A potential security vulnerability in the optional suidperl component
of Perl has been identified. suidperl is neither built nor installed
-by default. As of August the 20th, 2000, the only known vulnerable
+by default. As of September the 2nd, 2000, the only known vulnerable
platform is Linux, most likely all Linux distributions. CERT and
various vendors have been alerted about the vulnerability.
The problem was caused by Perl trying to report a suspected security
exploit attempt using an external program, /bin/mail. On Linux
-platforms the /bin/mail program had an undocumented feature which gave
-access to a root shell, resulting in a serious compromise instead of
-reporting the exploit attempt. If you don't have /bin/mail, or if you
-have 'safe setuid scripts', or if suidperl is not installed, you
-are safe.
+platforms the /bin/mail program had an undocumented feature which
+when combined with suidperl gave access to a root shell, resulting in
+a serious compromise instead of reporting the exploit attempt. If you
+don't have /bin/mail, or if you have 'safe setuid scripts', or if
+suidperl is not installed, you are safe.
The exploit attempt reporting feature has been completely removed from
the Perl 5.7.0 release, so that particular vulnerability isn't there
use English '-no_performance_hit';
(Assuming, of course, that one doesn't need the troublesome variables
-C<$`>, C<$&>, or C<$'>.) Also, introduce C<@LAST_MATCH_START> and
+C<$`>, C<$&>, or C<$'>.) Also, introduced C<@LAST_MATCH_START> and
C<@LAST_MATCH_END> English aliases for C<@-> and C<@+>.
=item *
=item *
-The Emacs perl mode (emacs/cperl-mode.el) has been updated to version 4.31.
+The Emacs perl mode (emacs/cperl-mode.el) has been updated to version
+4.31.
=item *
-Perlbug is now much more robust. It also sends the bug report to perl.org,
-not perl.com.
+Perlbug is now much more robust. It also sends the bug report to
+perl.org, not perl.com.
=item *
map() that changes the size of the list should now work faster.
+=item *
+
+sort() has been changed to use mergesort internally as opposed to the
+earlier quicksort. For very small lists this may result in slightly
+slower sorting times, but in general the speedup should be at least
+20%. Additional bonuses are that the worst case behaviour of sort()
+is now better (in computer science terms it now runs in time O(N log N),
+as opposed to quicksort's Theta(N**2) worst-case run time behaviour),
+and that sort() is now stable (meaning that elements with identical
+keys will stay ordered as they were before the sort).
+
=back
=head1 Installation and Configuration Improvements
=item *
-Policy.sh policy change: if you are reusing a Policy.sh file (see
-INSTALL) and you use Configure -Dprefix=/foo/bar and in the old
+Policy.sh policy change: if you are reusing a Policy.sh file
+(see INSTALL) and you use Configure -Dprefix=/foo/bar and in the old
Policy $prefix eq $siteprefix and $prefix eq $vendorprefix, all of
them will now be changed to the new prefix, /foo/bar. (Previously
only $prefix changed.) If you do not like this new behaviour,
=item *
-The character tables have been updated to new Unicode 3.0 features.
+The character tables have been updated to Unicode 3.0.1.
=item *
=item *
+vec() now refuses to deal with characters >255.
+
+=item *
+
Zero entries were missing from the Unicode classes like C<IsDigit>.
=back
Don't panic. Read INSTALL 'make test' section instead.
+=head2 Test lib/posix Subtest 9 Fails In LP64-Configured HP-UX
+
+If perl is configured with -Duse64bitall, the successful result of the
+subtest 10 of lib/posix may arrive before the successful result of the
+subtest 9, which confuses the test harness so much that it thinks the
+subtest 9 failed.
+
=head2 Long Doubles Still Don't Work In Solaris
The experimental long double support is still very much so in Solaris.
(Other platforms like Linux and Tru64 are beginning to solidify in
this area.)
+=head2 Linux With Sfio Fails op/misc Test 48
+
+No known fix.
+
=head2 Storable tests fail in some platforms
If any Storable tests fail the use of Storable is not advisable.