Planning ledger 3.1.2

Wed, 09 Jan 2019 14:40:26 -0800 

A new release of ledger is long overdue.  It's been around 3 years
since the last release and there have been quite a number of bug fixes
and small improvements in the meantime.

I'd like to discuss what needs to be done to get 3.1.2 out this month.
If everyone can contribute a bit, we should be able to get a release
out.

What needs to be done:

* Update the documentation:
    * docs/NEWS hasn't been updated in a long time
    * README.md needs some updates (e.g. the Ubuntu section is quite old,
     #1701 - can someone submit a PR).  Can someone verify the macOS info?

* There are a number of memory issues and some CVEs have been assigned:
    * #1122 stack-buffer-overflow in find_option (BZ#1222) (CVE-2017-12481)
    * #1124 stack-buffer-overflow in ledger::parse_date_mask_routine (BZ#1224) 
(CVE-2017-12482) 
    * #541 Access to previously freed memory
    * https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
    * https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304
  Can someone look at these issues and propose PRs?

* Balance checks and assignments: there were some fixes a few months ago,
but since then a number of bugs have been reported.  Did those fixes break
anything?  Did we introduce regressions?  Although now that I look, I
cannot find these issues (but maybe I didn't look closely enough).  Are
things working right now or are there still issues?

* Run test suite on different platforms.  The test suite passes for me on
Debian stable.  Can people on other platforms please build ledger from
GitHub (next branch) and run the test suite and report back.

I created a 3.1.2 milestone in GitHub: 
https://github.com/ledger/ledger/milestone/1

If you believe there's anything else that *needs* to be fixed before a
release, please speak up.  (We're not talking about "nice to have" things,
but real show stoppers.)

Thanks,

-- 
Martin Michlmayr
https://www.cyrius.com/

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"Ledger" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to