develooper Front page | perl.perl5.porters | Postings from November 2012

Re: Perl 5.12.5 is now available

Thread Previous | Thread Next
From:
Alexander Hartmaier
Date:
November 10, 2012 17:22
Subject:
Re: Perl 5.12.5 is now available
Message ID:
CAB49QrarsJCaP3vP30dnZuuZz6usapj_HhDifvoPn8ZYXKU9nA@mail.gmail.com
On Sat, Nov 10, 2012 at 3:20 PM, Dominic Hargreaves <dom@earth.li> wrote:

>   Music oft hath such a charm
>   To make bad good, and good provoke to harm.
>
>     -- Measure for Measure, William Shakespeare
>
> We are pleased to announce Perl 5.12.5, the sixth stable release of
> Perl 5.12.
>
> You will soon be able to download Perl 5.12.5 from your favorite CPAN
> mirror or find it at:
>
> https://metacpan.org/release/DOM/perl-5.12.5/
>
> SHA1 digests for this release are:
>
>  812139ceef512eb8458af29ffbf46d78ef26c12a  perl-5.12.5.tar.bz2
>  68f0bdc06284053c206fdf2441a123fafdde38de  perl-5.12.5.tar.gz
>
> This release is primarily a security fix release, according to the
> maintenance policy for Perl 5. Three security fixes are included:
>
> - Encode decode_xs n-byte heap-overflow (CVE-2011-2939)
> - File::Glob::bsd_glob() memory error with GLOB_ALTDIRFUNC (CVE-2011-2728)
> - Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195)
>
> Further details about these security fixes are available in the file
> "perldelta.pod" located in the "pod" directory inside the release and on
> the web at:
>
> https://metacpan.org/module/DOM/perl-5.12.5/pod/perldelta.pod
>
> In addition, this release contains other queued bug fixes, build fixes
> and documentation updates. It should be fully backward compatible with
> Perl 5.12.0.
>
> Perl 5.12.5 is a recommended upgrade for all users of Perl 5.12.
>
> You can find a full list of changes in the aforementioned "perldelta.pod"
> file.
>
> Perl 5.12.5 represents approximately 17 months of development since Perl
> 5.12.4
> and contains approximately 1,900 lines of changes across 64 files from 18
> authors.
>
> Perl continues to flourish into its third decade thanks to a vibrant
> community
> of users and developers. The following people are known to have
> contributed the
> improvements that became Perl 5.12.5:
>
> Andy Dougherty, Chris 'BinGOs' Williams, Craig A. Berry, David Mitchell,
> Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz, George Greer,
> Goro
> Fuji, Jesse Vincent, Karl Williamson, Leon Brocard, Nicholas Clark, Rafael
> Garcia-Suarez, Reini Urban, Ricardo Signes, Steve Hay, Tony Cook.
>
> We expect this to be the last update for perl 5.12 containing
> non-security bug fixes.
>
> The current stable release of Perl 5 is version 5.16.2.
> The next major stable release of Perl 5, version 5.18.0, should appear
> in May 2013.
>
> --
> Dominic Hargreaves | http://www.larted.org.uk/~dom/
> PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
>
Thanks Dominic, but why did Perl ship again with development versions of
two modules, Encode and File::Glob?
I thought it was agreed on that this causes problems in the toolchain and
will be avoided in the future.
Encode is dual-homed and there is no 2.39_01 version on CPAN.
Was the version bumped because it is 2.39 with just the security fix which
was already present in 2.40 and up?
If yes why does it include an underscore which normally indicates a
development version?

-Alex

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About