=head1 Core Changes
-Most importantly, many bugs were fixed. See the F<Changes>
-file in the distribution for details.
+Most importantly, many bugs were fixed, including several security
+problems. See the F<Changes> file in the distribution for details.
+
+=head2 List assignment to %ENV works
+
+C<%ENV = ()> and C<%ENV = @list> now work as expected (except on VMS
+where it generates a fatal error).
+
+=head2 "Can't locate Foo.pm in @INC" error now lists @INC
=head2 Compilation option: Binary compatibility with 5.003
beginning of your script, except that hyphens are optional. PERL5OPT
may only be used to set the following switches: B<-[DIMUdmw]>.
-=head2 Limitations on B<-M>, and C<-m>, and B<-T> options
+=head2 Limitations on B<-M>, B<-m>, and B<-T> options
The C<-M> and C<-m> options are no longer allowed on the C<#!> line of
a script. If a script needs a module, it should invoke it with the
depend on inheriting C<AUTOLOAD> for non-methods from a base class named
C<BaseClass>, execute C<*AUTOLOAD = \&BaseClass::AUTOLOAD> during startup.
+=head2 Previously deprecated %OVERLOAD is no longer usable
+
+Using %OVERLOAD to define overloading was deprecated in 5.003.
+Overloading is now defined using the overload pragma. %OVERLOAD is
+still used internally but should not be used by Perl scripts. See
+L<overload> for more details.
+
=head2 Subroutine arguments created only when they're modified
In Perl 5.004, nonexistent array and hash elements used as subroutine
old (broken) way inside strings; but it generates this message as a
warning. And in Perl 5.005, this special treatment will cease.
+=head2 Fixed localization of $<digit>, $&, etc.
+
+Perl versions before 5.004 did not always properly localize the
+regex-related special variables. Perl 5.004 does localize them, as
+the documentation has always said it should. This may result in $1,
+$2, etc. no longer being set where existing programs use them.
+
=head2 No resetting of $. on implicit close
The documentation for Perl 5.0 has always stated that C<$.> is I<not>
not be used at all, which allows subroutines to avoid a time-consuming
calculation of a return value if it isn't going to be used.
+=head2 C<eval EXPR> determines value of EXPR in scalar context
+
+Perl (version 5) used to determine the value of EXPR inconsistently,
+sometimes incorrectly using the surrounding context for the determination.
+Now, the value of EXPR (before being parsed by eval) is always determined in
+a scalar context. Once parsed, it is executed as before, by providing
+the context that the scope surrounding the eval provided. This change
+makes the behavior Perl4 compatible, besides fixing bugs resulting from
+the inconsistent behavior. This program:
+
+ @a = qw(time now is time);
+ print eval @a;
+ print '|', scalar eval @a;
+
+used to print something like "timenowis881399109|4", but now (and in perl4)
+prints "4|4".
+
=head2 Changes to tainting checks
A bug in previous versions may have failed to detect some insecure
as a blessing, since that indicates a potentially-serious security
hole was just plugged.
+The new restrictions when tainting include:
+
+=over
+
+=item No glob() or <*>
+
+These operators may spawn the C shell (csh), which cannot be made
+safe. This restriction will be lifted in a future version of Perl
+when globbing is implemented without the use of an external program.
+
+=item No spawning if tainted $CDPATH, $ENV, $BASH_ENV
+
+These environment variables may alter the behavior of spawned programs
+(especially shells) in ways that subvert security. So now they are
+treated as dangerous, in the manner of $IFS and $PATH.
+
+=item No spawning if tainted $TERM doesn't look like a terminal name
+
+Some termcap libraries do unsafe things with $TERM. However, it would be
+unnecessarily harsh to treat all $TERM values as unsafe, since only shell
+metacharacters can cause trouble in $TERM. So a tainted $TERM is
+considered to be safe if it contains only alphanumerics, underscores,
+dashes, and colons, and unsafe if it contains other characters (including
+whitespace).
+
+=back
+
=head2 New Opcode module and revised Safe module
A new Opcode module supports the creation, manipulation and
IO::Handle, IO::Seekable, and IO::File. We suggest, but do not
require, that you use the IO::* modules in new code.
-In harmony with this change, C<*GLOB{FILEHANDLE}> is now a
-backward-compatible synonym for C<*STDOUT{IO}>.
+In harmony with this change, C<*GLOB{FILEHANDLE}> is now just a
+backward-compatible synonym for C<*GLOB{IO}>.
=head2 Internal change: PerlIO abstraction interface
By default, running out of memory it is not trappable. However, if
compiled for this, Perl may use the contents of C<$^M> as an emergency
pool after die()ing with this message. Suppose that your Perl were
-compiled with -DEMERGENCY_SBRK and used Perl's malloc. Then
+compiled with -DPERL_EMERGENCY_SBRK and used Perl's malloc. Then
$^M = 'a' x (1<<16);
first. Bit eight of each byte is set, except for the last byte, in
which bit eight is clear.
+If 'p' or 'P' are given undef as values, they now generate a NULL
+pointer.
+
Both pack() and unpack() now fail when their templates contain invalid
types. (Invalid types used to be ignored.)
Functions documented in the Camel to default to $_ now in
fact do, and all those that do are so documented in L<perlfunc>.
-=item C<m//g> does not reset search position on failure
-
-The C<m//g> match iteration construct used to reset its target string's
-search position (which is visible through the C<pos> operator) when a
-match failed; as a result, the next C<m//g> match would start at the
-beginning of the string). With Perl 5.004, the search position must be
-reset explicitly, as with C<pos $str = 0;>, or by modifying the target
-string. This change in Perl makes it possible to chain matches together
-in conjunction with the C<\G> zero-width assertion. See L<perlop> and
-L<perlre>.
+=item C<m//gc> does not reset search position on failure
-Here is an illustration of what it takes to get the old behavior:
-
- for ( qw(this and that are not what you think you got) ) {
- while ( /(\w*t\w*)/g ) { print "t word is: $1\n" }
- pos = 0; # REQUIRED FOR 5.004
- while ( /(\w*a\w*)/g ) { print "a word is: $1\n" }
- print "\n";
- }
+The C<m//g> match iteration construct has always reset its target
+string's search position (which is visible through the C<pos> operator)
+when a match fails; as a result, the next C<m//g> match after a failure
+starts again at the beginning of the string. With Perl 5.004, this
+reset may be disabled by adding the "c" (for "continue") modifier,
+i.e. C<m//gc>. This feature, in conjunction with the C<\G> zero-width
+assertion, makes it possible to chain matches together. See L<perlop>
+and L<perlre>.
=item C<m//x> ignores whitespace before ?*+{}
Just like anonymous functions that contain lexical variables
that change (like a lexical index variable for a C<foreach> loop),
formats now work properly. For example, this silently failed
-before, and is fine now:
+before (printed only zeros), but is fine now:
my $i;
foreach $i ( 1 .. 10 ) {
- format =
+ write;
+ }
+ format =
my i is @#
$i
.
+
+However, it still fails (without a warning) if the foreach is within a
+subroutine:
+
+ my $i;
+ sub foo {
+ foreach $i ( 1 .. 10 ) {
write;
+ }
}
+ foo;
+ format =
+ my i is @#
+ $i
+ .
=back
=head2 Malloc enhancements
-Four new compilation flags are recognized by malloc.c. (They have no
-effect if perl is compiled with system malloc().)
-
-=over
-
-=item -DDEBUGGING_MSTATS
-
-If perl is compiled with C<DEBUGGING_MSTATS> defined, you can print
+If perl is compiled with the malloc included with the perl distribution
+(that is, if C<perl -V:d_mymalloc> is 'define') then you can print
memory statistics at runtime by running Perl thusly:
env PERL_DEBUG_MSTATS=2 perl your_script_here
The value of 2 means to print statistics after compilation and on
-exit; with a value of 1, the statistics ares printed only on exit.
+exit; with a value of 1, the statistics are printed only on exit.
(If you want the statistics at an arbitrary time, you'll need to
install the optional module Devel::Peek.)
-=item -DEMERGENCY_SBRK
+Three new compilation flags are recognized by malloc.c. (They have no
+effect if perl is compiled with system malloc().)
+
+=over
+
+=item -DPERL_EMERGENCY_SBRK
If this macro is defined, running out of memory need not be a fatal
error: a memory pool can allocated by assigning to the special
Perl 5.004 now includes support for building a "native" perl under
Windows NT, using the Microsoft Visual C++ compiler (versions 2.0
-and above). The resulting perl can be used under Windows 95 (if it
+and above) or the Borland C++ compiler (versions 5.02 and above).
+The resulting perl can be used under Windows 95 (if it
is installed in the same directory locations as it got installed
in Windows NT). This port includes support for perl extension
building tools like L<MakeMaker> and L<h2xs>, so that many extensions
many UNIX programs under Windows NT by providing a mostly UNIX-like
interface for compilation and execution. See L<README.cygwin32> for
more details on this port, and how to obtain the Cygwin32 toolkit.
-This port has not been as well tested as the "native" port described
-above (which is not as well tested as we'd like either :)
=head2 Plan 9
This document.
+=item L<perlfaq>
+
+Frequently asked questions.
+
=item L<perllocale>
Locale support (internationalization and localization).
Perl internal IO abstraction interface.
+=item L<perlmodlib>
+
+Perl module library and recommended practice for module creation.
+Extracted from L<perlmod> (which is much smaller as a result).
+
=item L<perldebug>
Although not new, this has been massively updated.
=item "my" variable %s masks earlier declaration in same scope
-(S) A lexical variable has been redeclared in the same scope, effectively
+(W) A lexical variable has been redeclared in the same scope, effectively
eliminating all access to the previous instance. This is almost always
a typographical error. Note that the earlier variable will still exist
until the end of the scope or until all closure referents to it are
=item Applying %s to %s will act on scalar(%s)
-(W) The pattern match (//), substitution (s///), and translation (tr///)
+(W) The pattern match (//), substitution (s///), and transliteration (tr///)
operators work on scalar values. If you apply one of them to an array
or a hash, it will convert the array or hash to a scalar value -- the
length of an array, or the population info of a hash -- and then work on
as an lvalue, which is pretty strange. Perhaps you forgot to
dereference it first. See L<perlfunc/substr>.
+=item Bareword "%s" refers to nonexistent package
+
+(W) You used a qualified bareword of the form C<Foo::>, but
+the compiler saw no other uses of that namespace before that point.
+Perhaps you need to predeclare a package?
+
=item Can't redefine active sort subroutine %s
(F) Perl optimizes the internal handling of sort subroutines and keeps
from innumerable contributors, with kibitzing by more than a few Perl
porters.
-Last update: Sat Mar 8 19:51:26 EST 1997
+Last update: Wed May 14 11:14:09 EDT 1997