develooper Front page | perl.perl5.porters | Postings from February 2017

Re: Concluding change to base.pm for upcoming 5.24.2 and 5.22.4

Thread Previous | Thread Next
From:
Steve Hay via perl5-porters
Date:
February 24, 2017 17:39
Subject:
Re: Concluding change to base.pm for upcoming 5.24.2 and 5.22.4
Message ID:
CADED=K6_Yb8zrRO_jJ+0gp5ZG138xu-=uWAFqNToV1fBNdbTRg@mail.gmail.com
On 12 February 2017 at 15:08, Sawyer X <xsawyerx@gmail.com> wrote:
> Hi everyone,
>
> As we are approaching our latest stable stable release updates (5.24.2
> and 5.22.4), we intended to resolve base.pm. Here is our update on this.
>
>
> We originally had a more aggressive patch to base.pm, but with the
> suggestion of Michael Schroeder, Aristotle had started work on an
> alternative, more accurate patch. This work is available in the
> following branch:
>
> ap/baseincguard
>
>
> (Aristotle has hit a snag in an edge case he could explain better than
> I, and is happy to receive any assistance on resolving it.)
>
> As this patch is still superior to our more canvas approach originally
> intended, we will be merging it instead. If anyone has any suggestions
> or comments, this is a good time.
>
> I must, however, assure you that "Not patching at all" will not be
> regarded as a possible action-plan, no matter how long and exhausting
> the email content might be, as security is taking precedence here, and
> this has been clarified several times before. :)
>
>

Unless any comments, patches or suggestions appear then I'm planning
on making RC1 releases this weekend (containing the work in
ap/baseincguard, plus a couple of other security fixes already merged
into the maint branches), with final releases a fortnight later if no
problems requiring an RC2 come to light.

(The long-awaited 5.24.3, containing the usual round-up of patches
from blead that are suitable for backporting to a maint release will
then follow soonish after that, although there is unfortunately quite
a backlog of backporting to get through now due to the delays in
resolving the @INC issues.)

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About