| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: perl-Lexical-SealRequireHints | Distribution: openSUSE:Factory:zSystems |
| Version: 0.012 | Vendor: openSUSE |
| Release: 1.8 | Build date: Sat Mar 11 04:06:17 2023 |
| Group: Unspecified | Build host: reproducible |
| Size: 38558 | Source RPM: perl-Lexical-SealRequireHints-0.012-1.8.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://metacpan.org/release/Lexical-SealRequireHints | |
| Summary: Prevent leakage of lexical hints | |
This module works around two historical bugs in Perl's handling of the '%^H' (lexical hints) variable. One bug causes lexical state in one file to leak into another that is 'require'd/'use'd/'do'ed from it. This bug, [perl The second bug causes lexical state (normally a blank '%^H' once the first bug is fixed) to leak outwards from 'utf8.pm', if it is automatically loaded during Unicode regular expression matching, into whatever source is compiling at the time of the regexp match. This bug, [perl #73174], was present from Perl 5.8.7 up to Perl 5.11.5, fixed in Perl 5.12.0. Both of these bugs seriously damage the usability of any module relying on '%^H' for lexical scoping, on the affected Perl versions. It is in practice essential to work around these bugs when using such modules. On versions of Perl that require such a workaround, this module globally changes the behaviour of 'require', including 'use' and the implicit 'require' performed in Unicode regular expression matching, and of 'do', so that they no longer exhibit these bugs. The workaround supplied by this module takes effect the first time its 'import' method is called. Typically this will be done by means of a 'use' statement. This should be done as early as possible, because it only affects 'require'/'use'/'do' statements that are compiled after the workaround goes into effect. For 'use' statements, and 'require' and 'do' statements that are executed immediately and only once, it suffices to invoke the workaround when loading the first module that will set up vulnerable lexical state. Delayed-action 'require' and 'do' statements, however, are more troublesome, and can require the workaround to be loaded much earlier. Ultimately, an affected Perl program may need to load the workaround as very nearly its first action. Invoking this module multiple times, from multiple modules, is not a problem: the workaround is only applied once, and applies to everything subsequently compiled. This module is implemented in XS, with a pure Perl backup version for systems that can't handle XS modules. The XS version has a better chance of playing nicely with other modules that modify 'require' or 'do' handling. The pure Perl version can't work at all on some Perl versions; users of those versions must use the XS. On all Perl versions suffering the underlying hint leakage bug, pure Perl hooking of 'require' breaks the use of 'require' without an explicit parameter (implicitly using '$_').
Artistic-1.0 OR GPL-1.0-or-later
* Sat Mar 11 2023 Tina Müller <[email protected]>
- updated to 0.012
see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
version 0.012; 2023-03-10
* bugfix: comprehensive set of preemptive loads of modules for which
a delayed load might have been compiled while loading this module
* bugfix: if AutoLoader was loaded during (or before) loading this
module, flush its compiled code and reload it, to make subsequent
autoloads of *.al files not leak hints
* bugfix: if utf8_heavy.pl was loaded during (or before) loading this
module, flush its compiled code and reload it, to make subsequent
loads of Unicode data files not leak hints
* bugfix: perform preemptive loads, of modules for which a delayed
load might have been compiled while loading this module, regardless
of whether XS module loading was successful
* bugfix: also work around hint leakage affecting do-file, which
suffers exactly the same problem as require
* correct thread behaviour: make the XS implementation behave the way
the pure Perl implementation already did, by not applying workaround
until it has been requested in a particular thread (including being
requested pre-cloning in a thread from which this thread was cloned)
* be more conservative about maintaining op tree structure
* port to Perl 5.33.1, which defines a PERL_VERSION_GE() macro that
clashes with the one this module previously had
* delay the preemptive module loads, of modules potentially subject
to early-compiled delayed loads, until applying the fix
* update swash test for Perl 5.27.11, which avoids actually loading
swashes most of the time
* skip thread tests on some old versions of Perl (around 5.10.0) where
a core bug makes thread creation violate an internal assertion and
causes crashes
* skip thread tests on pre-5.8.9 Perls where a core bug makes thread
creation corrupt memory
* skip thread tests on pre-5.8.3 Perls where a core bug makes thread
completion break the global PL_sv_placeholder
* in t/override.t, make the test overrides of require() provide the
correct context to the file scope of each file being loaded
* test the point at which the workaround goes into effect
* in documentation, describe the bug affecting "do" on Perls 5.15.{5..7}
* in documentation, use four-column indentation for all verbatim
material
* in META.{yml,json}, point to public bug tracker
* use full stricture in the module, now that delayed module loads
compiled while loading this module are properly handled so there's
no need to try avoiding them entirely
* in XS, better argument parenthesisation in a macro
* avoid some compiler warnings that arise on Perl 5.6
* fix indentation in the reserve definition of wrap_op_checker()
* Tue Jul 25 2017 [email protected]
- updated to 0.011
see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
version 0.011; 2017-07-15
* update test suite to not rely on . in @INC, which is no longer
necessarily there from Perl 5.25.7
* no longer include a Makefile.PL in the distribution
* update op-munging code to the PERL_OP_PARENT-compatible style
(though none of it is actually used on Perls new enough to support
PERL_OP_PARENT)
* rename internal gen_*_op() functions into a better style
* consistently use THX_ prefix on internal function names
* Wed Mar 23 2016 [email protected]
- updated to 0.010
see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
version 0.010; 2016-03-18
* skip test with lexical $_ on Perl 5.23.4+ where that feature has
been removed
* Mon Apr 13 2015 [email protected]
- updated to 0.009
see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
version 0.009; 2015-03-20
* in test of require for version checking, work around [perl #124135]
which was introduced in Perl 5.21.4
version 0.008; 2015-03-20
* bugfix: don't localise hints around a version-number require, so that
"use v5.10.0" can have its intentional effect of setting feature flags
* bugfix: in pure Perl implementation, use a ($) prototype on
CORE::GLOBAL::require, so that the argument expression will be in
the correct context
* better error message for refusing to use pure Perl implementation
on Perl 5.9.4 to 5.10.0
* document that the pure Perl implementation breaks the use of the
implicit $_ parameter with require
* in swash test, don't fail if utf8.pm was loaded unexpectedly early,
as has been seen to happen on some systems
* test idempotence
* fix test for thread safety, which risked false negatives
* when preemptively loading Carp and Carp::Heavy, avoid the Perl core
bug regarding the context applied to file scope of required modules,
in case of future versions of those modules becoming vulnerable and
running on an old Perl
* declare correct version for Test::More dependency
* typo fix in documentation
* typo fix in a comment
* Thu Feb 27 2014 [email protected]
- initial package 0.007
* created by cpanspec 1.78.07
/usr/lib/perl5/vendor_perl/5.40.0/s390x-linux-thread-multi/Lexical /usr/lib/perl5/vendor_perl/5.40.0/s390x-linux-thread-multi/Lexical/SealRequireHints.pm /usr/lib/perl5/vendor_perl/5.40.0/s390x-linux-thread-multi/auto/Lexical /usr/lib/perl5/vendor_perl/5.40.0/s390x-linux-thread-multi/auto/Lexical/SealRequireHints /usr/lib/perl5/vendor_perl/5.40.0/s390x-linux-thread-multi/auto/Lexical/SealRequireHints/SealRequireHints.bs /usr/lib/perl5/vendor_perl/5.40.0/s390x-linux-thread-multi/auto/Lexical/SealRequireHints/SealRequireHints.so /usr/share/doc/packages/perl-Lexical-SealRequireHints /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes /usr/share/doc/packages/perl-Lexical-SealRequireHints/README /usr/share/man/man3/Lexical::SealRequireHints.3pm.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Dec 4 00:10:59 2024