This isn't directly perl-related, but it's a good reminder that as the bus-factor of our projects dwindle down to 0, the danger of a dependency attack goes up.
The story is still unfolding, and I've just been reading it from the HN post
In this case, it appears that the maintainer of xz-utils, who has been maintaining it since 2009 and mentioned online that they don't really have the capacity for it anymore finally had a motivated helper show up to assist with the work 2.5 years ago. That motivated helper now appears to either be a long-con state actor, or a compromised account.
liblzma is used by libsystemd. Redhat and Debian patch ssh to use libsystemd. The startup code of libxz detects when it is loaded into sshd during initialization and replaces a core auth function of sshd with its own copy. The malicious code comes from compressed compiled code within one of the libxz unit test files that gets sneakily injected into the build during the ./configure script. The person who discovered it only found it due to valgrind errors and a slower startup time for ssh, which are mistakes a more sophisticated attacker might not have made.
Oh, and of course the question on everyone's mind, you're probably not affected yet because the latest liblzma is only used in pre-release distros right now. But check if you have xz 5.6 or later. However, the author has been contributing to xz for 2.5 years so who knows if this is the first attack or not...
submitted by /u/nrdvana
[link] [comments]
Libdeflate compression library
Changes for 0.08 - 2024-03-30
- Check compiler when installing and exit if version is too low
- Include a missing file
Sah schemas related to ArrayData
Changes for 0.005 - 2024-02-16
- Rename module/dist Sah-Schema{s,Bundle}-ArrayData following rename of Sah-Schema{s,Bundle} (for visual clarity and consistency with naming of other bundles).
Interface to the Qhull convex hull, Delauny triangulation, Voronoi diagram software suite
Changes for 0.06 - 2024-03-29T17:56:08-04:00
- BUG FIX
automate the Chrome browser
Changes for 0.73 - 2024-03-29
- Tests should not hang when run as root now
- Sandbox is automatically disabled when running as root
Multi column file system explorer
Changes for 0.01 - 2024-03-01T10:42:59Z
- original version; created by h2xs 1.23 with options -X Tk::FileBrowser
Hi all,
I have most difficulties to make my LWP::UserAgent to use TLS 1.2/1.3
I tried :
my $ua = new LWP::UserAgent( 'ssl_opts' => { SSL_version => 'TLSv12:!SSLv2:!SSLv3:!TLSv1:!TLSv11', } );
but no success .....
also tried :
$ENV{https_version}=3;
perl v5.32 is not that old, I am very surprised I can't establish connecting to TLS 1.2/1.3 server
Is it a known problem with openSSL version used to compile v5.32 ? if so, can I upgrade the SSL libs only ? or is there an option to pass on to force TLS 1.2/1.3 ?
Windows 10 - strawberry v5.32.1 MSWin32-x64-multi-thread
Thank you very much !
submitted by /u/lowpowerdesign
[link] [comments]
Read environment variables from .env file
Changes for 0.012 - 2024-03-29T18:05:10+02:00
- Fix lib and test code to use Cwd::abs_path with File::Spec->catdir|catfile.
Class for conversion between percent number to star visualization
Changes for 0.03 - 2024-03-29T16:01:21+01:00
- Add missing dot in doc.
- Improve doc for constructor.
- Move bugtracker to Github.
- Move valid tests to top.
- Rewrite check of error to Mo::utils.
The Perl and Raku Conference (formerly known as YAPC::NA) is going strong! This year, we are celebrating 25 years, our silver anniversary, in the Silver State, Nevada! The main conference will be in Las Vegas on June 25-27, but there will be hackathons and possibly classes on the day before and the day after the conference (June 24th and 28th), so please consider joining us for the whole week!
The backbone of this conference has always been our tracks of "traditional" talks by community members and what we have come to call the "Hallway Track" the informal exchange of ideas and camaraderie that sparks new projects and fuels collaboration.
This year, we are pleased also to host the presentation of Papers and Posters accepted by the Science Perl Journal!
Registration is open, so your ticket can now be purchased.
Talk submissions are still open, and we are seeking proposals on a wide variety of subjects. This includes language features, personal projects, applications like Koha, and anything that may be of general interest to Perl and Raku programmers. (We had juggling and origami in the past. Fun!)
- Talks can be 20 minutes or 50 minutes. Please submit through PaperCall.
- Papers and Posters follow the guidelines of the Science Perl Journal. Links to both are also on https://tprc.us.
Speakers who are approved for a talk, paper, or poster will receive a free ticket to the event. The submission deadline is April 5th at 8pm EST, so please send us your submissions soon!
We are planning some special activities during the conference to celebrate our rich 25-year history.
Go now to https://tprc.us/ to check out what is planned and to book a room (see link to Alexis Park Resort under "Location"). Rooms start at only $75 per night, so it’s worth booking early!
The best way to register for the conference is at https://tprc2024.sched.com/tickets
Thanks, TPRC Admins
submitted by /u/nahthanxx
[link] [comments]
The Perl and Raku Conference 2024 in Las Vegas Schedule
Check out the schedule for The Perl and Raku Conference 2024 in Las Vegastprc2024.sched.com
Read environment variables from .env file
Changes for 0.011 - 2024-03-27T22:13:20+02:00
- Allow reading files recursively.
create diffs between HTTP requests
Changes for 0.04 - 2024-03-27
- We use the postderef feature
create OpenAPI documentation of your application
Changes for 1.0.2 - 2024-03-27
- BUG FIXES
Tags helper for gradient evaluation.
Changes for 0.03 - 2024-03-27T17:18:08+01:00
- API Change: Change 'height' and 'width' parameters to CSS unit.
- Remove obsolete module use in test.
- Remove usage of Tags::Output::Raw.
- Rename example files to better names.
- Update Module::Install to 1.21 version.
- Update copyright years.
Multidimensional binning & histogramming
Changes for 0.028 - 2024-03-27T15:55:32+00:00
- update requirement to Test::PDL 0.20 which handles badvals correctly
Does anybody know what happened with the package Catalyst::Plugin::FormValidator, why it was removed from cpan?
submitted by /u/ruzhnikov
[link] [comments]
SPVM Language
Changes for 0.989094 - 2023-03-26
- Internal Changes
- Bug Fix
- Incompatible Changes
module for checking taint peculiarities on some CPAN testers
Changes for 0.0.3
Strawberry Perl is distributed with its own winlibs distribution. E.g., if the perl distribution is placed in c:/strawberry, the winlibs distribution is placed in c:/strawberry/c. May I replace this winlibs distribution with a different, newer winlibs distribution placed in c:/winlibs (for example)? Of course this will come with a path update.
submitted by /u/Sharp_Artichoke_8237
[link] [comments]
Microsoft Teams WebHook with AdaptiveCards for formatting notifications
Changes for 1.02 - 2024-03-25
- fix test duration check failing in start/end
[link] [comments]
(cdlxxxviii) 12 great CPAN modules released last week
Updates for great CPAN modules released last week. A module is considered great if its favorites count is greater or equal than 12. App...niceperl.blogspot.com
Add useful objects to your templates
Changes for 0.07 - 2024-03-24
- bump version
Simple backend-independent plotting for PDL
Changes for 1.010 - 2024-03-24
- fix PGPLOT to read devices correctly
Basic method declarations with signatures, without source filters
Changes for 1.14 - 2024-03-24
- Run number tests under C locale
PDL interface to the GNU Linear Programming Kit
Changes for 0.05 - 2024-03-24T12:33:00Z
- enforce C99 standard
create Perl client SDKs from OpenAPI specs
Changes for 0.01 - 2024-03-24
- Released on an unsuspecting world
Data objects for simple message.
Changes for 0.04 - 2024-03-23T21:17:46+01:00
- Add minimal version of Mo::utils to code.
- Rewrite to use of check_language_639_1().
Mo language utilities.
Changes for 0.05 - 2024-03-23T18:45:21+01:00
- Add check_language_639_1() and check_language_639_2() checks.
- Fix output of example in doc.
Invoke a callback on every element at every level of a data structure.
Changes for 0.01 - 2024-03-23T13:04:03-04:00
- First release upon an unsuspecting world.
An effort to make creating and using custom web components easier
Changes for 0.07 - 2024-03-23T16:52:32Z
- updates to better handle reverse proxy installations where generated urls were not being handled correctly
Perl official company author's are being manipulated
https://www.youtube.com/watch?v=ZDk8y83lyAc
Perl official company author's are being manipulated
submitted by /u/todo_bem
[link] [comments]
Random hash type objects.
Changes for 0.05 - 2024-03-22T19:10:24+01:00
- Parameter 'num_generated' rewrite to use check_required().
- Update to Data::HashType@0.05 without 'active' parameter.
This is the explanation of what happened to Perl Author : INGENICO
https://www.youtube.com/watch?v=Qw-gBQHa3RY&list=LL&index=1
submitted by /u/todo_bem
[link] [comments]
The Official Perl programming language authors upload server and Perl Archive Network got hacked
The official Perl programming language authors upload server and and Perl Archive Network (cpan.org) got skipped by cranky stalker and here is a journey insi...YouTube
Locate and read records from human-edited data tables (Excel, CSV)
Changes for 0.013 - 2024-03-22
- Fix bug in unit tests causing failure when MRO::Compat not installed
Data objects for hash type.
Changes for 0.05 - 2024-03-22T17:25:32+01:00
- API CHANGE: Parameter 'active' is removed.
- API CHANGE: Parameter 'valid_from' is required.
- Fix dependencies.
CPAN.pm plugin for installing external dependencies
Changes for 0.77 - 2024-03-22
- support for rpm --whatprovides
- new test script rpm.t
Popping a selection list relative to a widget
Changes for 0.07
- fixed calculation of listbox height.
Random hash type objects.
Changes for 0.04 - 2024-03-22T16:08:10+01:00
- Add tests for valid_from.
- Regen documentation and example.
I've finally had some more time to do some real work related to perl.social again, and there was a recent question from someone again about me actually adopting a proper ToS/CoC there.
I'm not a lawyer so I've decided as a starting point that looking at similar communities out there and so I've grabbed the Mastodon CoC to start the discussion. I do not want to wholesale put anything into place without input from the community, so I'm going to start a discussion here and on perl.social (I'll edit a link to the post once I make it).
COC/TOS
Borrowing many things from the Mastodon CoC as a astarting point (https://github.com/mastodon/mastodon/blob/main/CODE_OF_CONDUCT.md).
I am removing a few things from it, not because I don't think they're good ideas or anything but also because I want to limit the scope of the initial discussion and the amount of work for myself as I'm still currently the only moderator but once the community there gets larger or it changes that I'm not the only one maintaining things, we will hold another discussion about everything.
I've changed a few things also, specifically to add stronger language that any moderators MUST document why an action was taken. This doesn't necessarily mean that I believe that those reasons must be immediately given to an affected user, but that they must be available when requested. Specifically I'm thinking of not informing in the context of bots, spam, illegal or otherwise legally actionable content (i.e. something that's going to get me a subpeona or court case).
Other proposed ideas: 1) Some kind of regular discussion, maybe annually? on ToS/CoC type things 1a) The idea being that we require a regular discussion of anything that's happened over the last time period to avoid it being possible for something happening being "swept under the rug" or "falling through the cracks" because it didn't get the proper time given to it previously. How this should be done I have no good recommendations for, likely creating a group on perl.social to host the conversation each time? 2) ?
Contributor Covenant Code of Conduct
Our Pledge
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
Privacy
I reserve the right to collect email or other identifiable contact information, and it will never be shared to an outside party without consent except in the case of it being required by some legal process. If at any time perl.social becomes a larger organization and there is a desire to change this, I will require the removal of all such information until explicit consent is given again with such a new policy. I don't know if there's a way I can make this legally enforcable but I see it as something I do not own and therefore cannot ethically give it to another party in that kind of scenario.
Both perl.social and I are located in the USA, and therefore I believe are not directly subject to the GDPR, but as there are similar laws in other jurisdictions even within the USA, and I basically agree with the ideas involved, I will do whatever is reasonable feasible to follow them.
Our Standards
Examples of behavior that contributes to a positive environment for our community include:
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
- Focusing on what is best not just for us as individuals, but for the overall community
Examples of unacceptable behavior include:
- The use of public and/or unwanted sexualized language or imagery, and sexual attention or advances of any kind. Consenting adults in private should be acceptable.
- Trolling, insulting or derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or email address, without their explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and MUST communicate reasons for moderation decisions.
Scope
This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at [hello@joinmastodon.org](mailto:hello@joinmastodon.org). All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the reporter of any incident.
Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
1. Correction
Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
2. Warning
Community Impact: A violation through a single incident or series of actions.
Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
3. Temporary Ban
Community Impact: A serious violation of community standards, including sustained inappropriate behavior.
Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
4. Permanent Ban
Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
Consequence: A permanent ban from any sort of public interaction within the community.
Attribution
This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
And from the Mastodon code of conduct available at https://github.com/mastodon/mastodon/blob/main/CODE_OF_CONDUCT.md
Community Impact Guidelines were inspired by Mozilla's code of conduct enforcement ladder.
For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
submitted by /u/simcop2387
[link] [comments]
GitHub - mozilla/inclusion: Our repository for Diversity, Equity and Inclusion work at Mozilla
Our repository for Diversity, Equity and Inclusion work at Mozilla - mozilla/inclusionGitHub
Data objects for login.
Changes for 0.03 - 2024-03-22T14:37:07+01:00
- API CHANGE: Add 'valid_from' and 'valid_to' parameters to Data::Login.
- API CHANGE: Add 'valid_from' and 'valid_to' parameters to Data::Login::Role. 'active' parameter will be removed in future. And 'valid_from' will be required in future.
- Add DESCRIPTION section to Data::Login doc.
BrowseEntry like widget without button
Changes for 0.02
- added -command option updated and corrected documentation
Utilities related to mineral supplements
Changes for 0.012 - 2024-03-22
- Add mg-mg-malate, mg-mg-malate-trihydrate.
General purpose command option wrapper
Changes for v0.99.1 - 2024-03-22T09:31:18Z
- Make tabstop configurable in -Mutil::filter module.
Implementation of various techniques used in data compression.
Changes for 0.03 - 2024-03-22
- ADDITIONS
- CHANGES