Project:Perl/dev-lang/perl
Perl v5.24
Releases
5.24.3
- Added to tree 2017-09-23 02:48:41
- CVE Fixes bug #630610 for CVE-2017-12883, CVE-2017-12837
- Upgraded POSIX
- Upgraded Time::HiRes
- Upstream Fixes for Configure + -flto on GCC6
- Block -Duselongdouble and -Dusequadmath together
- Upstreams release notes: https://metacpan.org/pod/release/SHAY/perl-5.24.3/pod/perldelta.pod
5.24.4
- Added to tree 2018-04-17 01:48:48
- CVE Fixes bug #653432 for CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
- Upstreams release notes: https://metacpan.org/pod/release/SHAY/perl-5.24.4/pod/perldelta.pod
Perl v5.26
Releases
5.26.1
- Added to tree 2017-09-23 03:23:47
- CVE Fixes bug #630610 for CVE-2017-12883, CVE-2017-12837
- Upstreams release notes: https://metacpan.org/pod/release/SHAY/perl-5.26.1/pod/perldelta.pod
- Adds auto-discovery of all "OLDVERS" in ABI-independent paths. This aims to help smooth over the transition from older perl versions, especially during portage needing to execute Perl based code without properly satisfying the bdeps path. It should still be relied upon that perl-cleaner and portage clean up the mess, but now, a temporary case where old code has a chance of working exists.
5.26.1-r1
- Added to tree 2017-11-01 21:04:39
- Added fixes for Glibc w/ xlocale.h changes bug #636206
5.26.1-r2
- Added to tree 2018-02-22 23:47:52
- Added fixes to avoid linking to libnsl
5.26.2
- Added to tree 2018-04-17 05:03:07
- CVE Fixes bug #653432 for CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
- Upstreams release notes: Upstreams release notes: https://metacpan.org/pod/release/SHAY/perl-5.26.1/pod/perldelta.pod
5.26.9999
This is the "development" ebuild where snap-shots of yet-to-be-released-officially versions of the 5.26.x series get their wings.
Around -RC time, initial changes happen in this ebuild and then get rolled out to a version.
This may also one day fetch directly from git, but that's currently very complicated, and has a really annoying failure mode that triggers immediately after a final release, and lives until somebody fixes it.
If you want to use this version, its recommended you maintain your own virtuals or abuse package.provided.
Known Issues in Perl v5.26
Introduction
Perl 5.26 brings several incompatible changes, also as a consequence of fixing a security problem (bug #589680. While we have made sure that all resulting build failures within Gentoo are fixed, this may not be the case for runtime issues, and certainly can affect third-party code (e.g., "hand-installed" server applications).
If you use Gentoo as a production server, this will be a good time to set aside a seperate box for testing the side effects of this release on your platform, and you should assume this release will affect you in some way.
Global Deprecations / Breakages
No current directory in library loading path anymore
buildtime and runtime
Library path loading (@INC) changes break many (bug #612408) things, see in detail the separate Project:Perl/Dot-In-INC-Removal page.
Typical error messages are
Can't locate inc:: ... in @INC (you may need to install the ... module) Can't locate t:: ... in @INC (you may need to install the ... module) do "foo.pl" failed, '.' is no longer in @INC; did you mean do "./foo.pl"?
Unescaped { in Regexp
buildtime and runtime
Unescaped left braces { in regular expressions have been deprecated already for some time and now cause compilation to fail.
Typical error messages are:
Unescaped left brace in regex is illegal in ...
OP_SIBLING/OP_PARENT internal changes
buildtime Changes in Perl internals breaks code around OP_SIBLING/OP_PARENT (changed in Perl 5.22 via option, default in 5.26).
Typical error messages are:
error: ... has no member named ‘op_sibling'
Removal of POSIX::tmpnam
runtime Removal of tmpname from POSIX causes some issues.
Typical error messages are:
Unimplemented: POSIX::tmpnam()
Encoding support
runtime Lexical encoding support has been removed
Further advice
More information on how to deal with Perl in Gentoo can be found on this wiki's Perl page.
Perl v5.28
Releases
5.28.0
- Added to tree 2018-07-08 07:19:10
- Upstreams release notes: https://metacpan.org/pod/release/XSAWYERX/perl-5.28.0/pod/perldelta.pod
5.28.9999
This is the development ebuild for the future release of Perl 5.28
Internally, this tracks releases of Perls with versions 5.27.*, and may one day be git based and track blead.
When 5.28.0 ships, 5.28.0 will be peeled out of this ebuild and this ebuild will begin tracking the 5.28 maint series.
If you want to use this version, its recommended you maintain your own virtuals or abuse package.provided.
Known Issues in Perl v5.28
Global Deprecations / Breakages
CV-in-stash optimization breakages
runtime Perl-RT132252
exit 0 in INIT breaks Module::Install::DSL
build bug #645278 Perl-RT2754
In-Place sort weak-ref strengthening breakages
runtime Perl-RT132142 P5P "Patch for AnyEvent::HTTP" -- November 19, 2017 14:08
2016 base.pm fiasco
Following CVE-2016-1238 ( Gentoo bug ), Perl upstream deployed a lot of patches to protect code from unintended side effects of accidentally including libraries from paths relative to $CWD.
Most of these took the form of limiting shipped scripts which had no inherent need for this behaviour, and could be safely removed without consequences to end users.
However, one change that was not strictly necessary, ( or mentioned in the CVE ), was the modification of a very commonly used module base.pm, who's implementation means that it is mostly a proxy for a core language feature that has been present ( and depended upon ) for the last 20 years.
Upstream saw it fit that they must break any and all user code that intentionally relied on this effect, while not actually fixing the underlying problem, Perl's require implementation, which is still subject to this risk, and will be until at least Perl 5.26.
And then upstream got stuck in a 6 month long conflict, while upstream tried to work out how to break this aspect of base.pm while limiting the number of side effects that broke API, insistent that breaking API in a stable, bugfix point release was the way to proceed.
Meanwhile, the nature of the security hole was the internets worst kept secret, and all the identified and quantifiable risks were sitting there in the repo, fixed, but not distributed.
And 6 months on sitting on your hands when the CVE warrants a reaction in under a week is not good.
Subsequently, 5.22.3_rc4 was shipped to Gentoo, with Gentoo stripping out upstreams base.pm changes so we could actually deploy the security fixes that mattered.
And 5.24.1_rc4 was shipped to Gentoo with base.pm preserved, in order to use it as a testing target to smoke out anything that broke.
Later, upstream came around, and themselves reverted the base.pm changes so they could get the security release out.
As a side effect, this means that Gentoo's 5.22.3_rc4 was essentially upstreams 5.22.3, modulo some cosmetic changes
And there is subsequently no real need to ship a 5.22.3, though we could just to reduce confusion.
However, 5.24.1_rc4 should continue to ship as-is, with the "base.pm might break your tools" fixes, as upstream are tempted to replicate the same mistake in 5.24.2 ( and maybe 5.22.4 ), as shipping upstreams 5.24.1 final would revert this change ( just like they did for 5.22.3 ), which would reduce our ability to test for this bug before we got around to stabilizing it.
In short
Don't read too much in the _rc suffix when it comes to tracking perl stuff, they're mostly used for tracking downstream-vs-upstream versions, and your impressions of stability should be based on Gentoo Keywording, not upstream versioning, as the Perl Project apparently care more about not breaking your stuff than upstream do.
5.22.3_rc4 is just as safe as 5.22.3
Historical Versions
5.22.3_rc4
5.22.3_rc4added to tree at9a8385af1b345197d7da96a147c1f5e60735f628: Tue Dec 6 18:37:40 2016- First
stable:alphaat3e6ed60cddd0e6643ebdcfa9eeb5bca4e30b6c92: Mon Dec 12 13:33:24 2016
- Released to Gentoo early to get security issues resolved, but with
base.pmchanges reverted. - Logically equivalent to upstreams
5.22.3final.
5.22.3
- Upstream release notes: https://metacpan.org/pod/release/SHAY/perl-5.22.3/pod/perldelta.pod
- Fix bug with patching now-missing CPANPLUS code bug #608966
- Update cross-perl to 1.1.4
- Fix cross-compile bugs
- Fix GCC6 + lto bugs bug #583532
- Backport fixes from Compress-Raw-Zlib 2.074 for zlib 1.2.9+ bug #606374
5.24.1_rc4
5.24.1_rc4added to tree atdd93ffde2df55a6d990cc05dcefe5ac83e96d961: Wed Nov 23 10:31:12 2016
- Released to Gentoo early to get security issues resolved, and to get
base.pmAPI breakage into testing.
- Not equivalent to upstreams
5.24.1final as upstream revertedbase.pmchanges.
5.24.1
- Newer
perl-cross 1.1.3 - Upstream release notes: https://metacpan.org/pod/release/SHAY/perl-5.24.1/pod/perldelta.pod
base.pmchanges reverted upstream in5.24.1-RC5patched back in for testers ( See #2016 base.pm fiasco )- bug #608966 With patching CPANPLUS fixed
- bug #606374 With Zlib tests failing worked around by disabling tests
5.24.1-r1
- Upgrade base.pm patchset to latest for testing
- Fix compilation with GCC6 and -fltobug #583532
- Properly fix compilation against newer zlibs bug #606374 by backporting changes to ZLib.xs from Compress-Raw-Zlib 2.074
- Fix related to bug bug #608966 under crossdev where "touch" on a path would fail because the parent path did not exist
- Fix patching failure under crossdev due to SHA1Sums changing
- Upgrade perl-cross to 1.1.4
- Fix makefile ordering issue when compiling unicore/ parts before Config.pm has been compiled
- Ensure miniperl is built with the right target arch for bootstrap
5.24.1-r2
- Update PDEPEND to pull newer File::Path for CVE-2017-6512 bug #620304
5.24.2
- Added to tree 2017-07-15 18:51:04
- base.pm patchset we'd deployed ahead of schedule folded into this release
- Upstreams release notes: https://metacpan.org/pod/release/SHAY/perl-5.24.2/pod/perldelta.pod
5.26.0
5.26.0added to tree at 8269609a0ae39382be5d7e0f666951e02e5a9d29: Tue May 30 21:11:52 2017