This isn't directly perl-related, but it's a good reminder that as the bus-factor of our projects dwindle down to 0, the danger of a dependency attack goes up.
The story is still unfolding, and I've just been reading it from the HN post
In this case, it appears that the maintainer of xz-utils, who has been maintaining it since 2009 and mentioned online that they don't really have the capacity for it anymore finally had a motivated helper show up to assist with the work 2.5 years ago. That motivated helper now appears to either be a long-con state actor, or a compromised account.
liblzma is used by libsystemd. Redhat and Debian patch ssh to use libsystemd. The startup code of libxz detects when it is loaded into sshd during initialization and replaces a core auth function of sshd with its own copy. The malicious code comes from compressed compiled code within one of the libxz unit test files that gets sneakily injected into the build during the ./configure script. The person who discovered it only found it due to valgrind errors and a slower startup time for ssh, which are mistakes a more sophisticated attacker might not have made.
Oh, and of course the question on everyone's mind, you're probably not affected yet because the latest liblzma is only used in pre-release distros right now. But check if you have xz 5.6 or later. However, the author has been contributing to xz for 2.5 years so who knows if this is the first attack or not...
submitted by /u/nrdvana
[link] [comments]
Libdeflate compression library
Changes for 0.08 - 2024-03-30
- Check compiler when installing and exit if version is too low
- Include a missing file
Sah schemas related to ArrayData
Changes for 0.005 - 2024-02-16
- Rename module/dist Sah-Schema{s,Bundle}-ArrayData following rename of Sah-Schema{s,Bundle} (for visual clarity and consistency with naming of other bundles).
Interface to the Qhull convex hull, Delauny triangulation, Voronoi diagram software suite
Changes for 0.06 - 2024-03-29T17:56:08-04:00
- BUG FIX
automate the Chrome browser
Changes for 0.73 - 2024-03-29
- Tests should not hang when run as root now
- Sandbox is automatically disabled when running as root
Multi column file system explorer
Changes for 0.01 - 2024-03-01T10:42:59Z
- original version; created by h2xs 1.23 with options -X Tk::FileBrowser
Hi all,
I have most difficulties to make my LWP::UserAgent to use TLS 1.2/1.3
I tried :
my $ua = new LWP::UserAgent( 'ssl_opts' => { SSL_version => 'TLSv12:!SSLv2:!SSLv3:!TLSv1:!TLSv11', } );
but no success .....
also tried :
$ENV{https_version}=3;
perl v5.32 is not that old, I am very surprised I can't establish connecting to TLS 1.2/1.3 server
Is it a known problem with openSSL version used to compile v5.32 ? if so, can I upgrade the SSL libs only ? or is there an option to pass on to force TLS 1.2/1.3 ?
Windows 10 - strawberry v5.32.1 MSWin32-x64-multi-thread
Thank you very much !
submitted by /u/lowpowerdesign
[link] [comments]
Read environment variables from .env file
Changes for 0.012 - 2024-03-29T18:05:10+02:00
- Fix lib and test code to use Cwd::abs_path with File::Spec->catdir|catfile.
Class for conversion between percent number to star visualization
Changes for 0.03 - 2024-03-29T16:01:21+01:00
- Add missing dot in doc.
- Improve doc for constructor.
- Move bugtracker to Github.
- Move valid tests to top.
- Rewrite check of error to Mo::utils.
The Perl and Raku Conference (formerly known as YAPC::NA) is going strong! This year, we are celebrating 25 years, our silver anniversary, in the Silver State, Nevada! The main conference will be in Las Vegas on June 25-27, but there will be hackathons and possibly classes on the day before and the day after the conference (June 24th and 28th), so please consider joining us for the whole week!
The backbone of this conference has always been our tracks of "traditional" talks by community members and what we have come to call the "Hallway Track" the informal exchange of ideas and camaraderie that sparks new projects and fuels collaboration.
This year, we are pleased also to host the presentation of Papers and Posters accepted by the Science Perl Journal!
Registration is open, so your ticket can now be purchased.
Talk submissions are still open, and we are seeking proposals on a wide variety of subjects. This includes language features, personal projects, applications like Koha, and anything that may be of general interest to Perl and Raku programmers. (We had juggling and origami in the past. Fun!)
- Talks can be 20 minutes or 50 minutes. Please submit through PaperCall.
- Papers and Posters follow the guidelines of the Science Perl Journal. Links to both are also on https://tprc.us.
Speakers who are approved for a talk, paper, or poster will receive a free ticket to the event. The submission deadline is April 5th at 8pm EST, so please send us your submissions soon!
We are planning some special activities during the conference to celebrate our rich 25-year history.
Go now to https://tprc.us/ to check out what is planned and to book a room (see link to Alexis Park Resort under "Location"). Rooms start at only $75 per night, so it’s worth booking early!
The best way to register for the conference is at https://tprc2024.sched.com/tickets
Thanks, TPRC Admins
submitted by /u/nahthanxx
[link] [comments]
The Perl and Raku Conference 2024 in Las Vegas Schedule
Check out the schedule for The Perl and Raku Conference 2024 in Las Vegastprc2024.sched.com
Read environment variables from .env file
Changes for 0.011 - 2024-03-27T22:13:20+02:00
- Allow reading files recursively.
create diffs between HTTP requests
Changes for 0.04 - 2024-03-27
- We use the postderef feature
Perl Weekly Challenge 262: Count Equal Divisible
https://blogs.perl.org/users/laurent_r/2024/03/perl-weekly-challenge-262-count-equal-divisible.html
create OpenAPI documentation of your application
Changes for 1.0.2 - 2024-03-27
- BUG FIXES
Tags helper for gradient evaluation.
Changes for 0.03 - 2024-03-27T17:18:08+01:00
- API Change: Change 'height' and 'width' parameters to CSS unit.
- Remove obsolete module use in test.
- Remove usage of Tags::Output::Raw.
- Rename example files to better names.
- Update Module::Install to 1.21 version.
- Update copyright years.
Multidimensional binning & histogramming
Changes for 0.028 - 2024-03-27T15:55:32+00:00
- update requirement to Test::PDL 0.20 which handles badvals correctly
Tags helper for CPAN::Changes object.
Changes for 0.03 - 2024-03-27T16:29:45+01:00
- Add test of constructor.
- Fix minimal dependency to Tags::HTML.
Does anybody know what happened with the package Catalyst::Plugin::FormValidator, why it was removed from cpan?
submitted by /u/ruzhnikov
[link] [comments]
SPVM Language
Changes for 0.989094 - 2023-03-26
- Internal Changes
- Bug Fix
- Incompatible Changes
module for checking taint peculiarities on some CPAN testers
Changes for 0.0.3
Perl Weekly Challenge 262: Max Positive Negative
https://blogs.perl.org/users/laurent_r/2024/03/perl-weekly-challenge-262-max-positive-negative.html
Perl Data Language
Changes for 2.085_02 - 2024-03-25
- PP add loop(n=value) idiom to start not at 0
- add whichover, inspired by https://stackoverflow.com/questions/77551179/perl-pdl-indexing-and-which
- random/randsym only produce real data
- fix dataflow when vaffine ndarray is between modified and downstream (#461) - thanks @vadim-160102 for continued reporting
- revert the use of ArgOrder for PDL::Ops so op($a,$b,$c,$swap) works again as pre 2.082_01
- error on inflating output ndarrays over dims sized 1 or implicit (promoted) or dummy, as is undefined behaviour
- make HdrCode and FtrCode run when PMCode supplied (#463) - thanks @jo-37 for suggestion
- PP add CHeader key
- OtherPars can now be incomplete arrays of char*
- make typemaps able to use more Perl ones like T_HVREF - thanks @jo-37
- removed threadover_n alias since not used elsewhere and broadcastover{,_n} interface adjusted to move mandatory to start
- add ccumu{prod,sum}over in complex double precision
- setdims on ndarray with trans_parent (i.e. flowing) now an error
- set(..., $multi_elt) now an error (#466) - thank @djerius for report
- convert can work inplace (by using set_datatype)
- flowing convert of ndarrays preserves badvalues that are NaN
- PDL_ISBAD2 macro
- lvalue {un,}broadcast
- set_datatype now errors if has trans_children, as trans-es have a datatype
- add ANYVAL_TO_ANYVAL_NEWTYPE
- per-ndarray badvalues (which are PDL_Anyval) now constrained to be same type as ndarray
Invoke a callback on every element at every level of a data structure.
Changes for 0.03 - 2024-03-25T16:10:08-04:00
- API CHANGE
- ENHANCEMENTS
A Plugin to interface Form::Tiny with OptArgs2
Changes for 0.12 - 2024-03-25T15:42:38-04:00
- ENHANCEMENT
A mono repo for perl scripts and modules which WATERKIP likes
Changes for 0.002 - 2024-03-25T17:48:58Z
- Bump YA::CLI version dep
- Add parse-phone-number bin script
Locate and read records from human-edited data tables (Excel, CSV)
Changes for 0.014 - 2024-03-25
- Fix compatibility with newest Spreadsheet::ParseXLSX
Recursive copying of files and directories within Perl 5 toolchain
Changes for 0.008 - 2024-03-25T09:59:23Z
- Encoding directive added to POD, contributed by gregor herrmann from Debian.
- Corrections in test files to guard against CPANtesters who run tests with PERL_AUTHOR_TESTING turned on.
Strawberry Perl is distributed with its own winlibs distribution. E.g., if the perl distribution is placed in c:/strawberry, the winlibs distribution is placed in c:/strawberry/c. May I replace this winlibs distribution with a different, newer winlibs distribution placed in c:/winlibs (for example)? Of course this will come with a path update.
submitted by /u/Sharp_Artichoke_8237
[link] [comments]
Microsoft Teams WebHook with AdaptiveCards for formatting notifications
Changes for 1.02 - 2024-03-25
- fix test duration check failing in start/end
Libdeflate compression library
Changes for 0.07 - 2024-03-25
- Update libdeflate to 1.20
module for checking taint peculiarities on some CPAN testers
Changes for 0.0.1 - 2024-03-25T03:15:44Z
- original version
Einblick in das OTOBO Ticketsystem: Ein in Perl entwickeltes Meisterwerk
[link] [comments]
(cdlxxxviii) 12 great CPAN modules released last week
Updates for great CPAN modules released last week. A module is considered great if its favorites count is greater or equal than 12. App...niceperl.blogspot.com
Add useful objects to your templates
Changes for 0.07 - 2024-03-24
- bump version
Simple backend-independent plotting for PDL
Changes for 1.010 - 2024-03-24
- fix PGPLOT to read devices correctly
Basic method declarations with signatures, without source filters
Changes for 1.14 - 2024-03-24
- Run number tests under C locale
PDL interface to the GNU Linear Programming Kit
Changes for 0.05 - 2024-03-24T12:33:00Z
- enforce C99 standard
create Perl client SDKs from OpenAPI specs
Changes for 0.01 - 2024-03-24
- Released on an unsuspecting world