CONTENTS

NAME

perldelta - what is new for perl v5.40.0

DESCRIPTION

This document describes differences between the 5.38.0 release and the 5.40.0 release.

Core Enhancements

New __CLASS__ Keyword

When using the new class feature, code inside a method, ADJUST block or field initializer expression is now permitted to use the new __CLASS__ keyword. This yields a class name, similar to __PACKAGE__, but whereas that gives the compile-time package that the code appears in, the __CLASS__ keyword is aware of the actual run-time class that the object instance is a member of. This makes it useful for method dispatch on that class, especially during constructors, where access to $self is not permitted.

For more information, see "__CLASS__" in perlfunc.

:reader attribute for field variables

When using the class feature, field variables can now take a :reader attribute. This requests that an accessor method be automatically created that simply returns the value of the field variable from the given instance.

field $name :reader;

Is equivalent to

field $name;
method name () { return $name; }

An alternative name can also be provided:

field $name :reader(get_name);

For more detail, see ":reader" in perlclass.

Permit a space in -M command-line option

When processing command-line options, perl now allows a space between the -M switch and the name of the module after it.

$ perl -M Data::Dumper=Dumper -E 'say Dumper [1,2,3]'

This matches the existing behaviour of the -I option.

Restrictions to use VERSION declarations

In Perl 5.36, a deprecation warning was added when downgrading a use VERSION declaration from one above version 5.11, to below. This has now been made a fatal error.

Additionally, it is now a fatal error to issue a subsequent use VERSION declaration when another is in scope, when either version is 5.39 or above. This is to avoid complications surrounding imported lexical functions from builtin. A deprecation warning has also been added for any other subsequent use VERSION declaration below version 5.39, to warn that it will no longer be permitted in Perl version 5.44.

New builtin::inf and builtin::nan functions (experimental)

Two new functions, inf and nan, have been added to the builtin namespace. These act like constants that yield the floating-point infinity and Not-a-Number value respectively.

New ^^ logical xor operator

Perl has always had three low-precedence logical operators and, or and xor, as well as three high-precedence bitwise versions &, ^ and |. Until this release, while the medium-precedence logical operators of && and || were also present, there was no exclusive-or equivalent. This release of Perl adds the final ^^ operator, completing the set.

$x ^^ $y and say "One of x or y is true, but not both";

try/catch feature is no longer experimental

Prior to this release, the try/catch feature for handling errors was considered experimental. Introduced in Perl version 5.34.0, this is now considered a stable language feature and its use no longer prints a warning. It still must be enabled with the 'try' feature.

See "Try Catch Exception Handling" in perlsyn.

for iterating over multiple values at a time is no longer experimental

Prior to this release, iterating over multiple values at a time with for was considered experimental. Introduced in Perl version 5.36.0, this is now considered a stable language feature and its use no longer prints a warning. See "Compound Statements" in perlsyn.

builtin module is no longer experimental

Prior to this release, the builtin module and all of its functions were considered experimental. Introduced in Perl version 5.36.0, this module is now considered stable its use no longer prints a warning. However, several of its functions are still considered experimental.

The :5.40 feature bundle adds try

The latest version feature bundle now contains the recently-stablized feature try. As this feature bundle is used by the -E commandline switch, these are immediately available in -E scripts.

use v5.40; imports builtin functions

In addition to importing a feature bundle, use v5.40; (or later versions) imports the corresponding builtin version bundle.

Security

CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

This vulnerability was reported directly to the Perl security team by Nathan Mills [email protected].

A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer.

CVE-2023-47039 - Perl for Windows binary hijacking vulnerability

This vulnerability was reported to the Intel Product Security Incident Response Team (PSIRT) by GitHub user ycdxsb https://github.com/ycdxsb/WindowsPrivilegeEscalation. PSIRT then reported it to the Perl security team.

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.

An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

Incompatible Changes

reset EXPR now calls set-magic on scalars

Previously reset EXPR did not call set magic when clearing scalar variables. This meant that changes did not propagate to the underlying internal state where needed, such as for $^W, and did not result in an exception where the underlying magic would normally throw an exception, such as for $1.

This means code that had no effect before may now actually have an effect, including possibly throwing an exception.

reset EXPR already called set magic when modifying arrays and hashes.

This has no effect on plain reset used to reset one-match searches as with m?pattern?.

[GH #20763]

Calling the import method of an unknown package produces a warning

Historically, it has been possible to call the import or unimport method of any class, including ones which have not been defined, with an argument and not experience an error. For instance, this code will not throw an error in Perl 5.38:

Class::That::Does::Not::Exist->import("foo");

However, as of Perl 5.39.1 this is deprecated and will issue a warning. Note that calling these methods with no arguments continues to silently succeed and do nothing. For instance,

Class::That::Does::Not::Exist->import();

will continue to not throw an error. This is because every class implicitly inherits from the class UNIVERSAL which now defines an import method. In older perls there was no such method defined, and instead the method calls for import and unimport were special cased to not throw errors if there was no such method defined.

This change has been added because it makes it easier to detect case typos in use statements when running on case-insensitive file systems. For instance, on Windows or other platforms with case-insensitive file systems on older perls the following code

use STRICT 'refs';

would silently do nothing as the module is actually called strict.pm, not STRICT.pm, so it would be loaded but its import method would never be called. It will also detect cases where a user passes an argument when using a package that does not provide its own import, for instance most "pure" class definitions do not define an import method.

return no longer allows an indirect object

The return operator syntax now rejects indirect objects. In most cases this would compile and even run, but wasn't documented and could produce confusing results, for example:

# note that sum hasn't been defined
sub sum_positive {
    return sum grep $_ > 0, @_;
    # unexpectedly parsed as:
    #   return *sum, grep $_ > 0, @_;
    # ... with the bareword acting like an extra (typeglob) argument
}
say for sum_positive(-1, 2, 3)

produced:

*main::sum
2
3

[GH #21716]

Class barewords no longer resolved as file handles in method calls under no feature "bareword_filehandles"

Under no feature "bareword_filehandles" bareword file handles continued to be resolved in method calls:

open FH, "<", $somefile or die;
no feature 'bareword_filehandles';
FH->binmode;

This has been fixed, so the:

FH->binmode;

will attempt to resolve FH as a class, typically resulting in a runtime error.

The standard file handles such as STDOUT continue to be resolved as a handle:

no feature 'bareword_filehandles';
STDOUT->flush; # continues to work

Note that once perl resolves a bareword name as a class it will continue to do so:

package SomeClass {
    sub somemethod{}
}
open SomeClass, "<", "somefile" or die;
# SomeClass resolved as a handle
SomeClass->binmode;
{
    no feature "bareword_filehandles";
    SomeClass->somemethod;
}
# SomeClass resolved as a class
SomeClass->binmode;

[GH #19426]

Deprecations

Performance Enhancements

Modules and Pragmata

New Modules and Pragmata

Updated Modules and Pragmata

Documentation

Changes to Existing Documentation

We have attempted to update the documentation to reflect the changes listed in this document. If you find any we have missed, open an issue at https://github.com/Perl/perl5/issues.

Additionally, the following selected changes have been made:

perlapi

perlclass

perlfunc

perlguts

perlclib

perlhacktips

perllol

perlre

perlref

perlop

perlport

perlvar

Diagnostics

The following additions or changes have been made to diagnostic output, including warnings and fatal error messages. For the complete list of diagnostic messages, see perldiag.

New Diagnostics

New Errors

New Warnings

Changes to Existing Diagnostics

Configuration and Compilation

Testing

Tests were added and changed to reflect the other additions and changes in this release. Furthermore, these significant changes were made:

Platform Support

New Platforms

Serenity OS

Out of the box support for Serenity OS was added.

Platform-Specific Notes

Windows

Eliminated several header build warnings under MSVC with /W4 to reduce noise for embedders. [GH #21031]

Work around a bug in most 32-bit Mingw builds, where the generated code, including the code in the gcc support library, assumes 16-byte stack alignment, which 32-bit Windows does not preserve. [GH #21313]

Enable copysign, signbit, acosh, asinh, atanh, exp2, tgamma in the bundled configuration used for MSVC. [GH #21610]

The build process no longer supports Visual Studio 2013. This was failing to build at a very basic level and there have been no reports of such failures. [GH #21624]

Linux

The hints file has been updated to handle the Intel oneAPI DPC++/C++ compiler.

MacOS/Darwin

Don't set MACOSX_DEPLOYMENT_TARGET when building on OS X 10.5. [GH #21367]

VMS

Fixed the configure "installation prefix" prompt to accept a string rather than yes/no.

Fixed compilation by defining proper value for perl_lc_all_category_positions_init.

Increased buffer size when reading config_H.SH to fix compilation under clang.

Oracle Developer Studio (Solaris, Oracle Linux)

Due to an apparent code generation bug, the default optimization level for the Oracle Developer Studio (formerly Sun Workshop) compiler is now -xO1. [GH #21535]

Internal Changes

Selected Bug Fixes

Known Problems

Errata From Previous Releases

Acknowledgements

Perl 5.40.0 represents approximately 11 months of development since Perl 5.38.0 and contains approximately 160,000 lines of changes across 1,500 files from 75 authors.

Excluding auto-generated files, documentation and release tools, there were approximately 110,000 lines of changes to 1,200 .pm, .t, .c and .h files.

Perl continues to flourish into its fourth decade thanks to a vibrant community of users and developers. The following people are known to have contributed the improvements that became Perl 5.40.0:

Abe Timmerman, Alexander Kanavin, Amory Meltzer, Aristotle Pagaltzis, Arne Johannessen, Beckett Normington, Bernard Quatermass, Bernd, Bruno Meneguele, Chad Granum, Chris 'BinGOs' Williams, Christoph Lamprecht, Craig A. Berry, Dagfinn Ilmari Mannsåker, Dan Book, Dan Church, Daniel Böhmer, Dan Jacobson, Dan Kogai, David Golden, David Mitchell, E. Choroba, Elvin Aslanov, Erik Huelsmann, Eugen Konkov, Gianni Ceccarelli, Graham Knop, Greg Kennedy, guoguangwu, Hauke D, H.Merijn Brand, Hugo van der Sanden, iabyn, Jake Hamby, Jakub Wilk, James E Keenan, James Raspass, Joe McMahon, Johan Vromans, John Karr, Karen Etheridge, Karl Williamson, Leon Timmermans, Lukas Mai, Marco Fontani, Marek Rouchal, Martijn Lievaart, Mathias Kende, Matthew Horsfall, Max Maischein, Nicolas Mendoza, Nicolas R, OpossumPetya, Paul Evans, Paul Marquess, Peter John Acklam, Philippe Bruhat (BooK), Raul E Rangel, Renee Baecker, Ricardo Signes, Richard Leach, Scott Baker, Sevan Janiyan, Sisyphus, Steve Hay, TAKAI Kousuke, Todd Rinaldo, Tomasz Konojacki, Tom Hughes, Tony Cook, William Lyu, x-yuri, Yves Orton, Zakariyya Mughal, Дилян Палаузов.

The list above is almost certainly incomplete as it is automatically generated from version control history. In particular, it does not include the names of the (very much appreciated) contributors who reported issues to the Perl bug tracker.

Many of the changes included in this version originated in the CPAN modules included in Perl's core. We're grateful to the entire CPAN community for helping Perl to flourish.

For a more complete list of all of Perl's historical contributors, please see the AUTHORS file in the Perl source distribution.

Reporting Bugs

If you find what you think is a bug, you might check the perl bug database at https://github.com/Perl/perl5/issues. There may also be information at https://www.perl.org/, the Perl Home Page.

If you believe you have an unreported bug, please open an issue at https://github.com/Perl/perl5/issues. Be sure to trim your bug down to a tiny but sufficient test case.

If the bug you are reporting has security implications which make it inappropriate to send to a public issue tracker, then see "SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of how to report the issue.

Give Thanks

If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, you can do so by running the perlthanks program:

perlthanks

This will send an email to the Perl 5 Porters list with your show of thanks.

SEE ALSO

The Changes file for an explanation of how to view exhaustive details on what changed.

The INSTALL file for how to build Perl.

The README file for general stuff.

The Artistic and Copying files for copyright information.