ActiveState is pleased to announce ActivePerl 5.10.1 build 1006, a complete, ready-to-install Perl distribution for Windows, Mac OS X, Linux, Solaris, and AIX.
For detailed information or to download these releases, see: http://www.activestate.com/Products/activeperl New in ActivePerl 5.10.1 Build 1006 =================================== * Significant changes that have occurred in the Perl 5.10.1 release, including some incompatible changes to the select statement and the smart matching operator, are documented in the perl5101delta manpage. http://docs.activestate.com/activeperl/5.10/lib/pods/perl5101delta.html * The following security vulnerabilities have been addressed: - CVE-2009-1391 Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow. This CVE was already addressed in ActivePerl build 1005 but was not mentioned in the change log. - CVE-2009-1884 Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. * PPM now always scans all the .packlist files that are newer than the corresponding PPM database for that install area. This means that modules installed manually, or via the CPAN shell will immediately be listed by `ppm query` and can be uninstalled with `ppm remove`. * On 32-bit Windows the CPAN shell will automatically download and install the MinGW GCC compiler and the dmake utility if it cannot find a C compiler and make utility on the PATH. In other situations (e.g. when you run `perl Makefile.PL` from the commandline) ActivePerl will only display a warning and information how to manually install the MinGW compiler. * All modules shipped as part of core Perl will now be included in the PPM database. That allows `ppm upgrade` to automatically detect if updates for any of the core modules are available from a PPM repository. * Almost all bundled modules have been updated to their latest released version from CPAN. Use the `ppm query` command to check the exact version included in this release. - This release contains DBI version 1.607 and SQL-Statement version 1.15. This combination is the most recent one that does not break operation of the DBD-CSV module. The latest versions at the time of the ActivePerl 126.96.36.1996 release are DBI 1.609 and SQL-Statement 1.20 which showed several regressions when used with DBD::CSV in ActiveState's testing. - The JSON-XS module has been removed from the ActivePerl distribution. Please install it using `ppm install JSON-XS` if you need it. Getting Started =============== Whether you're a first-time user or a long-time fan, our free resources will help you get the most from ActivePerl. Mailing list archives: http://aspn.activestate.com/ASPN/Mail/Browse/Threaded/ActivePerl Feedback ======== Everyone is encouraged to participate in making Perl an even better language. For bugs related to ActiveState use: http://bugs.activestate.com/enter_bug.cgi?product=ActivePerl&version=1006 For bugs related directly to Perl please use the 'perlbug' utility. Enjoy!