Skip to main content



This isn't directly perl-related, but it's a good reminder that as the bus-factor of our projects dwindle down to 0, the danger of a dependency attack goes up.

Obligatory XKCD

The story is still unfolding, and I've just been reading it from the HN post

In this case, it appears that the maintainer of xz-utils, who has been maintaining it since 2009 and mentioned online that they don't really have the capacity for it anymore finally had a motivated helper show up to assist with the work 2.5 years ago. That motivated helper now appears to either be a long-con state actor, or a compromised account.

liblzma is used by libsystemd. Redhat and Debian patch ssh to use libsystemd. The startup code of libxz detects when it is loaded into sshd during initialization and replaces a core auth function of sshd with its own copy. The malicious code comes from compressed compiled code within one of the libxz unit test files that gets sneakily injected into the build during the ./configure script. The person who discovered it only found it due to valgrind errors and a slower startup time for ssh, which are mistakes a more sophisticated attacker might not have made.

Oh, and of course the question on everyone's mind, you're probably not affected yet because the latest liblzma is only used in pre-release distros right now. But check if you have xz 5.6 or later. However, the author has been contributing to xz for 2.5 years so who knows if this is the first attack or not...

submitted by /u/nrdvana
[link] [comments]



Libdeflate compression library

Changes for 0.08 - 2024-03-30

  • Check compiler when installing and exit if version is too low
  • Include a missing file


Sah schemas related to ArrayData

Changes for 0.005 - 2024-02-16

  • Rename module/dist Sah-Schema{s,Bundle}-ArrayData following rename of Sah-Schema{s,Bundle} (for visual clarity and consistency with naming of other bundles).


Interface to the Qhull convex hull, Delauny triangulation, Voronoi diagram software suite

Changes for 0.06 - 2024-03-29T17:56:08-04:00

  • BUG FIX


automate the Chrome browser

Changes for 0.73 - 2024-03-29

  • Tests should not hang when run as root now
  • Sandbox is automatically disabled when running as root


Multi column file system explorer

Changes for 0.01 - 2024-03-01T10:42:59Z

  • original version; created by h2xs 1.23 with options -X Tk::FileBrowser



Hi all,

I have most difficulties to make my LWP::UserAgent to use TLS 1.2/1.3

I tried :

my $ua = new LWP::UserAgent( 'ssl_opts' => { SSL_version => 'TLSv12:!SSLv2:!SSLv3:!TLSv1:!TLSv11', } );

but no success .....

also tried :

$ENV{https_version}=3;

perl v5.32 is not that old, I am very surprised I can't establish connecting to TLS 1.2/1.3 server

Is it a known problem with openSSL version used to compile v5.32 ? if so, can I upgrade the SSL libs only ? or is there an option to pass on to force TLS 1.2/1.3 ?

Windows 10 - strawberry v5.32.1 MSWin32-x64-multi-thread

Thank you very much !

submitted by /u/lowpowerdesign
[link] [comments]



Read environment variables from .env file

Changes for 0.012 - 2024-03-29T18:05:10+02:00

  • Fix lib and test code to use Cwd::abs_path with File::Spec->catdir|catfile.


Class for conversion between percent number to star visualization

Changes for 0.03 - 2024-03-29T16:01:21+01:00

  • Add missing dot in doc.
  • Improve doc for constructor.
  • Move bugtracker to Github.
  • Move valid tests to top.
  • Rewrite check of error to Mo::utils.



The Perl and Raku Conference (formerly known as YAPC::NA) is going strong! This year, we are celebrating 25 years, our silver anniversary, in the Silver State, Nevada! The main conference will be in Las Vegas on June 25-27, but there will be hackathons and possibly classes on the day before and the day after the conference (June 24th and 28th), so please consider joining us for the whole week!

The backbone of this conference has always been our tracks of "traditional" talks by community members and what we have come to call the "Hallway Track" the informal exchange of ideas and camaraderie that sparks new projects and fuels collaboration.

This year, we are pleased also to host the presentation of Papers and Posters accepted by the Science Perl Journal!

Registration is open, so your ticket can now be purchased.

Talk submissions are still open, and we are seeking proposals on a wide variety of subjects. This includes language features, personal projects, applications like Koha, and anything that may be of general interest to Perl and Raku programmers. (We had juggling and origami in the past. Fun!)

Speakers who are approved for a talk, paper, or poster will receive a free ticket to the event. The submission deadline is April 5th at 8pm EST, so please send us your submissions soon!

We are planning some special activities during the conference to celebrate our rich 25-year history.

Go now to https://tprc.us/ to check out what is planned and to book a room (see link to Alexis Park Resort under "Location"). Rooms start at only $75 per night, so it’s worth booking early!

The best way to register for the conference is at https://tprc2024.sched.com/tickets

Thanks, TPRC Admins

submitted by /u/nahthanxx
[link] [comments]



Read environment variables from .env file

Changes for 0.011 - 2024-03-27T22:13:20+02:00

  • Allow reading files recursively.


create diffs between HTTP requests

Changes for 0.04 - 2024-03-27

  • We use the postderef feature



create OpenAPI documentation of your application

Changes for 1.0.2 - 2024-03-27

  • BUG FIXES


Tags helper for gradient evaluation.

Changes for 0.03 - 2024-03-27T17:18:08+01:00

  • API Change: Change 'height' and 'width' parameters to CSS unit.
  • Remove obsolete module use in test.
  • Remove usage of Tags::Output::Raw.
  • Rename example files to better names.
  • Update Module::Install to 1.21 version.
  • Update copyright years.


Multidimensional binning & histogramming

Changes for 0.028 - 2024-03-27T15:55:32+00:00

  • update requirement to Test::PDL 0.20 which handles badvals correctly


Tags helper for CPAN::Changes object.

Changes for 0.03 - 2024-03-27T16:29:45+01:00

  • Add test of constructor.
  • Fix minimal dependency to Tags::HTML.






SPVM Language

Changes for 0.989094 - 2023-03-26

  • Internal Changes
  • Bug Fix
  • Incompatible Changes






Perl Data Language

Changes for 2.085_02 - 2024-03-25

  • PP add loop(n=value) idiom to start not at 0
  • add whichover, inspired by https://stackoverflow.com/questions/77551179/perl-pdl-indexing-and-which
  • random/randsym only produce real data
  • fix dataflow when vaffine ndarray is between modified and downstream (#461) - thanks @vadim-160102 for continued reporting
  • revert the use of ArgOrder for PDL::Ops so op($a,$b,$c,$swap) works again as pre 2.082_01
  • error on inflating output ndarrays over dims sized 1 or implicit (promoted) or dummy, as is undefined behaviour
  • make HdrCode and FtrCode run when PMCode supplied (#463) - thanks @jo-37 for suggestion
  • PP add CHeader key
  • OtherPars can now be incomplete arrays of char*
  • make typemaps able to use more Perl ones like T_HVREF - thanks @jo-37
  • removed threadover_n alias since not used elsewhere and broadcastover{,_n} interface adjusted to move mandatory to start
  • add ccumu{prod,sum}over in complex double precision
  • setdims on ndarray with trans_parent (i.e. flowing) now an error
  • set(..., $multi_elt) now an error (#466) - thank @djerius for report
  • convert can work inplace (by using set_datatype)
  • flowing convert of ndarrays preserves badvalues that are NaN
  • PDL_ISBAD2 macro
  • lvalue {un,}broadcast
  • set_datatype now errors if has trans_children, as trans-es have a datatype
  • add ANYVAL_TO_ANYVAL_NEWTYPE
  • per-ndarray badvalues (which are PDL_Anyval) now constrained to be same type as ndarray
#461 #463 #466


Subroutine attribute for compile-time method lookups on its typed lexicals.


Invoke a callback on every element at every level of a data structure.

Changes for 0.03 - 2024-03-25T16:10:08-04:00

  • API CHANGE
  • ENHANCEMENTS


A Plugin to interface Form::Tiny with OptArgs2

Changes for 0.12 - 2024-03-25T15:42:38-04:00

  • ENHANCEMENT


A mono repo for perl scripts and modules which WATERKIP likes

Changes for 0.002 - 2024-03-25T17:48:58Z

  • Bump YA::CLI version dep
  • Add parse-phone-number bin script


Locate and read records from human-edited data tables (Excel, CSV)

Changes for 0.014 - 2024-03-25

  • Fix compatibility with newest Spreadsheet::ParseXLSX



Recursive copying of files and directories within Perl 5 toolchain

Changes for 0.008 - 2024-03-25T09:59:23Z

  • Encoding directive added to POD, contributed by gregor herrmann from Debian.
  • Corrections in test files to guard against CPANtesters who run tests with PERL_AUTHOR_TESTING turned on.


Strawberry Perl is distributed with its own winlibs distribution. E.g., if the perl distribution is placed in c:/strawberry, the winlibs distribution is placed in c:/strawberry/c. May I replace this winlibs distribution with a different, newer winlibs distribution placed in c:/winlibs (for example)? Of course this will come with a path update.

submitted by /u/Sharp_Artichoke_8237
[link] [comments]



Microsoft Teams WebHook with AdaptiveCards for formatting notifications

Changes for 1.02 - 2024-03-25

  • fix test duration check failing in start/end


Libdeflate compression library

Changes for 0.07 - 2024-03-25

  • Update libdeflate to 1.20



module for checking taint peculiarities on some CPAN testers

Changes for 0.0.1 - 2024-03-25T03:15:44Z

  • original version


SPVM Language

Changes for 0.989093 - 2023-03-25

  • Bug Fix
  • Internal Changes
  • Test Cleanup




submitted by /u/niceperl
[link] [comments]



Simple backend-independent plotting for PDL

Changes for 1.010 - 2024-03-24

  • fix PGPLOT to read devices correctly


Basic method declarations with signatures, without source filters

Changes for 1.14 - 2024-03-24

  • Run number tests under C locale


PDL interface to the GNU Linear Programming Kit

Changes for 0.05 - 2024-03-24T12:33:00Z

  • enforce C99 standard


create Perl client SDKs from OpenAPI specs

Changes for 0.01 - 2024-03-24

  • Released on an unsuspecting world