Decide whether to allow a client to run this script
Changes for 0.05 - 2024-04-02T16:26:14Z
- Calling new on an object now returns a clone rather than setting the defaults in the new object
Easily format content into PDF/PS/DVI with LaTeX templates.
Changes for 0.05 - 2024-04-02
- Enhanced the ability to pass parameters to the Text::Xslate template engine and created a test file to test setting the search paths for included templates. Method 'templater_parameters()' has been removed. Now, parameters to Text::Xslate template engine can only be passed during construction of LaTeX::Easy::Templates. Test files under "xt/" are now included in the distribution, they were omitted in previous releases. Test files above 300 have been restructured and renamed. Enhanced documentation.
A health check for your code
Changes for v1.9.0 - 2024-04-02T19:56:08Z
- No changes found
This isn't directly perl-related, but it's a good reminder that as the bus-factor of our projects dwindle down to 0, the danger of a dependency attack goes up.
The story is still unfolding, and I've just been reading it from the HN post
In this case, it appears that the maintainer of xz-utils, who has been maintaining it since 2009 and mentioned online that they don't really have the capacity for it anymore finally had a motivated helper show up to assist with the work 2.5 years ago. That motivated helper now appears to either be a long-con state actor, or a compromised account.
liblzma is used by libsystemd. Redhat and Debian patch ssh to use libsystemd. The startup code of libxz detects when it is loaded into sshd during initialization and replaces a core auth function of sshd with its own copy. The malicious code comes from compressed compiled code within one of the libxz unit test files that gets sneakily injected into the build during the ./configure script. The person who discovered it only found it due to valgrind errors and a slower startup time for ssh, which are mistakes a more sophisticated attacker might not have made.
Oh, and of course the question on everyone's mind, you're probably not affected yet because the latest liblzma is only used in pre-release distros right now. But check if you have xz 5.6 or later. However, the author has been contributing to xz for 2.5 years so who knows if this is the first attack or not...
submitted by /u/nrdvana
[link] [comments]
Hi all,
I have most difficulties to make my LWP::UserAgent to use TLS 1.2/1.3
I tried :
my $ua = new LWP::UserAgent( 'ssl_opts' => { SSL_version => 'TLSv12:!SSLv2:!SSLv3:!TLSv1:!TLSv11', } );
but no success .....
also tried :
$ENV{https_version}=3;
perl v5.32 is not that old, I am very surprised I can't establish connecting to TLS 1.2/1.3 server
Is it a known problem with openSSL version used to compile v5.32 ? if so, can I upgrade the SSL libs only ? or is there an option to pass on to force TLS 1.2/1.3 ?
Windows 10 - strawberry v5.32.1 MSWin32-x64-multi-thread
Thank you very much !
ā
submitted by /u/lowpowerdesign
[link] [comments]
I have a bunch of YAML config files (using YAML::XS) which are multidimensional, and the values can be HASH, ARRAY, or SCALAR. Right now, I have a kind of a template YAML that defines the layout that someone can use as a reference to write a config file. The keys and layout are the same, except instead of having values it has two keys: 1) required (boolean) and 2) type (ARRAY, HASH, STR, etc). What I would like is for a sub to just verify the tree and spit out an error on which key is the problem, but I'm getting kind of lost on trying to loop both trees together.
Here is a small example from a part of a YAML config.
split: level: 3 filter: directories: delete: - \/main.assets$ keep: - S2589004224001688 files: keep: - issue.xml - main.xml - main.pdf And here is a small example from the YAML config template that someone uses as a reference.
split: required: True type: HASH group: required: False type: HASH by: required: True type: STR count: required: True type: STR level: required: True type: INT filter: required: False type: HASH directories: required: False type: HASH delete: required: False type: ARRAY keep: required: False type: ARRAY files: required: False type: HASH delete: required: False type: ARRAY keep: required: False type: ARRAY ā
submitted by /u/sirhalos
[link] [comments]
