| Store | Cart

ActiveState Docs

ActivePerl 5.10 Documentation


ActivePerl 5.10 Change Log

ActivePerl 5.10 Change Log

For the latest information on ActivePerl, please see:


Build 1008 December 8, 2010

Build 1008 is based on Perl 5.10.1 plus additional selected changes from the Perl development branch.

Bug Fixes and Changes since build 1007

  • DBD::Oracle binaries have been included in the 64-bit builds for Linux and Windows. Just like the 32-bit binaries they require an installation of the Oracle client libraries to be functional.

  • DBD::Pg has been added for all platforms. Works out-of-the box, as all required additional libraries are statically linked into the module.

  • Most bundled modules have been updated to their latest released version from CPAN. Use the ppm query command to check the exact version included in this release.

Build 1007 February 2, 2010

Build 1007 is based on Perl 5.10.1 plus additional selected changes from the Perl development branch.

Bug Fixes and Changes since build 1006

  • The following security vulnerability has been addressed:

    Perl UTF-8 Regex Processing Bug Lets Users Deny Service

    A user can create a specially crafted UTF-8 code that, when processed by the regular expression parser, will cause the parser to crash.

    There has been no CVE requested/assigned for this vulnerability yet, but it is being listed by SecurityTracker at http://www.securitytracker.com/alerts/2009/Oct/1023077.html

  • On Mac OS X 10.6 (Snow Leopard) it is now possible to build Perl extensions containing XS code.

  • On Windows the -t operator now only returns a true value if the filehandle is really connected to a console. In earlier releases it would return a true value for any kind of character device, including the NUL device.

  • The new ap-iis-config utility can be used to configure IIS for use with ActivePerl. It works for all supported Windows versions and their corresponding IIS releases, including Windows Vista, Windows Server 2008, and Windows 7.

    This tool is also used by the Windows installer to automatically configure IIS during installation if requested by the installer settings.

  • PPM is now capable of downloading modules from ActivePerl Business Edition repositories. You can find more information about ActivePerl Business Edition at http://www.activestate.com/business_edition

  • Most bundled modules have been updated to their latest released version from CPAN. Use the ppm query command to check the exact version included in this release.

Build 1006 August 26, 2009

Build 1006 is based on Perl 5.10.1 plus additional selected changes from the Perl development branch.

Bug Fixes and Changes since build 1005

  • Significant changes that have occurred in the Perl 5.10.1 release, including some incompatible changes to the switch statement and the smart matching operator, are documented in the perl5101delta manpage.

  • The following security vulnerabilities have been addressed:


    Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow.

    This CVE was already addressed in ActivePerl build 1005 but was not mentioned in the change log.


    Details about this CVE are not yet available in the National Vulnerability Database, but the problem is similar to CVE-2009-1391 and has been fixed in Compress::Raw::Zlib and Compress::Raw::Bzip2 versions 2.020, which are included in this release.

  • PPM now always scans all the .packlist files that are newer than the corresponding PPM database for that install area. This means that modules installed manually, or via the CPAN shell will immediately be listed by ppm query and can be uninstalled with ppm remove.

  • On 32-bit Windows the CPAN shell will automatically download and install the MinGW GCC compiler and the dmake utility if it cannot find a C compiler and make utility on the PATH. In other situations (e.g. when you run perl Makefile.PL from the commandline) ActivePerl will only display a warning and information how to manually install the MinGW compiler.

  • All modules shipped as part of core Perl will now be included in the PPM database. That allows ppm upgrade to automatically detect if updates for any of the core modules are available from a PPM repository.

  • Almost all bundled modules have been updated to their latest released version from CPAN. Use the ppm query command to check the exact version included in this release.

    • This release contains DBI version 1.607 and SQL-Statement version 1.15. This combination is the most recent one that does not break operation of the DBD-CSV module. The latest versions at the time of the ActivePerl release are DBI 1.609 and SQL-Statement 1.20 which showed several regressions when used with DBD::CSV in ActiveState's testing.

    • The JSON-XS module has been removed from the ActivePerl distribution. Please install it using ppm install JSON-XS if you need it.

Build 1005 May 26, 2009

Build 1005 is based on Perl 5.10.0 plus additional selected changes from the Perl development branch.

Bug Fixes and Changes since build 1004

  • The following security vulnerabilities in the Crypt::SSLeay module were addressed in this release by upgrading the OpenSSL libraries to version 0.9.8k:

    CVE-2009-0590 (ASN1 printing crash)

    The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal.

    Any OpenSSL application which prints out the contents of a certificate could be affected by this bug, including SSL servers, clients and S/MIME software.

    CVE-2009-0789 (Invalid ASN1 clearing check)

    When a malformed ASN1 structure is received it's contents are freed up and zeroed and an error condition returned. On 64-bit Windows this can cause an invalid memory access later resulting in a crash when some invalid structures are read, for example RSA public keys.

    Any OpenSSL application on 64-bit Windows which uses the public key of an untrusted certificate could be crashed by a malformed structure. Including SSL servers, clients, CA and S/MIME software.

    CVE-2008-5077 (Incorrect checks for malformed signatures)

    Several functions inside OpenSSL incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affected the signature checks on DSA and ECDSA keys used with SSL/TLS.

    One way to exploit this flaw would be for a remote attacker who is in control of a malicious server or who can use a 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.

  • The Linux and Windows 64-bit distribution now include the Tcl and Tkx modules (and the supporting tkkit). Consequently the PPM GUI is now supported on these platforms as well.

  • The -p function used to always return a false value on Windows. It now correctly detects if the filehandle argument is a pipe or not. Also the Fcntl::S_IFIFO constant is now defined.

  • A potential buffer overflow in Perl for ISAPI has been fixed. Whenever Perl for ISAPI wrote an error message to the log file it would potentially write beyond the end of a heap buffer.

  • The following modules have been added to ActivePerl:

        Compress-Raw-Bzip2   2.019
  •     ActivePerl-PPM        4.3       4.5
        ActiveState-Utils     2.5       2.6
        Archive-Tar           1.38-r1   1.48-r1
        CGI                   3.41      3.43
        Class-Accessor        0.31      0.33
        Compress-Raw-Zlib     2.012     2.019
        DBD-SQLite            1.13-r1   1.25
        Data-Dump             1.11      1.14
        File-HomeDir          0.80      0.86
        HTML-Parser           3.56      3.60
        IO-Compress           2.012     2.019
        JSON                  2.12      2.14
        JSON-XS               2.2222    2.232
        LWP                   5.814     5.826
        Math-Complex          1.54      1.56
        Sub-Uplevel           0.1901    0.2002
        Tcl                   0.95-r1   0.97-r1
        Text-Autoformat       1.13      1.666
        Text-CSV_XS           0.52      0.64
        Time-Piece            1.13      1.14
        Tkx                   1.05      1.07
        WWW-Mechanize         1.34-r1   1.54-r1
        Win32                 0.38      0.39
        Win32-API             0.55      0.58
        YAML-LibYAML          0.27-r1   0.32
        threads               1.71      1.72
        threads-shared        1.26      1.28

Build 1004 Thursday, September 4, 2008

Bug Fixes and Changes since build 1003

  • Fix for File::Path::rmtree symlink attack (CVE-2008-2827).

  • PPM v4.3 is now included. This version of PPM should be considerable faster at parsing the package.xml file and in updating the local database. This version also supports installing packages from .ppmx files.

  • PPM on Windows and Linux will use the "new" ActiveState PPM repositories currently at http://ppm.activestate.com/beta which have a bigger selection of modules available and will allow updating of bundled core modules when updates become available.

    The new repositories are configured on the server side; other platforms will be switched to the new repositories once they become available for them automatically.

    The new PPM repositories include both 32-bit and 64-bit binaries for ActivePerl 5.10 (only for Windows and Linux right now).

  • Updated Net::Ping from 2.33 to 2.35 to make it less noisy.

  • Tweaks to make the CPAN shell less noisy.

  • The tkkit libraries used by the Tkx module have been updated with the latest changes from ActiveTcl 8.5.4.

  • The openssl library linked into the Crypt-SSLeay module has been updated to version 0.9.8h (was 0.9.8g). This upgrade fixes two security flaws; see http://www.openssl.org/news/secadv_20080528.txt (CVE-2008-0891 and CVE-2008-0891).

  • The following modules have been added to ActivePerl:

        BSD-Resource       1.2901
        File-Next          1.02
        HTML-Template      2.9
        mylib              1.02
  • The following bundled modules have been updated to their latest versions:

        bignum               0.22  to 0.23
        CGI                  3.29  to 3.41
        Compress-Raw-Zlib    2.008 to 2.012
        Compress-Zlib        2.008 to 2.012
        Data-Dump            1.08  to 1.11
        DBD-ODBC             1.15  to 1.16
        DBI                  1.604 to 1.607
        Digest-SHA           5.45  to 5.47
        File-HomeDir         0.69  to 0.80
        Font-AFM             1.19  to 1.20
        HTML-Stream          1.55  to 1.59
        IO-Compress-Base     2.008 to 2.012
        IO-Compress-Zlib     2.008 to 2.012
        IO-Zlib              1.07  to 1.09
        JSON                 2.09  to 2.12
        JSON-XS              2.2   to 2.2222
        libwww-perl          5.812 to 5.814
        Math-BigInt          1.88  to 1.89
        Math-BigInt-FastCalc 0.16  to 0.19
        Math-BigRat          0.21  to 0.22
        Math-Complex         1.37  to 1.54
        Pod-Simple           3.05  to 3.07
        PPM-Repositories     0.14  to 0.15
        Tcl                  0.89  to 0.95
        Test-Differences     0.47  to 0.48
        Text-CSV_XS          0.45  to 0.52
        Thread-Queue         2.00  to 2.11
        Thread-Semaphore     2.01  to 2.09
        threads              1.67  to 1.71
        threads-shared       1.14  to 1.26
        Time-HiRes           1.9711 to 1.9715
        Time-Piece           1.12  to 1.13
        Tkx                  1.04  to 1.05
        URI                  1.36  to 1.37
        version              0.74  to 0.76
        Win32-Clipboard      0.53  to 0.55
        Win32-Console        0.08  to 0.09
        Win32-EventLog       0.075 to 0.076
        Win32-FileSecurity   1.05  to 1.08
        Win32-Internet       0.082 to 0.084
        Win32-Job            0.02  to 0.03
        Win32-NetAdmin       0.09  to 0.11
        Win32-NetResource    0.054 to 0.055
        Win32-ODBC           0.033 to 0.034
        Win32-Pipe           0.023 to 0.024
        Win32-Process        0.12  to 0.14
        Win32-Registry       0.08  to 0.10
        Win32-Shortcut       0.06  to 0.07
        Win32-Sound          0.47  to 0.49
        Win32-WinError       0.02  to 0.03
        Win32API-Registry    0.29  to 0.30
        YAML-LibYAML         0.26  to 0.27

Build 1003 Thursday, May 15, 2008

Bug Fixes and Changes since build 1002

  • ActivePerl::Config on Windows now dynamically sets the $Config{ccversion} to the version of cl.exe. This allows ExtUtils::MakeMaker to generate and embed manifest files into extension DLL when required by the specific version of the C compiler.

  • The GCC support for Windows in ActivePerl::Config now adds the -mms-bitfields option to the ccflags when compiling with GCC. This forces identical struct layouts with Visual C++, which is used to compile ActivePerl itself. This has become important because core Perl 5.10 now uses bit-fields for some important structures.

  • On OS X the supplied sitecustomize.pl script adds the ~/Library/ActivePerl/lib directory to @INC, and PPM will install into this directory by default because the /usr/local/ActivePerl-5.10/site/lib directory isn't writable without sudo. Unfortunately ~/Library/ActivePerl/lib was also used by ActivePerl 5.8, so you could end up with a mixture of 5.8 and 5.10 modules in that directory. This release uses ~/Library/ActivePerl-5.10/lib as a per-user Perl 5.10 specific module area.

  • Signal handling code would segfault with some Linux kernel and glibc versions. This problem has been fixed.

  • On Windows there is a special form of the system() function to start processes asynchronously: system(1, $cmd). It returns the process id instead of the exit status so that the spawning application can eventually use waitpid() to wait for the external process to terminate. Previous Perl releases only returned the lower 16 bits of the process id; this version returns all 32 bits.

  • The following modules have been added to ActivePerl


    The DBD::Oracle module is only included in the 32-bit releases of ActivePerl for Windows and Linux. It does not include the Oracle client libraries; instead it requires that either the regular client libraries or the Oracle Instant Client is already installed and configured on the system.

    ActiveState recommends DBI and DBD::ODBC for accessing databases using ODBC. The Win32::ODBC module continues to be provided for backwards compatibility, but new code should exclusively use DBD::ODBC.

    The PPM-Repositories module supplies a list of PPM repositories provided by sources outside ActiveState. It makes it easier to discover and configure additional repositories in PPM. For example you can display a list of repositories available for the current platform with:

        ppm repo suggest

    Adding e.g. the University of Winnipeg repository maintained by Randy Kobes is then as easy as:

        ppm repo add uwinnipeg

    The PPM-Repositories list is used by the PPM GUI client as well.

  • The following modules have been updated to their latest version:

        DBI upgraded from 1.601 to 1.604
        HTML-Tagset upgraded from 3.10 to 3.20
        LWP upgraded from 5.808 to 5.812-r1
        URI upgraded from 1.35 to 1.36
  • The libwin32 module collection has been replaced by its individual modules. This will make it easier to update these modules via PPM in the future:


Build 1002 Monday, Dec 31, 2007

Bug Fixes and Changes since build 1001

  • Build 1002 fixes a problem with the Perl-for-ISAPI, PerlEz, PerlEx and PerlScript extensions (they do not work at all in build 1001). All these extensions are available in the 32-bit Windows release only.

  • This build re-enables the sitecustomize.pl feature in the non-Windows builds.

  • The tkkit libraries used by the Tkx module have been updated with the latest changes from ActiveTcl 8.4. For Mac OS X this includes specific fixes for OS X 10.5 (Leopard).

Build 1001 Tuesday, Dec 18, 2007

What's new in the 1000 Series

  • This build corresponds to the Perl 5.10.0 source code release.

  • The 1000 series builds of ActivePerl are not binary compatible with builds in the 600 or 800 series. Any extensions built using binaries from the ActivePerl 600 or 800 series will need to be recompiled. Note especially that this applies to PPM packages that may have been built for 600 or 800 series builds.

  • Significant changes that have occurred in the 5.10.0 release are documented in the perl5100delta manpage.

  • The Time::Local module has been fixed to work properly with 64-bit versions of ActivePerl for dates beyond 2038.

  • The limit on the number of sockets that can be specified in a single select() call on Windows has been increased from about 64 to over 2000. Please note though that using select() with a large number of sockets on Windows is rather slow.

Build 1000 Beta Thursday, Nov 22, 2007

This build is based on the first release candidate of the Perl 5.10 source code release. Since Perl 5.10 is not yet complete, this build is designated as a Beta and will be followed by a final build once Perl 5.10 is officially released.

Please use this beta build to try out new features in Perl 5.10 and to test source level compatibility of your existing Perl code under this new release (note that Perl 5.10 is not binary compatible to earlier releases).