Debian Unstable has been upgraded to Perl 5.40.0, bringing a range of new features, security updates, and bug fixes. Debian Developer Niko Tyni announced the transition on the Debian mailing list, noting that users should expect widespread uninstallability in sid (the codename for Debian Unstable) for a few days until the necessary rebuilds are completed.
The new Perl packages will first appear in Debian's Unstable branch. From there, they'll move to the Testing branch and are likely to be included in Debian's next stable release, probably next year.
Debian Unstable's upgrade to Perl 5.40.0 is a notable advancement. It introduces new language features, improves security, and fixes many bugs. Let us discuss some new features, enhancements and notable changes in Perl 5.40.
Table of Contents
New Features in Perl 5.40.0
Perl 5.40.0 is a major release with several enhancements, including:
- The
class
keyword: This new keyword enables developers to write more modern and object-oriented Perl code. Inside a method,ADJUST
block, or field initializer expression, the__CLASS__
keyword yields the class name of the current object instance. This facilitates method dispatch, particularly within constructors where accessing$self
is not permitted. - Space in
-M
command-line option: Perl now permits a space between the-M
switch and the subsequent module name, mirroring the behaviour of the-I
option. - Logical XOR operator (
^^
): A new logical XOR operator (^^
) has been introduced, completing the set of logical and bitwise operators. - Stabilisation of
try/catch
and multi-valuefor
iteration: Features introduced in previous versions,try/catch
for exception handling and iterating over multiple values withfor
, are now considered stable and no longer trigger warnings. - Stabilisation of
builtin
module: Thebuiltin
module, introduced in Perl 5.36.0, is now deemed stable. However, some functions within the module remain experimental. use v5.40
feature bundle: Usinguse v5.40;
(or later) imports the corresponding feature bundle, including the recently stabilisedtry
feature. Additionally, it imports the relevantbuiltin
version bundle.
Security Enhancements
Two notable security vulnerabilities have been addressed in this release:
- CVE-2023-47038: This vulnerability involved potential buffer overflow via a crafted regular expression. It has been patched in versions 5.30.0 through 5.38.0.
- CVE-2023-47039: A binary hijacking vulnerability specific to Perl for Windows has been addressed. This vulnerability arose from Perl's reliance on the system path to locate
cmd.exe
, making it susceptible to exploitation by placing a maliciouscmd.exe
in a directory with weak permissions.
Notable Changes
The upgrade also includes some incompatible changes:
reset EXPR
behaviour:reset EXPR
now invokes "set-magic" on scalars, potentially causing changes to propagate to internal states or trigger exceptions.- Calling the import method of an undefined package: Calling
import
orunimport
on an undefined class with an argument now generates a warning, aiding in the detection of typos and potential misuse. - Disallowing indirect objects with
return
: Thereturn
operator no longer permits indirect objects, eliminating a source of confusion. - Restriction on class barewords in method calls: Class barewords are no longer interpreted as file handles in specific method calls under the
no feature "bareword_filehandles"
condition.
Module Updates
Several core modules have been updated, with notable upgrades including:
- Archive::Tar upgraded from 2.40 to 3.02_001.
- Term::Table added to the core (version 0.018).
- Test2::Suite added to the core (version 0.000162), providing tools for comprehensive unit testing.
builtin
module: Theload_module()
function added.
Various other modules have received updates, including but not limited to bytes
, Compress::Raw::Bzip2
, Compress::Raw::Zlib
, Data::Dumper
, DB_File
, Devel::Peek
, Devel::PPPort
, diagnostics
, and many more.
The comprehensive list of changes is documented in the Perl delta document, which provides in-depth information for developers. If you encounter issues that you believe might be bugs, please follow the reporting instructions in https://github.com/Perl/perl5/issues.
Resource: