported. Its use will be fatal in Perl 5.30

           This existing warning has had the its use will be fatal text added
           in this release.

       o   Malformed UTF-8 character%s

           Details as to the exact problem have been added at the end of this
           message

       o   Missing or undefined argument to %s

           This warning used to warn about "require", even if it was actually
           "do" which being executed. It now gets the operation name right.

       o   NO-BREAK SPACE in a charnames alias definition is deprecated

           This warning has been removed as the behavior is now an error.

       o   Odd name/value argument for subroutine '%s'

           This warning now includes the name of the offending subroutine.

       o   Opening dirhandle %s also as a file. This will be a fatal error in
           Perl 5.28

           This existing warning has had the this will be a fatal error text
           added in this release.

       o   Opening filehandle %s also as a directory. This will be a fatal
           error in Perl 5.28

           This existing warning has had the this will be a fatal error text
           added in this release.

       o   panic: ck_split, type=%u

           panic: pp_split, pm=%p, s=%p

           These panic errors have been removed.

       o   Passing malformed UTF-8 to "%s" is deprecated

           This warning has been changed to the fatal Malformed UTF-8 string
           in "%s"

       o   Setting $/ to a reference to %s as a form of slurp is deprecated,
           treating as undef. This will be fatal in Perl 5.28

           This existing warning has had the this will be fatal text added in
           this release.

       o   "${^ENCODING}" is no longer supported. Its use will be fatal in
           Perl 5.28

           This warning used to be: "Setting "${^ENCODING}" is deprecated".

           The special action of the variable "${^ENCODING}" was formerly used
           to implement the "encoding" pragma. As of Perl 5.26, rather than
           being deprecated, assigning to this variable now has no effect
           except to issue the warning.

       o   Too few arguments for subroutine '%s'

           This warning now includes the name of the offending subroutine.

       o   Too many arguments for subroutine '%s'

           This warning now includes the name of the offending subroutine.

       o   Unescaped left brace in regex is deprecated here (and will be fatal
           in Perl 5.30), passed through in regex; marked by <-- HERE in m/%s/

           This existing warning has had the here (and will be fatal...) text
           added in this release.

       o   Unknown charname '' is deprecated. Its use will be fatal in Perl
           5.28

           This existing warning has had the its use will be fatal text added
           in this release.

       o   Use of bare << to mean <<"" is deprecated. Its use will be fatal in
           Perl 5.28

           This existing warning has had the its use will be fatal text added
           in this release.

       o   Use of code point 0x%s is deprecated; the permissible max is 0x%s.
           This will be fatal in Perl 5.28

           This existing warning has had the this will be fatal text added in
           this release.

       o   Use of comma-less variable list is deprecated. Its use will be
           fatal in Perl 5.28

           This existing warning has had the its use will be fatal text added
           in this release.

       o   Use of inherited "AUTOLOAD" for non-method %s() is deprecated. This
           will be fatal in Perl 5.28

           This existing warning has had the this will be fatal text added in
           this release.

       o   Use of strings with code points over 0xFF as arguments to %s
           operator is deprecated. This will be a fatal error in Perl 5.28

           This existing warning has had the this will be a fatal error text
           added in this release.

Utility Changes
   c2ph and pstruct
       o   These old utilities have long since superceded by h2xs, and are now
           gone from the distribution.

   Porting/pod_lib.pl
       o   Removed spurious executable bit.

       o   Account for the possibility of DOS file endings.

   Porting/sync-with-cpan
       o   Many improvements.

   perf/benchmarks
       o   Tidy file, rename some symbols.

   Porting/checkAUTHORS.pl
       o   Replace obscure character range with "\w".

   t/porting/regen.t
       o   Try to be more helpful when tests fail.

   utils/h2xs.PL
       o   Avoid infinite loop for enums.

   perlbug
       o   Long lines in the message body are now wrapped at 900 characters,
           to stay well within the 1000-character limit imposed by SMTP mail
           transfer agents.  This is particularly likely to be important for
           the list of arguments to Configure, which can readily exceed the
           limit if, for example, it names several non-default installation
           paths.  This change also adds the first unit tests for perlbug.
           [perl #128020]
           <https://rt.perl.org/Public/Bug/Display.html?id=128020>

Configuration and Compilation
       o   "-Ddefault_inc_excludes_dot" has added, and enabled by default.

       o   The "dtrace" build process has further changes [perl #130108]
           <https://rt.perl.org/Public/Bug/Display.html?id=130108>:

           o   If the "-xnolibs" is available, use that so a dtrace perl can
               be built within a FreeBSD jail.

           o   On systems that build a dtrace object file (FreeBSD, Solaris,
               and SystemTap's dtrace emulation), copy the input objects to a
               separate directory and process them there, and use those
               objects in the link, since "dtrace -G" also modifies these
               objects.

           o   Add libelf to the build on FreeBSD 10.x, since dtrace adds
               references to libelf symbols.

           o   Generate a dummy dtrace_main.o if "dtrace -G" fails to build
               it.  A default build on Solaris generates probes from the
               unused inline functions, while they don't on FreeBSD, which
               causes "dtrace -G" to fail.

       o   You can now disable perl's use of the "PERL_HASH_SEED" and
           "PERL_PERTURB_KEYS" environment variables by configuring perl with
           "-Accflags=NO_PERL_HASH_ENV".

       o   You can now disable perl's use of the "PERL_HASH_SEED_DEBUG"
           environment variable by configuring perl with
           "-Accflags=-DNO_PERL_HASH_SEED_DEBUG".

       o   Configure now zeroes out the alignment bytes when calculating the
           bytes for 80-bit "NaN" and "Inf" to make builds more reproducible.
           [perl #130133]
           <https://rt.perl.org/Public/Bug/Display.html?id=130133>

       o   Since v5.18, for testing purposes we have included support for
           building perl with a variety of non-standard, and non-recommended
           hash functions.  Since we do not recommend the use of these
           functions, we have removed them and their corresponding build
           options.  Specifically this includes the following build options:

               PERL_HASH_FUNC_SDBM
               PERL_HASH_FUNC_DJB2
               PERL_HASH_FUNC_SUPERFAST
               PERL_HASH_FUNC_MURMUR3
               PERL_HASH_FUNC_ONE_AT_A_TIME
               PERL_HASH_FUNC_ONE_AT_A_TIME_OLD
               PERL_HASH_FUNC_MURMUR_HASH_64A
               PERL_HASH_FUNC_MURMUR_HASH_64B

       o   Remove "Warning: perl appears in your path"

           This install warning is more or less obsolete, since most platforms
           already will have a /usr/bin/perl or similar provided by the OS.

       o   Reduce verbosity of "make install.man"

           Previously, two progress messages were emitted for each manpage:
           one by installman itself, and one by the function in install_lib.pl
           that it calls to actually install the file.  Disabling the second
           of those in each case saves over 750 lines of unhelpful output.

       o   Cleanup for "clang -Weverything" support.  [perl #129961]
           <https://rt.perl.org/Public/Bug/Display.html?id=129961>

       o   Configure: signbit scan was assuming too much, stop assuming
           negative 0.

       o   Various compiler warnings have been silenced.

       o   Several smaller changes have been made to remove impediments to
           compiling under C++11.

       o   Builds using "USE_PAD_RESET" now work again; this configuration had
           bit-rotted.

       o   A probe for "gai_strerror" was added to Configure that checks if
           the "gai_strerror()" routine is available and can be used to
           translate error codes returned by "getaddrinfo()" into human
           readable strings.

       o   Configure now aborts if both "-Duselongdouble" and "-Dusequadmath"
           are requested.  [perl #126203]
           <https://rt.perl.org/Public/Bug/Display.html?id=126203>

       o   Fixed a bug in which Configure could append "-quadmath" to the
           archname even if it was already present.  [perl #128538]
           <https://rt.perl.org/Public/Bug/Display.html?id=128538>

       o   Clang builds with "-DPERL_GLOBAL_STRUCT" or
           "-DPERL_GLOBAL_STRUCT_PRIVATE" have been fixed (by disabling Thread
           Safety Analysis for these configurations).

       o   make_ext.pl no longer updates a module's pm_to_blib file when no
           files require updates.  This could cause dependencies, perlmain.c
           in particular, to be rebuilt unnecessarily.  [perl #126710]
           <https://rt.perl.org/Public/Bug/Display.html?id=126710>

       o   The output of "perl -V" has been reformatted so that each
           configuration and compile-time option is now listed one per line,
           to improve readability.

       o   Configure now builds "miniperl" and "generate_uudmap" if you invoke
           it with "-Dusecrosscompiler" but not "-Dtargethost=somehost".  This
           means you can supply your target platform "config.sh", generate the
           headers and proceed to build your cross-target perl.  [perl
           #127234] <https://rt.perl.org/Public/Bug/Display.html?id=127234>

       o   Perl built with "-Accflags=-DPERL_TRACE_OPS" now only dumps the
           operator counts when the environment variable "PERL_TRACE_OPS" is
           set to a non-zero integer.  This allows "make test" to pass on such
           a build.

       o   When building with GCC 6 and link-time optimization (the "-flto"
           option to "gcc"), Configure was treating all probed symbols as
           present on the system, regardless of whether they actually exist.
           This has been fixed.  [perl #128131]
           <https://rt.perl.org/Public/Bug/Display.html?id=128131>

       o   The t/test.pl library is used for internal testing of Perl itself,
           and also copied by several CPAN modules.  Some of those modules
           must work on older versions of Perl, so t/test.pl must in turn
           avoid newer Perl features.  Compatibility with Perl 5.8 was
           inadvertently removed some time ago; it has now been restored.
           [perl #128052]
           <https://rt.perl.org/Public/Bug/Display.html?id=128052>

       o   The build process no longer emits an extra blank line before
           building each "simple" extension (those with only *.pm and *.pod
           files).

Testing
       Tests were added and changed to reflect the other additions and changes
       in this release.  Furthermore, these substantive changes were made:

       o   A new test script, comp/parser_run.t, has been added that is like
           comp/parser.t but with test.pl included so that "runperl()" and the
           like are available for use.

       o   Tests for locales were erroneously using locales incompatible with
           Perl.

       o   Some parts of the test suite that try to exhaustively test edge
           cases in the regex implementation have been restricted to running
           for a maximum of five minutes.  On slow systems they could
           otherwise take several hours, without significantly improving our
           understanding of the correctness of the code under test.

       o   A new internal facility allows analysing the time taken by the
           individual tests in Perl's own test suite; see
           Porting/harness-timer-report.pl.

       o   t/re/regexp_nonull.t has been added to test that the regular
           expression engine can handle scalars that do not have a null byte
           just past the end of the string.

       o   A new test script, t/op/decl-refs.t, has been added to test the new
           feature "Declaring a reference to a variable".

       o   A new test script, t/re/keep_tabs.t has been added to contain tests
           where "\t" characters should not be expanded into spaces.

       o   A new test script, t/re/anyof.t, has been added to test that the
           ANYOF nodes generated by bracketed character classes are as
           expected.

       o   There is now more extensive testing of the Unicode-related API
           macros and functions.

       o   Several of the longer running API test files have been split into
           multiple test files so that they can be run in parallel.

       o   t/harness now tries really hard not to run tests which are located
           outside of the Perl source tree.  [perl #124050]
           <https://rt.perl.org/Public/Bug/Display.html?id=124050>

       o   Prevent debugger tests (lib/perl5db.t) from failing due to the
           contents of $ENV{PERLDB_OPTS}.  [perl #130445]
           <https://rt.perl.org/Public/Bug/Display.html?id=130445>

Platform Support
   New Platforms
       NetBSD/VAX
           Perl now compiles under NetBSD on VAX machines.  However, it's not
           possible for that platform to implement floating-point infinities
           and NaNs compatible with most modern systems, which implement the
           IEEE-754 floating point standard.  The hexadecimal floating point
           ("0x...p[+-]n" literals, "printf %a") is not implemented, either.
           The "make test" passes 98% of tests.

           o   Test fixes and minor updates.

           o   Account for lack of "inf", "nan", and "-0.0" support.

   Platform-Specific Notes
       Darwin
           o   Don't treat "-Dprefix=/usr" as special: instead require an
               extra option "-Ddarwin_distribution" to produce the same
               results.

           o   OS X El Capitan doesn't implement the "clock_gettime()" or
               "clock_getres()" APIs; emulate them as necessary.

           o   Deprecated syscall(2) on macOS 10.12.

       EBCDIC
           Several tests have been updated to work (or be skipped) on EBCDIC
           platforms.

       HP-UX
           The Net::Ping UDP test is now skipped on HP-UX.

       Hurd
           The hints for Hurd have been improved, enabling malloc wrap and
           reporting the GNU libc used (previously it was an empty string when
           reported).

       VAX VAX floating point formats are now supported on NetBSD.

       VMS
           o   The path separator for the "PERL5LIB" and "PERLLIB" environment
               entries is now a colon (":") when running under a Unix shell.
               There is no change when running under DCL (it's still "|").

           o   configure.com now recognizes the VSI-branded C compiler and no
               longer recognizes the "DEC"-branded C compiler (as there hasn't
               been such a thing for 15 or more years).

       Windows
           o   Support for compiling perl on Windows using Microsoft Visual
               Studio 2015 (containing Visual C++ 14.0) has been added.

               This version of VC++ includes a completely rewritten C run-time
               library, some of the changes in which mean that work done to
               resolve a socket "close()" bug in perl #120091 and perl #118059
               is not workable in its current state with this version of VC++.
               Therefore, we have effectively reverted that bug fix for VS2015
               onwards on the basis that being able to build with VS2015
               onwards is more important than keeping the bug fix.  We may
               revisit this in the future to attempt to fix the bug again in a
               way that is compatible with VS2015.

               These changes do not affect compilation with GCC or with Visual
               Studio versions up to and including VS2013, i.e., the bug fix
               is retained (unchanged) for those compilers.

               Note that you may experience compatibility problems if you mix
               a perl built with GCC or VS <= VS2013 with XS modules built
               with VS2015, or if you mix a perl built with VS2015 with XS
               modules built with GCC or VS <= VS2013. Some incompatibility
               may arise because of the bug fix that has been reverted for
               VS2015 builds of perl, but there may well be incompatibility
               anyway because of the rewritten CRT in VS2015 (e.g., see
               discussion at <http://stackoverflow.com/questions/30412951>).

           o   It now automatically detects GCC versus Visual C and sets the
               VC version number on Win32.

       Linux
           Drop support for Linux a.out executable format. Linux has used ELF
           for over twenty years.

       OpenBSD 6
           OpenBSD 6 still does not support returning "pid", "gid", or "uid"
           with "SA_SIGINFO".  Make sure to account for it.

       FreeBSD
           t/uni/overload.t: Skip hanging test on FreeBSD.

       DragonFly BSD
           DragonFly BSD now has support for "setproctitle()".  [perl #130068]
           <https://rt.perl.org/Public/Bug/Display.html?id=130068>.

Internal Changes
       o   A new API function "sv_setpv_bufsize()" allows simultaneously
           setting the length and the allocated size of the buffer in an "SV",
           growing the buffer if necessary.

       o   A new API macro "SvPVCLEAR()" sets its "SV" argument to an empty
           string, like Perl-space "$x = ''", but with several optimisations.

       o   Several new macros and functions for dealing with Unicode and
           UTF-8-encoded strings have been added to the API, as well as some
           changes in the functionality of existing functions (see "Unicode
           Support" in perlapi for more details):

           o   New versions of the API macros like "isALPHA_utf8" and
               "toLOWER_utf8" have been added, each with the suffix "_safe",
               like "isSPACE_utf8_safe".  These take an extra parameter,
               giving an upper limit of how far into the string it is safe to
               read.  Using the old versions could cause attempts to read
               beyond the end of the input buffer if the UTF-8 is not well-
               formed, and their use now raises a deprecation warning.
               Details are at "Character classification" in perlapi.

           o   Macros like "isALPHA_utf8" and "toLOWER_utf8" now die if they
               detect that their input UTF-8 is malformed.  A deprecation
               warning had been issued since Perl 5.18.

           o   Several new macros for analysing the validity of utf8
               sequences. These are:

               "UTF8_GOT_ABOVE_31_BIT" "UTF8_GOT_CONTINUATION"
               "UTF8_GOT_EMPTY" "UTF8_GOT_LONG" "UTF8_GOT_NONCHAR"
               "UTF8_GOT_NON_CONTINUATION" "UTF8_GOT_OVERFLOW"
               "UTF8_GOT_SHORT" "UTF8_GOT_SUPER" "UTF8_GOT_SURROGATE"
               "UTF8_IS_INVARIANT" "UTF8_IS_NONCHAR" "UTF8_IS_SUPER"
               "UTF8_IS_SURROGATE" "UVCHR_IS_INVARIANT" "isUTF8_CHAR_flags"
               "isSTRICT_UTF8_CHAR" "isC9_STRICT_UTF8_CHAR"

           o   Functions that are all extensions of the "is_utf8_string_*()"
               functions, that apply various restrictions to the UTF-8
               recognized as valid:

               "is_strict_utf8_string", "is_strict_utf8_string_loc",
               "is_strict_utf8_string_loclen",

               "is_c9strict_utf8_string", "is_c9strict_utf8_string_loc",
               "is_c9strict_utf8_string_loclen",

               "is_utf8_string_flags", "is_utf8_string_loc_flags",
               "is_utf8_string_loclen_flags",

               "is_utf8_fixed_width_buf_flags",
               "is_utf8_fixed_width_buf_loc_flags",
               "is_utf8_fixed_width_buf_loclen_flags".

               "is_utf8_invariant_string".  "is_utf8_valid_partial_char".
               "is_utf8_valid_partial_char_flags".

           o   The functions "utf8n_to_uvchr" and its derivatives have had
               several changes of behaviour.

               Calling them, while passing a string length of 0 is now
               asserted against in DEBUGGING builds, and otherwise, returns
               the Unicode REPLACEMENT CHARACTER.   If you have nothing to
               decode, you shouldn't call the decode function.

               They now return the Unicode REPLACEMENT CHARACTER if called
               with UTF-8 that has the overlong malformation and that
               malformation is allowed by the input parameters.  This
               malformation is where the UTF-8 looks valid syntactically, but
               there is a shorter sequence that yields the same code point.
               This has been forbidden since Unicode version 3.1.

               They now accept an input flag to allow the overflow
               malformation.  This malformation is when the UTF-8 may be
               syntactically valid, but the code point it represents is not
               capable of being represented in the word length on the
               platform.  What "allowed" means, in this case, is that the
               function doesn't return an error, and it advances the parse
               pointer to beyond the UTF-8 in question, but it returns the
               Unicode REPLACEMENT CHARACTER as the value of the code point
               (since the real value is not representable).

               They no longer abandon searching for other malformations when
               the first one is encountered.  A call to one of these functions
               thus can generate multiple diagnostics, instead of just one.

           o   "valid_utf8_to_uvchr()" has been added to the API (although it
               was present in core earlier). Like "utf8_to_uvchr_buf()", but
               assumes that the next character is well-formed.  Use with
               caution.

           o   A new function, "utf8n_to_uvchr_error", has been added for use
               by modules that need to know the details of UTF-8 malformations
               beyond pass/fail.  Previously, the only ways to know why a
               sequence was ill-formed was to capture and parse the generated
               diagnostics or to do your own analysis.

           o   There is now a safer version of utf8_hop(), called
               "utf8_hop_safe()".  Unlike utf8_hop(), utf8_hop_safe() won't
               navigate before the beginning or after the end of the supplied
               buffer.

           o   Two new functions, "utf8_hop_forward()" and "utf8_hop_back()"
               are similar to "utf8_hop_safe()" but are for when you know
               which direction you wish to travel.

           o   Two new macros which return useful utf8 byte sequences:

               "BOM_UTF8"

               "REPLACEMENT_CHARACTER_UTF8"

       o   Perl is now built with the "PERL_OP_PARENT" compiler define enabled
           by default.  To disable it, use the "PERL_NO_OP_PARENT" compiler
           define.  This flag alters how the "op_sibling" field is used in
           "OP" structures, and has been available optionally since perl 5.22.

           See "Internal Changes" in perl5220delta for more details of what
           this build option does.

       o   Three new ops, "OP_ARGELEM", "OP_ARGDEFELEM", and "OP_ARGCHECK"
           have been added.  These are intended principally to implement the
           individual elements of a subroutine signature, plus any overall
           checking required.

       o   The "OP_PUSHRE" op has been eliminated and the "OP_SPLIT" op has
           been changed from class "LISTOP" to "PMOP".

           Formerly the first child of a split would be a "pushre", which
           would have the "split"'s regex attached to it. Now the regex is
           attached directly to the "split" op, and the "pushre" has been
           eliminated.

       o   The "op_class()" API function has been added.  This is like the
           existing "OP_CLASS()" macro, but can more accurately determine what
           struct an op has been allocated as.  For example "OP_CLASS()" might
           return "OA_BASEOP_OR_UNOP" indicating that ops of this type are
           usually allocated as an "OP" or "UNOP"; while "op_class()" will
           return "OPclass_BASEOP" or "OPclass_UNOP" as appropriate.

       o   All parts of the internals now agree that the "sassign" op is a
           "BINOP"; previously it was listed as a "BASEOP" in regen/opcodes,
           which meant that several parts of the internals had to be special-
           cased to accommodate it.  This oddity's original motivation was to
           handle code like "$x ||= 1"; that is now handled in a simpler way.

       o   The output format of the "op_dump()" function (as used by "perl
           -Dx") has changed: it now displays an "ASCII-art" tree structure,
           and shows more low-level details about each op, such as its address
           and class.

       o   The "PADOFFSET" type has changed from being unsigned to signed, and
           several pad-related variables such as "PL_padix" have changed from
           being of type "I32" to type "PADOFFSET".

       o   The "DEBUGGING"-mode output for regex compilation and execution has
           been enhanced.

       o   Several obscure SV flags have been eliminated, sometimes along with
           the macros which manipulate them: "SVpbm_VALID", "SVpbm_TAIL",
           "SvTAIL_on", "SvTAIL_off", "SVrepl_EVAL", "SvEVALED".

       o   An OP "op_private" flag has been eliminated: "OPpRUNTIME". This
           used to often get set on "PMOP" ops, but had become meaningless
           over time.

Selected Bug Fixes
       o   Perl no longer panics when switching into some locales on machines
           with buggy "strxfrm()" implementations in their libc.  [perl
           #121734] <https://rt.perl.org/Public/Bug/Display.html?id=121734>

       o   " $-{$name} " would leak an "AV" on each access if the regular
           expression had no named captures.  The same applies to access to
           any hash tied with Tie::Hash::NamedCapture and "all => 1".  [perl
           #130822] <https://rt.perl.org/Public/Bug/Display.html?id=130822>

       o   Attempting to use the deprecated variable $# as the object in an
           indirect object method call could cause a heap use after free or
           buffer overflow.  [perl #129274]
           <https://rt.perl.org/Public/Bug/Display.html?id=129274>

       o   When checking for an indirect object method call, in some rare
           cases the parser could reallocate the line buffer but then continue
           to use pointers to the old buffer.  [perl #129190]
           <https://rt.perl.org/Public/Bug/Display.html?id=129190>

       o   Supplying a glob as the format argument to "formline" would cause
           an assertion failure.  [perl #130722]
           <https://rt.perl.org/Public/Bug/Display.html?id=130722>

       o   Code like " $value1 =~ qr/.../ ~~ $value2 " would have the match
           converted into a "qr//" operator, leaving extra elements on the
           stack to confuse any surrounding expression.  [perl #130705]
           <https://rt.perl.org/Public/Bug/Display.html?id=130705>

       o   Since v5.24 in some obscure cases, a regex which included code
           blocks from multiple sources (e.g., via embedded via "qr//"
           objects) could end up with the wrong current pad and crash or give
           weird results.  [perl #129881]
           <https://rt.perl.org/Public/Bug/Display.html?id=129881>

       o   Occasionally "local()"s in a code block within a patterns weren't
           being undone when the pattern matching backtracked over the code
           block.  [perl #126697]
           <https://rt.perl.org/Public/Bug/Display.html?id=126697>

       o   Using "substr()" to modify a magic variable could access freed
           memory in some cases.  [perl #129340]
           <https://rt.perl.org/Public/Bug/Display.html?id=129340>

       o   Under "use utf8", the entire source code is now checked for being
           UTF-8 well formed, not just quoted strings as before.  [perl
           #126310] <https://rt.perl.org/Public/Bug/Display.html?id=126310>.

       o   The range operator ".." on strings now handles its arguments
           correctly when in the scope of the "unicode_strings" feature.  The
           previous behaviour was sufficiently unexpected that we believe no
           correct program could have made use of it.

       o   The "split" operator did not ensure enough space was allocated for
           its return value in scalar context.  It could then write a single
           pointer immediately beyond the end of the memory block allocated
           for the stack.  [perl #130262]
           <https://rt.perl.org/Public/Bug/Display.html?id=130262>

       o   Using a large code point with the "W" pack template character with
           the current output position aligned at just the right point could
           cause a write of a single zero byte immediately beyond the end of
           an allocated buffer.  [perl #129149]
           <https://rt.perl.org/Public/Bug/Display.html?id=129149>

       o   Supplying a format's picture argument as part of the format
           argument list where the picture specifies modifying the argument
           could cause an access to the new freed compiled form.at.  [perl
           #129125] <https://rt.perl.org/Public/Bug/Display.html?id=129125>

       o   The sort() operator's built-in numeric comparison function didn't
           handle large integers that weren't exactly representable by a
           double.  This now uses the same code used to implement the "<=>"
           operator.  [perl #130335]
           <https://rt.perl.org/Public/Bug/Display.html?id=130335>

       o   Fix issues with "/(?{ ... <<EOF })/" that broke Method::Signatures.
           [perl #130398]
           <https://rt.perl.org/Public/Bug/Display.html?id=130398>

       o   Fixed an assertion failure with "chop" and "chomp", which could be
           triggered by "chop(@x =~ tr/1/1/)".  [perl #130198]
           <https://rt.perl.org/Public/Bug/Display.html?id=130198>.

       o   Fixed a comment skipping error in patterns under "/x"; it could
           stop skipping a byte early, which could be in the middle of a UTF-8
           character.  [perl #130495]
           <https://rt.perl.org/Public/Bug/Display.html?id=130495>.

       o   perldb now ignores /dev/tty on non-Unix systems.  [perl #113960]
           <https://rt.perl.org/Public/Bug/Display.html?id=113960>;

       o   Fix assertion failure for "{}->$x" when $x isn't defined.  [perl
           #130496] <https://rt.perl.org/Public/Bug/Display.html?id=130496>.

       o   Fix an assertion error which could be triggered when a lookahead
           string in patterns exceeded a minimum length.  [perl #130522]
           <https://rt.perl.org/Public/Bug/Display.html?id=130522>.

       o   Only warn once per literal number about a misplaced "_".  [perl
           #70878] <https://rt.perl.org/Public/Bug/Display.html?id=70878>.

       o   The "tr///" parse code could be looking at uninitialized data after
           a perse error.  [perl #129342]
           <https://rt.perl.org/Public/Bug/Display.html?id=129342>.

       o   In a pattern match, a back-reference ("\1") to an unmatched capture
           could read back beyond the start of the string being matched.
           [perl #129377]
           <https://rt.perl.org/Public/Bug/Display.html?id=129377>.

       o   "use re 'strict'" is supposed to warn if you use a range (such as
           "/(?[ [ X-Y ] ])/") whose start and end digit aren't from the same
           group of 10.  It didn't do that for five groups of mathematical
           digits starting at "U+1D7E".

       o   A sub containing a "forward" declaration with the same name (e.g.,
           "sub c { sub c; }") could sometimes crash or loop infinitely.
           [perl #129090]
           <https://rt.perl.org/Public/Bug/Display.html?id=129090>

       o   A crash in executing a regex with a non-anchored UTF-8 substring
           against a target string that also used UTF-8 has been fixed.  [perl
           #129350] <https://rt.perl.org/Public/Bug/Display.html?id=129350>

       o   Previously, a shebang line like "#!perl -i u" could be erroneously
           interpreted as requesting the "-u" option.  This has been fixed.
           [perl #129336]
           <https://rt.perl.org/Public/Bug/Display.html?id=129336>

       o   The regex engine was previously producing incorrect results in some
           rare situations when backtracking past an alternation that matches
           only one thing; this showed up as capture buffers ($1, $2, etc.)
           erroneously containing data from regex execution paths that weren't
           actually executed for the final match.  [perl #129897]
           <https://rt.perl.org/Public/Bug/Display.html?id=129897>

       o   Certain regexes making use of the experimental "regex_sets" feature
           could trigger an assertion failure.  This has been fixed.  [perl
           #129322] <https://rt.perl.org/Public/Bug/Display.html?id=129322>

       o   Invalid assignments to a reference constructor (e.g., "\eval=time")
           could sometimes crash in addition to giving a syntax error.  [perl
           #125679] <https://rt.perl.org/Public/Bug/Display.html?id=125679>

       o   The parser could sometimes crash if a bareword came after
           "evalbytes".  [perl #129196]
           <https://rt.perl.org/Public/Bug/Display.html?id=129196>

       o   Autoloading via a method call would warn erroneously ("Use of
           inherited AUTOLOAD for non-method") if there was a stub present in
           the package into which the invocant had been blessed.  The warning
           is no longer emitted in such circumstances.  [perl #47047]
           <https://rt.perl.org/Public/Bug/Display.html?id=47047>

       o   The use of "splice" on arrays with non-existent elements could
           cause other operators to crash.  [perl #129164]
           <https://rt.perl.org/Public/Bug/Display.html?id=129164>

       o   A possible buffer overrun when a pattern contains a fixed utf8
           substring.  [perl #129012]
           <https://rt.perl.org/Public/Bug/Display.html?id=129012>

       o   Fixed two possible use-after-free bugs in perl's lexer.  [perl
           #129069] <https://rt.perl.org/Public/Bug/Display.html?id=129069>

       o   Fixed a crash with "s///l" where it thought it was dealing with
           UTF-8 when it wasn't.  [perl #129038]
           <https://rt.perl.org/Public/Bug/Display.html?id=129038>

       o   Fixed a place where the regex parser was not setting the syntax
           error correctly on a syntactically incorrect pattern.  [perl
           #129122] <https://rt.perl.org/Public/Bug/Display.html?id=129122>

       o   The "&." operator (and the "&" operator, when it treats its
           arguments as strings) were failing to append a trailing null byte
           if at least one string was marked as utf8 internally.  Many code
           paths (system calls, regexp compilation) still expect there to be a
           null byte in the string buffer just past the end of the logical
           string.  An assertion failure was the result.  [perl #129287]
           <https://rt.perl.org/Public/Bug/Display.html?id=129287>

       o   Avoid a heap-after-use error in the parser when creating an error
           messge for a syntactically invalid heredoc.  [perl #128988]
           <https://rt.perl.org/Public/Bug/Display.html?id=128988>

       o   Fix a segfault when run with "-DC" options on DEBUGGING builds.
           [perl #129106]
           <https://rt.perl.org/Public/Bug/Display.html?id=129106>

       o   Fixed the parser error handling in subroutine attributes for an
           '":attr(foo"' that does not have an ending '")"'.

       o   Fix the perl lexer to correctly handle a backslash as the last char
           in quoted-string context. This actually fixed two bugs, [perl
           #129064] <https://rt.perl.org/Public/Bug/Display.html?id=129064>
           and [perl #129176]
           <https://rt.perl.org/Public/Bug/Display.html?id=129176>.

       o   In the API function "gv_fetchmethod_pvn_flags", rework separator
           parsing to prevent possible string overrun with an invalid "len"
           argument.  [perl #129267]
           <https://rt.perl.org/Public/Bug/Display.html?id=129267>

       o   Problems with in-place array sorts: code like "@a = sort { ... }
           @a", where the source and destination of the sort are the same
           plain array, are optimised to do less copying around.  Two side-
           effects of this optimisation were that the contents of @a as seen
           by sort routines were partially sorted; and under some
           circumstances accessing @a during the sort could crash the
           interpreter.  Both these issues have been fixed, and Sort functions
           see the original value of @a.  [perl #128340]
           <https://rt.perl.org/Public/Bug/Display.html?id=128340>

       o   Non-ASCII string delimiters are now reported correctly in error
           messages for unterminated strings.  [perl #128701]
           <https://rt.perl.org/Public/Bug/Display.html?id=128701>

       o   "pack("p", ...)" used to emit its warning ("Attempt to pack pointer
           to temporary value") erroneously in some cases, but has been fixed.

       o   @DB::args is now exempt from "used once" warnings.  The warnings
           only occurred under -w, because warnings.pm itself uses @DB::args
           multiple times.

       o   The use of built-in arrays or hash slices in a double-quoted string
           no longer issues a warning ("Possible unintended interpolation...")
           if the variable has not been mentioned before.  This affected code
           like "qq|@DB::args|" and "qq|@SIG{'CHLD', 'HUP'}|".  (The special
           variables "@-" and "@+" were already exempt from the warning.)

       o   "gethostent" and similar functions now perform a null check
           internally, to avoid crashing with the torsocks library.  This was
           a regression from v5.22.  [perl #128740]
           <https://rt.perl.org/Public/Bug/Display.html?id=128740>

       o   "defined *{'!'}", "defined *{'['}", and "defined *{'-'}" no longer
           leak memory if the typeglob in question has never been accessed
           before.

       o   Mentioning the same constant twice in a row (which is a syntax
           error) no longer fails an assertion under debugging builds.  This
           was a regression from v5.20.  [perl #126482]
           <https://rt.perl.org/Public/Bug/Display.html?id=126482>

       o   Many issues relating to "printf "%a"" of hexadecimal floating point
           were fixed.  In addition, the "subnormals" (formerly known as
           "denormals") floating point numbers are now supported both with the
           plain IEEE 754 floating point numbers (64-bit or 128-bit) and the
           x86 80-bit "extended precision".  Note that subnormal hexadecimal
           floating point literals will give a warning about "exponent
           underflow".  [perl #128843]
           <https://rt.perl.org/Public/Bug/Display.html?id=128843> [perl
           #128889] <https://rt.perl.org/Public/Bug/Display.html?id=128889>
           [perl #128890]
           <https://rt.perl.org/Public/Bug/Display.html?id=128890> [perl
           #128893] <https://rt.perl.org/Public/Bug/Display.html?id=128893>
           [perl #128909]
           <https://rt.perl.org/Public/Bug/Display.html?id=128909> [perl
           #128919] <https://rt.perl.org/Public/Bug/Display.html?id=128919>

       o   A regression in v5.24 with "tr/\N{U+...}/foo/" when the code point
           was between 128 and 255 has been fixed.  [perl #128734]
           <https://rt.perl.org/Public/Bug/Display.html?id=128734>.

       o   Use of a string delimiter whose code point is above 2**31 now works
           correctly on platforms that allow this.  Previously, certain
           characters, due to truncation, would be confused with other
           delimiter characters with special meaning (such as "?" in
           "m?...?"), resulting in inconsistent behaviour.  Note that this is
           non-portable, and is based on Perl's extension to UTF-8, and is
           probably not displayable nor enterable by any editor.  [perl
           #128738] <https://rt.perl.org/Public/Bug/Display.html?id=128738>

       o   "@{x" followed by a newline where "x" represents a control or non-
           ASCII character no longer produces a garbled syntax error message
           or a crash.  [perl #128951]
           <https://rt.perl.org/Public/Bug/Display.html?id=128951>

       o   An assertion failure with "%: = 0" has been fixed.  [perl #128238]
           <https://rt.perl.org/Public/Bug/Display.html?id=128238>

       o   In Perl 5.18, the parsing of "$foo::$bar" was accidentally changed,
           such that it would be treated as "$foo."::".$bar".  The previous
           behavior, which was to parse it as "$foo:: . $bar", has been
           restored.  [perl #128478]
           <https://rt.perl.org/Public/Bug/Display.html?id=128478>

       o   Since Perl 5.20, line numbers have been off by one when perl is
           invoked with the -x switch.  This has been fixed.  [perl #128508]
           <https://rt.perl.org/Public/Bug/Display.html?id=128508>

       o   Vivifying a subroutine stub in a deleted stash (e.g., "delete
           $My::{"Foo::"}; \&My::Foo::foo") no longer crashes.  It had begun
           crashing in Perl 5.18.  [perl #128532]
           <https://rt.perl.org/Public/Bug/Display.html?id=128532>

       o   Some obscure cases of subroutines and file handles being freed at
           the same time could result in crashes, but have been fixed.  The
           crash was introduced in Perl 5.22.  [perl #128597]
           <https://rt.perl.org/Public/Bug/Display.html?id=128597>

       o   Code that looks for a variable name associated with an
           uninitialized value could cause an assertion failure in cases where
           magic is involved, such as $ISA[0][0].  This has now been fixed.
           [perl #128253]
           <https://rt.perl.org/Public/Bug/Display.html?id=128253>

       o   A crash caused by code generating the warning "Subroutine
           STASH::NAME redefined" in cases such as "sub P::f{} undef *P::;
           *P::f =sub{};" has been fixed.  In these cases, where the STASH is
           missing, the warning will now appear as "Subroutine NAME
           redefined".  [perl #128257]
           <https://rt.perl.org/Public/Bug/Display.html?id=128257>

       o   Fixed an assertion triggered by some code that handles deprecated
           behavior in formats, e.g., in cases like this:

               format STDOUT =
               @
               0"$x"

           [perl #128255]
           <https://rt.perl.org/Public/Bug/Display.html?id=128255>

       o   A possible divide by zero in string transformation code on Windows
           has been avoided, fixing a crash when collating an empty string.
           [perl #128618]
           <https://rt.perl.org/Public/Bug/Display.html?id=128618>

       o   Some regular expression parsing glitches could lead to assertion
           failures with regular expressions such as "/(?<=/" and "/(?<!/".
           This has now been fixed.  [perl #128170]
           <https://rt.perl.org/Public/Bug/Display.html?id=128170>

       o   " until ($x = 1) { ... } " and " ... until $x = 1 " now properly
           warn when syntax warnings are enabled.  [perl #127333]
           <https://rt.perl.org/Public/Bug/Display.html?id=127333>

       o   socket() now leaves the error code returned by the system in $! on
           failure.  [perl #128316]
           <https://rt.perl.org/Public/Bug/Display.html?id=128316>

       o   Assignment variants of any bitwise ops under the "bitwise" feature
           would crash if the left-hand side was an array or hash.  [perl
           #128204] <https://rt.perl.org/Public/Bug/Display.html?id=128204>

       o   "require" followed by a single colon (as in "foo() ? require : ..."
           is now parsed correctly as "require" with implicit $_, rather than
           "require """.  [perl #128307]
           <https://rt.perl.org/Public/Bug/Display.html?id=128307>

       o   Scalar "keys %hash" can now be assigned to consistently in all
           scalar lvalue contexts.  Previously it worked for some contexts but
           not others.

       o   List assignment to "vec" or "substr" with an array or hash for its
           first argument used to result in crashes or "Can't coerce" error
           messages at run time, unlike scalar assignment, which would give an
           error at compile time.  List assignment now gives a compile-time
           error, too.  [perl #128260]
           <https://rt.perl.org/Public/Bug/Display.html?id=128260>

       o   Expressions containing an "&&" or "||" operator (or their synonyms
           "and" and "or") were being compiled incorrectly in some cases.  If
           the left-hand side consisted of either a negated bareword constant
           or a negated "do {}" block containing a constant expression, and
           the right-hand side consisted of a negated non-foldable expression,
           one of the negations was effectively ignored.  The same was true of
           "if" and "unless" statement modifiers, though with the left-hand
           and right-hand sides swapped.  This long-standing bug has now been
           fixed.  [perl #127952]
           <https://rt.perl.org/Public/Bug/Display.html?id=127952>

       o   "reset" with an argument no longer crashes when encountering stash
           entries other than globs.  [perl #128106]
           <https://rt.perl.org/Public/Bug/Display.html?id=128106>

       o   Assignment of hashes to, and deletion of, typeglobs named *::::::
           no longer causes crashes.  [perl #128086]
           <https://rt.perl.org/Public/Bug/Display.html?id=128086>

       o   Perl wasn't correctly handling true/false values in the LHS of a
           list assign; specifically the truth values returned by boolean
           operators.  This could trigger an assertion failure in something
           like the following:

               for ($x > $y) {
                   ($_, ...) = (...); # here $_ is aliased to a truth value
               }

           This was a regression from v5.24.  [perl #129991]
           <https://rt.perl.org/Public/Bug/Display.html?id=129991>

       o   Assertion failure with user-defined Unicode-like properties.  [perl
           #130010] <https://rt.perl.org/Public/Bug/Display.html?id=130010>

       o   Fix error message for unclosed "\N{" in a regex.  An unclosed "\N{"
           could give the wrong error message: "\N{NAME} must be resolved by
           the lexer".

       o   List assignment in list context where the LHS contained aggregates
           and where there were not enough RHS elements, used to skip scalar
           lvalues.  Previously, "(($a,$b,@c,$d) = (1))" in list context
           returned "($a)"; now it returns "($a,$b,$d)".  "(($a,$b,$c) = (1))"
           is unchanged: it still returns "($a,$b,$c)".  This can be seen in
           the following:

               sub inc { $_++ for @_ }
               inc(($a,$b,@c,$d) = (10))

           Formerly, the values of "($a,$b,$d)" would be left as
           "(11,undef,undef)"; now they are "(11,1,1)".

       o   Code like this: "/(?{ s!!! })/" could trigger infinite recursion on
           the C stack (not the normal perl stack) when the last successful
           pattern in scope is itself.  We avoid the segfault by simply
           forbidding the use of the empty pattern when it would resolve to
           the currently executing pattern.  [perl #129903]
           <https://rt.perl.org/Public/Bug/Display.html?id=129903>

       o   Avoid reading beyond the end of the line buffer in perl's lexer
           when there's a short UTF-8 character at the end.  [perl #128997]
           <https://rt.perl.org/Public/Bug/Display.html?id=128997>

       o   Alternations in regular expressions were sometimes failing to match
           a utf8 string against a utf8 alternate.  [perl #129950]
           <https://rt.perl.org/Public/Bug/Display.html?id=129950>

       o   Make "do "a\0b"" fail silently (and return "undef" and set $!)
           instead of throwing an error.  [perl #129928]
           <https://rt.perl.org/Public/Bug/Display.html?id=129928>

       o   "chdir" with no argument didn't ensure that there was stack space
           available for returning its result.  [perl #129130]
           <https://rt.perl.org/Public/Bug/Display.html?id=129130>

       o   All error messages related to "do" now refer to "do"; some formerly
           claimed to be from "require" instead.

       o   Executing "undef $x" where $x is tied or magical no longer
           incorrectly blames the variable for an uninitialized-value warning
           encountered by the tied/magical code.

       o   Code like "$x = $x . "a"" was incorrectly failing to yield a use of
           uninitialized value warning when $x was a lexical variable with an
           undefined value. That has now been fixed.  [perl #127877]
           <https://rt.perl.org/Public/Bug/Display.html?id=127877>

       o   "undef *_; shift" or "undef *_; pop" inside a subroutine, with no
           argument to "shift" or "pop", began crashing in Perl 5.14, but has
           now been fixed.

       o   "string$scalar->$*" now correctly prefers concatenation overloading
           to string overloading if "$scalar->$*" returns an overloaded
           object, bringing it into consistency with $$scalar.

       o   "/@0{0*->@*/*0" and similar contortions used to crash, but no
           longer do, but merely produce a syntax error.  [perl #128171]
           <https://rt.perl.org/Public/Bug/Display.html?id=128171>

       o   "do" or "require" with an argument which is a reference or typeglob
           which, when stringified, contains a null character, started
           crashing in Perl 5.20, but has now been fixed.  [perl #128182]
           <https://rt.perl.org/Public/Bug/Display.html?id=128182>

       o   Improve the error message for a missing "tie()" package/method.
           This brings the error messages in line with the ones used for
           normal method calls.

       o   Parsing bad POSIX charclasses no longer leaks memory.  [perl
           #128313] <https://rt.perl.org/Public/Bug/Display.html?id=128313>

Known Problems
       o   G++ 6 handles subnormal (denormal) floating point values
           differently than gcc 6 or g++ 5 resulting in "flush-to-zero". The
           end result is that if you specify very small values using the
           hexadecimal floating point format, like "0x1.fffffffffffffp-1022",
           they become zeros.  [perl #131388]
           <https://rt.perl.org/Ticket/Display.html?id=131388>

Errata From Previous Releases
       o   Fixed issues with recursive regexes.  The behavior was fixed in
           Perl 5.24.  [perl #126182]
           <https://rt.perl.org/Public/Bug/Display.html?id=126182>

Obituary
       Jon Portnoy (AVENJ), a prolific Perl author and admired Gentoo
       community member, has passed away on August 10, 2016.  He will be
       remembered and missed by all those who he came in contact with, and
       enriched with his intellect, wit, and spirit.

       It is with great sadness that we also note Kip Hampton's passing.
       Probably best known as the author of the Perl & XML column on XML.com,
       he was a core contributor to AxKit, an XML server platform that became
       an Apache Foundation project.  He was a frequent speaker in the early
       days at OSCON, and most recently at YAPC::NA in Madison.  He was
       frequently on irc.perl.org as ubu, generally in the #axkit-dahut
       community, the group responsible for YAPC::NA Asheville in 2011.

       Kip and his constant contributions to the community will be greatly
       missed.

Acknowledgements
       Perl 5.26.0 represents approximately 13 months of development since
       Perl 5.24.0 and contains approximately 360,000 lines of changes across
       2,600 files from 86 authors.

       Excluding auto-generated files, documentation and release tools, there
       were approximately 230,000 lines of changes to 1,800 .pm, .t, .c and .h
       files.

       Perl continues to flourish into its third decade thanks to a vibrant
       community of users and developers.  The following people are known to
       have contributed the improvements that became Perl 5.26.0:

       Aaron Crane, Abigail, AEvar Arnfjoerd` Bjarmason, Alex Vandiver,
       Andreas Koenig, Andreas Voegele, Andrew Fresh, Andy Lester, Aristotle
       Pagaltzis, Chad Granum, Chase Whitener, Chris 'BinGOs' Williams, Chris
       Lamb, Christian Hansen, Christian Millour, Colin Newell, Craig A.
       Berry, Dagfinn Ilmari Mannsaaker, Dan Collins, Daniel Dragan, Dave
       Cross, Dave Rolsky, David Golden, David H.  Gutteridge, David Mitchell,
       Dominic Hargreaves, Doug Bell, E. Choroba, Ed Avis, Father
       Chrysostomos, Francois Perrad, Hauke D, H.Merijn Brand, Hugo van der
       Sanden, Ivan Pozdeev, James E Keenan, James Raspass, Jarkko Hietaniemi,
       Jerry D. Hedden, Jim Cromie, J. Nick Koston, John Lightsey, Karen
       Etheridge, Karl Williamson, Leon Timmermans, Lukas Mai, Matthew
       Horsfall, Maxwell Carey, Misty De Meo, Neil Bowers, Nicholas Clark,
       Nicolas R., Niko Tyni, Pali, Paul Marquess, Peter Avalos, Petr PisaX,
       Pino Toscano, Rafael Garcia-Suarez, Reini Urban, Renee Baecker, Ricardo
       Signes, Richard Levitte, Rick Delaney, Salvador Fandin~o, Samuel
       Thibault, Sawyer X, Sebastien Aperghis-Tramoni, Sergey Aleynikov,
       Shlomi Fish, Smylers, Stefan Seifert, Steffen Mueller, Stevan Little,
       Steve Hay, Steven Humphrey, Sullivan Beck, Theo Buehler, Thomas Sibley,
       Todd Rinaldo, Tomasz Konojacki, Tony Cook, Unicode Consortium, Yaroslav
       Kuzmin, Yves Orton, Zefram.

       The list above is almost certainly incomplete as it is automatically
       generated from version control history.  In particular, it does not
       include the names of the (very much appreciated) contributors who
       reported issues to the Perl bug tracker.

       Many of the changes included in this version originated in the CPAN
       modules included in Perl's core.  We're grateful to the entire CPAN
       community for helping Perl to flourish.

       For a more complete list of all of Perl's historical contributors,
       please see the AUTHORS file in the Perl source distribution.
2017-06-05 13:41:22 +00:00
sevan
2e39a2253a Patch for issue raised in Russ Cox's "Glob Matching Can Be Simple And Fast Too" post.
https://research.swtch.com/glob
https://perl5.git.perl.org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95

Reviewed by: wiz
2017-04-28 22:59:48 +00:00
adam
06b220db94 Fix for OS X 10.12, where clock_gettime() is defined. 2016-08-31 13:24:06 +00:00
jperkin
22ad3973cb Do not attempt to generate DTrace objects for objects which do not contain
any DTrace probes.  Fixes build with newer DTrace.
2016-06-14 11:47:21 +00:00
he
42c3ea8314 Update perl to version 5.24.0.
Pkgsrc changes:
 * Add candidate fix from https://rt.cpan.org/Public/Bug/Display.html?id=72467
 * Remove patches which have been integrated upstream
 * Rename and re-mould some patches which required adjustments

http://perlnews.org/2016/05/perl-5-24-released/ has pointer to
more details and says:

May 9 2016
Perl 5.24.0 has been released.

You can read about the changes which include:

    Postfix dereferencing is no longer experimental
    Unicode 8.0 is now supported
    The autoderef feature has been removed

Perl 5.24.0 represents approximately 11 months of development since
Perl 5.22.0 and contains approximately 360,000 lines of changes
across 1,800 files from 77 authors.
2016-06-08 17:39:30 +00:00
ryoon
a6193a0b22 Update to 5.22.2
Changelog:
NAME
       perldelta - what is new for perl v5.22.2

DESCRIPTION
       This document describes differences between the 5.22.1 release and the
       5.22.2 release.

       If you are upgrading from an earlier release such as 5.22.0, first read
       perl5221delta, which describes differences between 5.22.0 and 5.22.1.

Security
   Fix out of boundary access in Win32 path handling
       This is CVE-2015-8608.  For more information see [perl #126755]
       <https://rt.perl.org/Ticket/Display.html?id=126755>.

   Fix loss of taint in "canonpath()"
       This is CVE-2015-8607.  For more information see [perl #126862]
       <https://rt.perl.org/Ticket/Display.html?id=126862>.

   Set proper umask before calling mkstemp(3)
       In 5.22.0 perl started setting umask to 0600 before calling mkstemp(3)
       and restoring it afterwards.  This wrongfully tells open(2) to strip
       the owner read and write bits from the given mode before applying it,
       rather than the intended negation of leaving only those bits in place.

       Systems that use mode 0666 in mkstemp(3) (like old versions of glibc)
       create a file with permissions 0066, leaving world read and write
       permissions regardless of current umask.

       This has been fixed by using umask 0177 instead.

       [perl #127322] <https://rt.perl.org/Ticket/Display.html?id=127322>

   Avoid accessing uninitialized memory in Win32 "crypt()"
       Validation that will detect both a short salt and invalid characters in
       the salt has been added.

://rt.perl.org/Ticket/Display.html?id=126922>

   Remove duplicate environment variables from "environ"
       Previously, if an environment variable appeared more than once in
       "environ[]", %ENV would contain the last entry for that name, while a
       typical "getenv()" would return the first entry.  We now make sure %ENV
       contains the same as what "getenv()" returns.

       Secondly, we now remove duplicates from "environ[]", so if a setting
       with that name is set in %ENV we won't pass an unsafe value to a child
       process.

       This is CVE-2016-2381.

Incompatible Changes
       There are no changes intentionally incompatible with Perl 5.22.1.  If
       any exist, they are bugs, and we request that you submit a report.  See
       "Reporting Bugs" below.

Modules and Pragmata
   Updated Modules and Pragmata
       •   File::Spec has been upgraded from version 3.56 to 3.56_01.

           "canonpath()" now preserves taint.  See "Fix loss of taint in
           "canonpath()"".

       •   Module::CoreList has been upgraded from version 5.20151213 to
           5.20160429.

           The version number of Digest::SHA listed for Perl 5.18.4 was wrong
           and has been corrected.  Likewise for the version number of Config
           in 5.18.3 and 5.18.4.  [perl #127624]
           <https://rt.perl.org/Ticket/Display.html?id=127624>

Documentation
   Changes to Existing Documentation
       perldiag

       •   The explanation of the warning "unable to close filehandle %s
           properly: %s" which can occur when doing an implicit close of a
           filehandle has been expanded and improved.

       perlfunc

       •   The documentation of "hex()" has been revised to clarify valid
           inputs.

Configuration and Compilation
       •   Dtrace builds now build successfully on systems with a newer dtrace
           that require an input object file that uses the probes in the .d
           file.

           Previously the probe would fail and cause a build failure.

           [perl #122287] <https://rt.perl.org/Ticket/Display.html?id=122287>

       •   Configure no longer probes for libnm by default.  Originally this
           was the "New Math" library, but the name has been re-used by the
           GNOME NetworkManager.

           [perl #127131] <https://rt.perl.org/Ticket/Display.html?id=127131>

       •   Configure now knows about gcc 5.

       •   Compiling perl with -DPERL_MEM_LOG now works again.

Platform Support
   Platform-Specific Notes
       Darwin
           Compiling perl with -Dusecbacktrace on Darwin now works again.

           [perl #127764] <https://rt.perl.org/Ticket/Display.html?id=127764>

       OS X/Darwin
           Builds with both -DDEBUGGING and threading enabled would fail with
           a "panic: free from wrong pool" error when built or tested from
           Terminal on OS X.  This was caused by perl's internal management of
           the environment conflicting with an atfork handler using the libc
           "setenv()" function to update the environment.

           Perl now uses "setenv()"/"unsetenv()" to update the environment on
           OS X.

           [perl #126240] <https://rt.perl.org/Ticket/Display.html?id=126240>

       ppc64el
           The floating point format of ppc64el (Debian naming for little-
           endian PowerPC) is now detected correctly.

       Tru64
           A test failure in t/porting/extrefs.t has been fixed.

Internal Changes
       •   An unwarranted assertion in "Perl_newATTRSUB_x()" has been removed.
           If a stub subroutine definition with a prototype has been seen,
           then any subsequent stub (or definition) of the same subroutine
           with an attribute was causing an assertion failure because of a
           null pointer.

           [perl #126845] <https://rt.perl.org/Ticket/Display.html?id=126845>

Selected Bug Fixes
       •   Calls to the placeholder &PL_sv_yes used internally when an
           "import()" or "unimport()" method isn't found now correctly handle
           scalar context.  [perl #126042]
           <https://rt.perl.org/Ticket/Display.html?id=126042>

       •   The "pipe()" operator would assert for "DEBUGGING" builds instead
           of producing the correct error message.  The condition asserted on
           is detected and reported on correctly without the assertions, so
           the assertions were removed.  [perl #126480]
           <https://rt.perl.org/Ticket/Display.html?id=126480>

       •   In some cases, failing to parse a here-doc would attempt to use
           freed memory.  This was caused by a pointer not being restored
           correctly.  [perl #126443]
           <https://rt.perl.org/Ticket/Display.html?id=126443>

       •   Perl now reports more context when it sees an array where it
           expects to see an operator, and avoids an assertion failure.  [perl
           #123737] <https://rt.perl.org/Ticket/Display.html?id=123737>

       •   If a here-doc was found while parsing another operator, the parser
           had already read end of file, and the here-doc was not terminated,
           perl could produce an assertion or a segmentation fault.  This now
           reliably complains about the unterminated here-doc.  [perl #125540]
           <https://rt.perl.org/Ticket/Display.html?id=125540>

       •   Parsing beyond the end of the buffer when processing a "#line"
           directive with no filename is now avoided.  [perl #127334]
           <https://rt.perl.org/Ticket/Display.html?id=127334>

       •   Perl 5.22.0 added support for the C99 hexadecimal floating point
           notation, but sometimes misparsed hex floats.  This has been fixed.
           [perl #127183] <https://rt.perl.org/Ticket/Display.html?id=127183>

       •   Certain regex patterns involving a complemented posix class in an
           inverted bracketed character class, and matching something else
           optionally would improperly fail to match.  An example of one that
           could fail is "qr/_?[^\Wbar]\x{100}/".  This has been fixed.  [perl
           #127537] <https://rt.perl.org/Ticket/Display.html?id=127537>

       •   Fixed an issue with "pack()" where "pack "H"" (and "pack "h"")
           could read past the source when given a non-utf8 source and a utf8
           target.  [perl #126325]
           <https://rt.perl.org/Ticket/Display.html?id=126325>

       •   Fixed some cases where perl would abort due to a segmentation
           fault, or a C-level assert.  [perl #126193]
           <https://rt.perl.org/Ticket/Display.html?id=126193> [perl #126257]
           <https://rt.perl.org/Ticket/Display.html?id=126257> [perl #126258]
           <https://rt.perl.org/Ticket/Display.html?id=126258> [perl #126405]
           <https://rt.perl.org/Ticket/Display.html?id=126405> [perl #126602]
           <https://rt.perl.org/Ticket/Display.html?id=126602> [perl #127773]
           <https://rt.perl.org/Ticket/Display.html?id=127773> [perl #127786]
           <https://rt.perl.org/Ticket/Display.html?id=127786>

       •   A memory leak when setting $ENV{foo} on Darwin has been fixed.
           [perl #126240] <https://rt.perl.org/Ticket/Display.html?id=126240>

       •   Perl now correctly raises an error when trying to compile patterns
           with unterminated character classes while there are trailing
           backslashes.  [perl #126141]
           <https://rt.perl.org/Ticket/Display.html?id=126141>

       •   "NOTHING" regops and "EXACTFU_SS" regops in "make_trie()" are now
           handled properly.  [perl #126206]
           <https://rt.perl.org/Ticket/Display.html?id=126206>

       •   Perl now only tests "semctl()" if we have everything needed to use
           it.  In FreeBSD the "semctl()" entry point may exist, but it can be
           disabled by policy.  [perl #127533]
           <https://rt.perl.org/Ticket/Display.html?id=127533>

       •   A regression that allowed undeclared barewords as hash keys to work
           despite strictures has been fixed.  [perl #126981]
           <https://rt.perl.org/Ticket/Display.html?id=126981>

       •   As an optimization (introduced in Perl 5.20.0), "uc()", "lc()",
           "ucfirst()" and "lcfirst()" sometimes modify their argument in-
           place rather than returning a modified copy.  The criteria for this
           optimization has been made stricter to avoid these functions
           accidentally modifying in-place when they should not, which has
           been happening in some cases, e.g. in List::Util.

       •   Excessive memory usage in the compilation of some regular
           expressions involving non-ASCII characters has been reduced.  A
           more complete fix is forthcoming in Perl 5.24.0.

Acknowledgements
       Perl 5.22.2 represents approximately 5 months of development since Perl
       5.22.1 and contains approximately 3,000 lines of changes across 110
       files from 24 authors.

       Excluding auto-generated files, documentation and release tools, there
       were approximately 1,500 lines of changes to 52 .pm, .t, .c and .h
       files.

       Perl continues to flourish into its third decade thanks to a vibrant
       community of users and developers.  The following people are known to
       have contributed the improvements that became Perl 5.22.2:

       Aaron Crane, Abigail, Andreas Koenig, Aristotle Pagaltzis, Chris
       'BinGOs' Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David
       Golden, David Mitchell, H.Merijn Brand, James E Keenan, Jarkko
       Hietaniemi, Karen Etheridge, Karl Williamson, Matthew Horsfall, Niko
       Tyni, Ricardo Signes, Sawyer X, Stevan Little, Steve Hay, Todd Rinaldo,
       Tony Cook, Vladimir Timofeev, Yves Orton.

       The list above is almost certainly incomplete as it is automatically
       generated from version control history.  In particular, it does not
       include the names of the (very much appreciated) contributors who
       reported issues to the Perl bug tracker.

       Many of the changes included in this version originated in the CPAN
       modules included in Perl's core.  We're grateful to the entire CPAN
       community for helping Perl to flourish.

       For a more complete list of all of Perl's historical contributors,
       please see the AUTHORS file in the Perl source distribution.
2016-05-01 00:05:57 +00:00
sevan
d196cd28df Add patch to address CVE-2016-2381
Bump pkgrev

Reviewed by wiz@
2016-04-19 22:14:38 +00:00
kamil
7db612f19b Backport upstream fix for pointersize test
The symbol 'main' is multiply defined because Perl 5's `Configure`
script erroneously appends `try.c`, instead of overwriting it.

This change backports an upstream patch, which will not be needed once
Perl 5 5.23.x is available.

Sent by Eric N. Vander Weele
2016-03-07 21:27:58 +00:00
adam
eaeece1571 Changes 5.22.1:
Several bugs, including a segmentation fault, have been fixed with the bounds checking constructs (introduced in Perl 5.22) \b{gcb}, \b{sb}, \b{wb}, \B{gcb}, \B{sb}, and \B{wb}. All the \B{} ones now match an empty string; none of the \b{} ones do.

* Module::CoreList has been upgraded from version 5.20150520 to 5.20151213.
* PerlIO::scalar has been upgraded from version 0.22 to 0.23.
* POSIX has been upgraded from version 1.53 to 1.53_01.
* Storable has been upgraded from version 2.53 to 2.53_01.
* warnings has been upgraded from version 1.32 to 1.34.
* Win32 has been upgraded from version 0.51 to 0.52.
2015-12-28 13:44:03 +00:00
jperkin
fd46cf57be Support SunOS/clang, fixes 64-bit build. 2015-10-27 09:10:44 +00:00
he
b146ac941a Remove reference to file no longer part of the perl distribution.
Add a Configure test to verify that including <fenv.h> doesn't produce
a build error, as it will in quite few cases on NetBSD on archs which
are not amd64, i386 or sparc in NetBSD 6.x.  If the test build fails,
pretend we don't have fenv.h.

Validated that the result builds on NetBSD/evbarm 6.0 and NetBSD/i386 6.1.5.

Build fix, so no need to bump PKGREVISION.

OK by wiz@
2015-06-24 11:43:42 +00:00
adam
d933f7573b Changes 5.22.0:
* A safer ARGV
* CGI.pm and Module::Build disappear from core
* Hexadecimal floating point values
* Variable aliases
* Repetition in list assignment
* List pipe opens on Win32
* Various small fixes
2015-06-11 13:44:23 +00:00
ryoon
603cf0ae7d Fix build under Solaris 10 x86_64.
Redo PR pkg/44999 and fix linkage.
2015-05-15 14:32:27 +00:00
wiz
ce3c8aeb2c Update to 5.20.2, provided by Kai-Uwe Eckhardt <kuehro@gmx.de> in private
mail.

Changes:

Incompatible Changes

There are no changes intentionally incompatible with 5.20.1. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.  Modules and Pragmata Updated Modules and
Pragmata

    attributes has been upgraded from version 0.22 to 0.23.

    The usage of memEQs in the XS has been corrected. [perl #122701]

    Data::Dumper has been upgraded from version 2.151 to 2.151_01.

    Fixes CVE-2014-4330 by adding a configuration variable/option to
    limit recursion when dumping deep data structures.

    Errno has been upgraded from version 1.20_03 to 1.20_05.

    Warnings when building the XS on Windows with the Visual C++
    compiler are now avoided.

    feature has been upgraded from version 1.36 to 1.36_01.

    The postderef feature has now been documented. This feature was
    actually added in Perl 5.20.0 but was accidentally omitted from
    the feature documentation until now.

    IO::Socket has been upgraded from version 1.37 to 1.38.

    Document the limitations of the connected() method. [perl #123096]

    Module::CoreList has been upgraded from version 5.020001 to
    5.20150214.

    The list of Perl versions covered has been updated.

    PathTools has been upgraded from version 3.48 to 3.48_01.

    A warning from the gcc compiler is now avoided when building the
    XS.

    PerlIO::scalar has been upgraded from version 0.18 to 0.18_01.

    Reading from a position well past the end of the scalar now
    correctly returns end of file. [perl #123443]

    Seeking to a negative position still fails, but no longer leaves
    the file position set to a negation location.

    eof() on a PerlIO::scalar handle now properly returns true when
    the file position is past the 2GB mark on 32-bit systems.

    Storable has been upgraded from version 2.49 to 2.49_01.

    Minor grammatical change to the documentation only.

    VMS::DCLsym has been upgraded from version 1.05 to 1.05_01.

    Minor formatting change to the documentation only.

    VMS::Stdio has been upgraded from version 2.4 to 2.41.

    Minor formatting change to the documentation only.

Documentation New Documentation perlunicook

This document, by Tom Christiansen, provides examples of handling
Unicode in Perl.  Changes to Existing Documentation perlexperiment

    Added reference to subroutine signatures. This feature was
    actually added in Perl 5.20.0 but was accidentally omitted from
    the experimental feature documentation until now.

perlpolicy

    The process whereby features may graduate from experimental status
    has now been formally documented.

perlsyn

    An ambiguity in the documentation of the ellipsis statement has
    been corrected. [perl #122661]

Diagnostics

The following additions or changes have been made to diagnostic
output, including warnings and fatal error messages. For the complete
list of diagnostic messages, see perldiag.  Changes to Existing
Diagnostics

    Bad symbol for scalar is now documented. This error is not new,
    but was not previously documented here.

    Missing right brace on \N{} is now documented. This error is not
    new, but was not previously documented here.

Testing

    The test script re/rt122747.t has been added to verify that perl
    #122747 remains fixed.

Platform Support Regained Platforms

IRIX and Tru64 platforms are working again. (Some make test failures
remain.)  Selected Bug Fixes

    AIX now sets the length in getsockopt correctly. [perl #120835],
    [cpan #91183], [cpan #85570]

    In Perl 5.20.0, $^N accidentally had the internal UTF8 flag turned
    off if accessed from a code block within a regular expression,
    effectively UTF8-encoding the value. This has been fixed. [perl
    #123135]

    Various cases where the name of a sub is used (autoload,
    overloading, error messages) used to crash for lexical subs, but
    have been fixed.

    An assertion failure when parsing sort with debugging enabled has
    been fixed. [perl #122771]

    Loading UTF8 tables during a regular expression match could cause
    assertion failures under debugging builds if the previous match
    used the very same regular expression. [perl #122747]

    Due to a mistake in the string-copying logic, copying the value of
    a state variable could instead steal the value and undefine the
    variable. This bug, introduced in Perl 5.20, would happen mostly
    for long strings (1250 chars or more), but could happen for any
    strings under builds with copy-on-write disabled. [perl #123029]

    Fixed a bug that could cause perl to execute an infinite loop
    during compilation. [perl #122995]

    On Win32, restoring in a child pseudo-process a variable that was
    local()ed in a parent pseudo-process before the fork happened
    caused memory corruption and a crash in the child pseudo-process
    (and therefore OS process). [perl #40565]

    Tainted constants evaluated at compile time no longer cause
    unrelated statements to become tainted. [perl #122669]

    Calling write on a format with a ^** field could produce a panic
    in sv_chop() if there were insufficient arguments or if the
    variable used to fill the field was empty. [perl #123245]

    In Perl 5.20.0, sort CORE::fake where 'fake' is anything other
    than a keyword started chopping of the last 6 characters and
    treating the result as a sort sub name. The previous behaviour of
    treating "CORE::fake" as a sort sub name has been restored. [perl
    #123410]

    A bug in regular expression patterns that could lead to segfaults
    and other crashes has been fixed. This occurred only in patterns
    compiled with "/i", while taking into account the current POSIX
    locale (this usually means they have to be compiled within the
    scope of "use locale"), and there must be a string of at least 128
    consecutive bytes to match. [perl #123539]

    qr/@array(?{block})/ no longer dies with "Bizarre copy of
    ARRAY". [perl #123344]

    gmtime no longer crashes with not-a-number values. [perl #123495]

    Certain syntax errors in substitutions, such as s/${<>{})//, would
    crash, and had done so since Perl 5.10. (In some cases the crash
    did not start happening until Perl 5.16.) The crash has, of
    course, been fixed. [perl #123542]

    A memory leak in some regular expressions, introduced in Perl
    5.20.1, has been fixed. [perl #123198]

    formline("@...", "a"); would crash. The FF_CHECKNL case in
    pp_formline() didn't set the pointer used to mark the chop
    position, which led to the FF_MORE case crashing with a
    segmentation fault. This has been fixed. [perl #123538] [perl
    #123622]

    A possible buffer overrun and crash when parsing a literal pattern
    during regular expression compilation has been fixed. [perl
    #123604]

Known Problems

    It is a known bug that lexical subroutines cannot be used as the
    SUBNAME argument to sort. This will be fixed in a future version
    of Perl.

Errata From Previous Releases

    A regression has been fixed that was introduced in Perl 5.20.0
    (fixed in Perl 5.20.1 as well as here) in which a UTF-8 encoded
    regular expression pattern that contains a single ASCII lowercase
    letter does not match its uppercase counterpart. [perl #122655]
2015-02-25 14:56:45 +00:00
bsiegert
61b572397b Declare MACOSX_DEPLOYMENT_TARGET for versions from 10.3 to 10.5 to fix
the build.

Patch provided by Sevan Janiyan in PR pkg/49394.
2014-11-22 15:45:41 +00:00
adam
9710448feb Perl 5.20.1 has been released, this is the latest stable version of Perl.
Changes include performance enhancements and various bug fixes.

Perl 5.20.1 represents approximately 4 months of development since Perl 5.20.0 and contains approximately 12,000 lines of changes across 170 files from 36 authors.
2014-10-01 07:17:02 +00:00
spz
22fb374174 Minimally invasive fix for CVE-2014-4330, also known as
https://www.lsexperts.de/advisories/lse-2014-06-10.txt,
a stack overflow vulnerability in Data::Dumper

Patches taken from
http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304,
to be removed when updating to 5.20.1 (or later).

perl-5.20.0nb2 is fit for pkg_add -u replacement of perl-5.20.0nb1
2014-09-29 11:36:01 +00:00
mrg
8a99cab8a1 adjust a pattern to match 0.8 vs everything else.
fixes build on netbsd-7, which was matching "not everything else"
2014-08-12 05:41:39 +00:00
joerg
1e6bcc0d5f Don't try to extract the library search path from gcc/clang. It will
leak .buildlink into the final build and create a broken p5-gdbm.
Bump revision.
2014-06-08 23:35:55 +00:00
obache
7dc912f3fb File::Copy is used for the case link() is not usable.
Fixes installation on Haiku with BeFS.
2014-06-07 11:58:39 +00:00