ActiveState announces ActivePerl 5.10.1 build 1006

ActiveState announces ActivePerl 5.10.1 build 1006

am 28.08.2009 01:17:59 von Jan Dubois

ActiveState is pleased to announce ActivePerl 5.10.1 build 1006,
a complete, ready-to-install Perl distribution for Windows, Mac OS X,
Linux, Solaris, and AIX.

For detailed information or to download these releases, see:

http://www.activestate.com/Products/activeperl

New in ActivePerl 5.10.1 Build 1006
===================================

* Significant changes that have occurred in the Perl 5.10.1 release,
including some incompatible changes to the select statement and the
smart matching operator, are documented in the perl5101delta manpage.

http://docs.activestate.com/activeperl/5.10/lib/pods/perl510 1delta.html

* The following security vulnerabilities have been addressed:

- CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in
Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS,
SpamAssassin, and possibly other products, allows context-dependent
attackers to cause a denial of service (hang or crash) via a crafted
zlib compressed stream that triggers a heap-based buffer overflow.

This CVE was already addressed in ActivePerl build 1005 but was not
mentioned in the change log.

- CVE-2009-1884

Off-by-one error in the bzinflate function in Bzip2.xs in the
Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent
attackers to cause a denial of service (application hang or crash) via a
crafted bzip2 compressed stream that triggers a buffer overflow, a
related issue to CVE-2009-1391.

* PPM now always scans all the .packlist files that are newer than the
corresponding PPM database for that install area. This means that
modules installed manually, or via the CPAN shell will immediately be
listed by `ppm query` and can be uninstalled with `ppm remove`.

* On 32-bit Windows the CPAN shell will automatically download and
install the MinGW GCC compiler and the dmake utility if it cannot find
a C compiler and make utility on the PATH. In other situations (e.g.
when you run `perl Makefile.PL` from the commandline) ActivePerl will
only display a warning and information how to manually install the
MinGW compiler.

* All modules shipped as part of core Perl will now be included in the
PPM database. That allows `ppm upgrade` to automatically detect if
updates for any of the core modules are available from a PPM
repository.

* Almost all bundled modules have been updated to their latest released
version from CPAN. Use the `ppm query` command to check the exact
version included in this release.

- This release contains DBI version 1.607 and SQL-Statement version
1.15. This combination is the most recent one that does not break
operation of the DBD-CSV module. The latest versions at the time of
the ActivePerl 5.10.1.1006 release are DBI 1.609 and SQL-Statement
1.20 which showed several regressions when used with DBD::CSV in
ActiveState's testing.

- The JSON-XS module has been removed from the ActivePerl distribution.
Please install it using `ppm install JSON-XS` if you need it.

Getting Started
===============

Whether you're a first-time user or a long-time fan, our free resources
will help you get the most from ActivePerl.

Mailing list archives:

http://aspn.activestate.com/ASPN/Mail/Browse/Threaded/Active Perl

Feedback
========

Everyone is encouraged to participate in making Perl an even better
language.

For bugs related to ActiveState use:

http://bugs.activestate.com/enter_bug.cgi?product=ActivePerl &version=1006

For bugs related directly to Perl please use the 'perlbug' utility.

Enjoy!

RE: ActiveState announces ActivePerl 5.10.1 build 1006

am 29.08.2009 02:35:49 von Jan Dubois

On Fri, 28 Aug 2009, Sisyphus wrote: On Fri, 28 Aug 2009, "Jan Dubois"
wrote:
> > ActiveState is pleased to announce ActivePerl 5.10.1 build 1006, a
> > complete, ready-to-install Perl distribution for Windows, Mac OS X,
> > Linux, Solaris, and AIX.
>
> There's apparently a (presumably) minor bug with the Windows x64 build
> (msi package only) that came to light in the perlmonks thread
> http://www.perlmonks.org/index.pl?node_id=791470 .
>
> It's reported there that the 'perl -V' output begins with "Summary of
> my perl5 (revision 5 version 10 subversion 0) ...." which is the wrong
> subversion number. I installed from the zip package, and it correctly
> states the subversion number as '1'.

I cannot reproduce the problem with a clean install. I haven't yet
tried installing 5.10.1 on top of 5.10.0. That should work too,
but I typically install into a new location every time.

Cheers,
-Jan

_______________________________________________
ActivePerl mailing list
ActivePerl@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs