perldelta - what is new for perl v5.22.2
This document describes differences between the 5.22.1 release and the 5.22.2 release.
If you are upgrading from an earlier release such as 5.22.0, first read perl5221delta, which describes differences between 5.22.0 and 5.22.1.
This is CVE-2015-8608. For more information see [perl #126755].
canonpath()This is CVE-2015-8607. For more information see [perl #126862].
mkstemp(3)In 5.22.0 perl started setting umask to 0600 before calling mkstemp(3) and restoring it afterwards. This wrongfully tells open(2) to strip the owner read and write bits from the given mode before applying it, rather than the intended negation of leaving only those bits in place.
Systems that use mode 0666 in mkstemp(3) (like old versions of glibc) create a file with permissions 0066, leaving world read and write permissions regardless of current umask.
This has been fixed by using umask 0177 instead.
crypt()Validation that will detect both a short salt and invalid characters in the salt has been added.
environPreviously, if an environment variable appeared more than once in environ[], %ENV would contain the last entry for that name, while a typical getenv() would return the first entry. We now make sure %ENV contains the same as what getenv() returns.
Secondly, we now remove duplicates from environ[], so if a setting with that name is set in %ENV we won't pass an unsafe value to a child process.
This is CVE-2016-2381.
There are no changes intentionally incompatible with Perl 5.22.1. If any exist, they are bugs, and we request that you submit a report. See "Reporting Bugs" below.
File::Spec has been upgraded from version 3.56 to 3.56_01.
canonpath() now preserves taint. See "Fix loss of taint in canonpath()".
Module::CoreList has been upgraded from version 5.20151213 to 5.20160429.
The version number of Digest::SHA listed for Perl 5.18.4 was wrong and has been corrected. Likewise for the version number of Config in 5.18.3 and 5.18.4. [perl #127624]
The explanation of the warning "unable to close filehandle %s properly: %s" which can occur when doing an implicit close of a filehandle has been expanded and improved.
The documentation of hex() has been revised to clarify valid inputs.
Dtrace builds now build successfully on systems with a newer dtrace that require an input object file that uses the probes in the .d file.
Previously the probe would fail and cause a build failure.
Configure no longer probes for libnm by default. Originally this was the "New Math" library, but the name has been re-used by the GNOME NetworkManager.
Configure now knows about gcc 5.
Compiling perl with -DPERL_MEM_LOG now works again.