Release cperl-5.28.0c

perlhist: recalc sizes, update STATUS, add 5263c delta

Author: rurban

.gitignore

@@ -241,6 +241,9 @@ cperl.project
 cperl.workspace
 cperl.xcodeproj/
 cperl.xcworkspace/
+/.analysis
+.cquery
+/.cquery_cached_index
 
 # generated by Porting/sync-with-cpan
 /make.log

MANIFEST

@@ -5146,6 +5146,7 @@ pod/perl5261cdelta.pod		cperl changes in version 5.26.1c
 pod/perl5261delta.pod		Perl changes in version 5.26.1
 pod/perl5262cdelta.pod		cperl changes in version 5.26.2c
 pod/perl5262delta.pod		Perl changes in version 5.26.2
+pod/perl5263cdelta.pod		cperl changes in version 5.26.3c
 pod/perl561delta.pod		Perl changes in version 5.6.1
 pod/perl56delta.pod		Perl changes in version 5.6
 pod/perl581delta.pod		Perl changes in version 5.8.1

META.json

@@ -129,7 +129,7 @@
          "vxs.inc"
       ]
    },
-   "release_status" : "testing",
+   "release_status" : "stable",
    "resources" : {
       "bugtracker" : {
          "web" : "http://github.com/perl11/cperl/issues"

STATUS.md

@@ -14,12 +14,12 @@ stopped, even if it will cause a massive blame game.
 Currently it is about 20% faster than perl5 overall, >2x faster then
 5.14 and uses the least amount of memory measured since 5.6, i.e. less
 than 5.10 and 5.6.2, which were the previous leaders. While perl5.22
-uses the most memory yet measured. cperl 5.24 and 5.26 is about 2x
+uses the most memory yet measured. cperl 5.24-5.28 are about 2x
 faster than 5.22 in bigger real-world applications. Esp. function
 calls with signatures are 2x faster, normal functions with a `my(..) =
 @_;` prolog are automatically promoted to signatures.
 
-But only a small number of needed features are yet merged.  The plan
+But only a minor number of needed features are yet merged.  The plan
 was to support most perl5-compatible perl6 features (*"do not break
 CPAN"*), improve performance and memory usage, re-establish compiler
 (`B::C`) support, re-establish perl5 core development which
@@ -38,19 +38,19 @@ The BSD's and Solaris are only tested before a release.
 
 The current stable release is
 
-* [5.26.1c](https://github.com/perl11/cperl/releases/tag/cperl-5.26.1) - [perl5261cdelta](perl5261cdelta.html).
+* [5.26.3c](https://github.com/perl11/cperl/releases/tag/cperl-5.26.3) - [perl5263cdelta](perl5263cdelta.html).
 
 the latest development release:
 
-* [5.27.2c](https://github.com/perl11/cperl/releases/tag/cperl-5.27.2) - [perl5272cdelta](perl5272cdelta.html).
+* [5.28.0c](https://github.com/perl11/cperl/releases/tag/cperl-5.28.0) - [perl5280cdelta](perl5280cdelta.html).
 
 We also have:
 
 * [5.24.3c](https://github.com/perl11/cperl/releases/tag/cperl-5.24.3) - [perl5243cdelta](perl5243cdelta.html),
 * [5.22.5c](https://github.com/perl11/cperl/releases/tag/cperl-5.22.5), [perl5225cdelta](perl5225cdelta.html).
 
 All tests pass. CPAN works.
-Some fixes in my `rurban/distroprefs` repo for certain CPAN modules are needed.
+Some fixes in my [rurban/distroprefs](https://github.com/rurban/distroprefs/) repo for certain CPAN modules are needed.
 
 v5.24.0c, v5.24.1c and v5.24.3c have
 [about 24 fixes](perldelta.html#Known-Problems-fixed-elsewhere),
@@ -68,7 +68,7 @@ increase over time.
 
 ![Memory usage with unicode s///i](cperl-p1.png)
 
-![Benchmarks](cperl-bench27.png)
+![Benchmarks](cperl-bench28.png)
 For all versions see [bench-all/](bench-all/index.html)
 
 # In the latest stable releases are the following major features:
@@ -150,6 +150,7 @@ For all versions see [bench-all/](bench-all/index.html)
   multi, has, is, does keywords, proper fields, Mu superclass.
 * thread-safety on darwin for uselocale
 * hash slice consistency, no autovivification as sub args
+* no perl4 `'` package seperator, `'` is not expanded to `::`
 
 Most of them only would have a chance to be merged upstream if a p5p
 committer would have written it.
@@ -217,14 +218,14 @@ The -d debugger fails on most signatures.
 
 See the github issues: [github.com/perl11/cperl/issues](https://github.com/perl11/cperl/issues?q=is%3Aissue+is%3Aopen+label%3Abug)
 
-The following CPAN modules have no patches for 5.26.1c yet:
+The following CPAN modules have no patches for 5.28.0c yet:
 
 * autovivification (mderef rpeep changes)
 * TryCatch
 * Catalyst::Runtime
 
 Time::Tiny, Date::Tiny, DateTime::Tiny feature DateTime::locale broken
-since 5.22.  unrelated to cperl, -f force install.
+since 5.22.  Unrelated to cperl, -f force install.
 
 Many other packages clash with an unneeded mix of Test::More in inc/
 or t/.  Some other use wrong undocumented Test-Simple calls, which the
@@ -246,10 +247,11 @@ Patches are needed for `Module::Build`, `IO::Socket::SSL` and `Net::SSLeay`.
   (*also affects perl5 with the XSConfig module*)
 * Readonly use base @ISA
   (*since 5.26.0c*)
-* Missing . in @INC
-  (*cperl removed . from @INC 2 years ago already, but ran the cpan tests and
-  installer with PERL_USE_UNSAFE_INC. This is now a general 5.26 problem.*)
 * %hash = map under [use strict](/blog/strict-hashpairs.html) (hashpairs since 5.27.0)
+* subroutine names with `'` are now illegal. You can declare them as bareword but
+  must call them as string.
+* Incomplete OO: role composition, native classes, eval, mop, inlining not yet fully
+  implemented.
 
 Breakage is much less than with a typical major perl5 release, and the
 patches for most common CPAN modules are provided in
@@ -466,4 +468,4 @@ They also revert some wrong decisions p5p already made.
 
 --
 
-2018-01-05 rurban
+2018-09-08 rurban

dist/Module-CoreList/lib/Module/CoreList.pm

@@ -361,6 +361,7 @@ sub changes_between {
     5.027011 => '2018-04-20',
     5.028000 => '2018-06-22',
     '5.028000c' => '2018-09-10',
+    '5.026003c' => '2018-09-10',
  );
 
 sub version_sort {
@@ -17389,6 +17390,19 @@ for my $version ( sort { version_sort($a, $b) } keys %released ) {
         removed => {
         }
     },
+    '5.026003c' => {
+        delta_from => '5.026002c',
+        changed => {
+            'B::Op_private'         => '5.026003',
+            'Module::CoreList'      => '5.20180910c',
+            'Module::CoreList::Utils'=> '5.20180910c',
+            'PerlIO::via'    => '0.17',
+            'Term::ReadLine' => '1.17',
+            'Unicode::UCD'   => '0.69_02',
+        },
+        removed => {
+        }
+    },
 );
 
 sub is_core

dist/Module-CoreList/lib/Module/CoreList/Utils.pm

@@ -1525,6 +1525,11 @@ our %delta :const = (
         changed => {},
         removed => {}
     },
+    '5.026003c' => {
+        delta_from => '5.026002c',
+        changed => {},
+        removed => {}
+    },
 );
 
 %utilities = Module::CoreList::_undelta(\%delta);

patchlevel.h

@@ -133,7 +133,6 @@ hunk.
 #  endif
 static const char * const local_patches[] = {
 	NULL
-        ,"RC1"
 #ifdef PERL_GIT_UNCOMMITTED_CHANGES
 	,"uncommitted-changes"
 #endif

pod/perl.pod

@@ -240,6 +240,7 @@ aux c2ph h2ph h2xs cperlbug pl2pm pod2html pod2man splain xsubpp
 
     perlcperl		Perl notes for cperl (variant)
     perlcdelta		cperl changes since previous version
+    perl5263cdelta	cperl changes in version 5.26.3c
     perl5262cdelta	cperl changes in version 5.26.2c
     perl5261cdelta	cperl changes in version 5.26.1c
     perl5260cdelta	cperl changes in version 5.26.0c

pod/perl5263cdelta.pod

@@ -0,0 +1,217 @@
+=encoding utf8
+
+=head1 NAME
+
+perl5263cdelta - what is new for cperl v5.26.3
+
+=head1 DESCRIPTION
+
+This document describes the differences between the cperl 5.26.2c
+and the cperl 5.26.3c releases.
+
+If you are upgrading from an earlier release such as v5.26.1c, first
+read the L<perl5262cdelta> documentation, which describes differences
+between v5.26.1c and v5.26.2c.
+
+=head1 Security
+
+=head2 [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
+
+A crafted regular expression could cause a heap buffer write overflow, with
+control over the bytes written.
+L<[perl #132227]|https://rt.perl.org/Public/Bug/Display.html?id=132227>
+
+=head2 [CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
+
+Matching a crafted locale dependent regular expression could cause a heap
+buffer read overflow and potentially information disclosure.
+L<[perl #132063]|https://rt.perl.org/Public/Bug/Display.html?id=132063>
+
+=head2 [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
+
+C<pack()> could cause a heap buffer write overflow with a large item count.
+L<[perl #131844]|https://rt.perl.org/Public/Bug/Display.html?id=131844>
+
+=head2 Assertion failure in Perl__core_swash_init (utf8.c)
+
+Control characters in a supposed Unicode property name could cause perl to
+crash.  This has been fixed.
+L<[perl #132055]|https://rt.perl.org/Public/Bug/Display.html?id=132055>
+L<[perl #132553]|https://rt.perl.org/Public/Bug/Display.html?id=132553>
+L<[perl #132658]|https://rt.perl.org/Public/Bug/Display.html?id=132658>
+
+=head1 Incompatible Changes
+
+There are no changes intentionally incompatible with 5.26.2c.  If any exist,
+they are bugs, and we request that you submit a report.  See L</Reporting
+Bugs> below.
+
+=head1 Modules and Pragmata
+
+=head2 Updated Modules and Pragmata
+
+=over 4
+
+=item *
+
+L<Module::CoreList> has been upgraded from version 5.20170922_26 to 5.20180414_26.
+
+=item *
+
+L<PerlIO::via> has been upgraded from version 0.16 to 0.17.
+
+=item *
+
+L<Term::ReadLine> has been upgraded from version 1.16 to 1.17.
+
+=item *
+
+L<Unicode::UCD> has been upgraded from version 0.68 to 0.69_02.
+
+=back
+
+=head1 Documentation
+
+=head2 Changes to Existing Documentation
+
+=head3 L<perluniprops>
+
+=over 4
+
+=item *
+
+This has been updated to note that C<\p{Word}> now includes code points
+matching the C<\p{Join_Control}> property.  The change to the property was made
+in Perl 5.18, but not documented until now.  There are currently only two code
+points that match this property: U+200C (ZERO WIDTH NON-JOINER) and U+200D
+(ZERO WIDTH JOINER).
+
+=back
+
+=head1 Platform Support
+
+=head2 Platform-Specific Notes
+
+=over 4
+
+=item Windows
+
+Visual C++ compiler version detection has been improved to work on non-English
+language systems.
+L<[perl #132421]|https://rt.perl.org/Public/Bug/Display.html?id=132421>
+
+We now set C<$Config{libpth}> correctly for 64-bit builds using Visual C++
+versions earlier than 14.1.
+L<[perl #132484]|https://rt.perl.org/Public/Bug/Display.html?id=132484>
+
+=back
+
+=head1 Selected Bug Fixes
+
+=over 4
+
+=item *
+
+The C<readpipe()> built-in function now checks at compile time that it has only
+one parameter expression, and puts it in scalar context, thus ensuring that it
+doesn't corrupt the stack at runtime.
+L<[perl #4574]|https://rt.perl.org/Public/Bug/Display.html?id=4574>
+
+=item *
+
+Fixed a use after free bug in C<pp_list> introduced in Perl 5.27.1.
+L<[perl #131954]|https://rt.perl.org/Public/Bug/Display.html?id=131954>
+
+=item *
+
+Parsing a C<sub> definition could cause a use after free if the C<sub> keyword
+was followed by whitespace including newlines (and comments).
+L<[perl #131836]|https://rt.perl.org/Public/Bug/Display.html?id=131836>
+
+=item *
+
+The tokenizer now correctly adjusts a parse pointer when skipping whitespace in
+an C< ${identifier} > construct.
+L<[perl #131949]|https://rt.perl.org/Public/Bug/Display.html?id=131949>
+
+=item *
+
+Accesses to C<${^LAST_FH}> no longer assert after using any of a variety of I/O
+operations on a non-glob.
+L<[perl #128263]|https://rt.perl.org/Public/Bug/Display.html?id=128263>
+
+=item *
+
+C<sort> now performs correct reference counting when aliasing C<$a> and C<$b>,
+thus avoiding premature destruction and leakage of scalars if they are
+re-aliased during execution of the sort comparator.
+L<[perl #92264]|https://rt.perl.org/Public/Bug/Display.html?id=92264>
+
+=item *
+
+Some convoluted kinds of regexp no longer cause an arithmetic overflow when
+compiled.
+L<[perl #131893]|https://rt.perl.org/Public/Bug/Display.html?id=131893>
+
+=item *
+
+Fixed a duplicate symbol failure with B<-flto -mieee-fp> builds.  F<pp.c>
+defined C<_LIB_VERSION> which B<-lieee> already defines.
+L<[perl #131786]|https://rt.perl.org/Public/Bug/Display.html?id=131786>
+
+=item *
+
+A NULL pointer dereference in the C<S_regmatch()> function has been fixed.
+L<[perl #132017]|https://rt.perl.org/Public/Bug/Display.html?id=132017>
+
+=item *
+
+Failures while compiling code within other constructs, such as with string
+interpolation and the right part of C<s///e> now cause compilation to abort
+earlier.
+
+Previously compilation could continue in order to report other errors, but the
+failed sub-parse could leave partly parsed constructs on the parser
+shift-reduce stack, confusing the parser, leading to perl crashes.
+L<[perl #125351]|https://rt.perl.org/Public/Bug/Display.html?id=125351>
+
+=back
+
+=head1 Acknowledgements
+
+Generated with:
+
+    cperl Porting/acknowledgements.pl cperl-5.26.2..HEAD
+
+=head1 Reporting Bugs
+
+If you find what you think is a bug, you might check the articles recently
+posted to the comp.lang.perl.misc newsgroup and the perl bug database at
+L<https://rt.perl.org/> .  There may also be information at
+L<http://www.perl.org/> , the Perl Home Page.
+
+If you believe you have an unreported bug, please run the L<cperlbug> program
+included with your release.  Be sure to trim your bug down to a tiny but
+sufficient test case.  Your bug report, along with the output of C<perl -V>,
+will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
+
+If you think it's a cperl specific bug or trust the cperl developers more 
+please file an issue at L<https://github.com/perl11/cperl/issues>.
+
+If the bug you are reporting has security implications which make it
+inappropriate to send to a publicly archived mailing list, then see
+L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION>
+For details of how to report the issue.
+
+=head1 SEE ALSO
+
+The F<Changes> file for an explanation of how to view exhaustive details on
+what changed.
+
+The F<INSTALL> file for how to build Perl.
+
+The F<README> file for general stuff.
+
+The F<Artistic> and F<Copying> files for copyright information.
+
+=cut