Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

perl-Lexical-SealRequireHints-0.012-1.10 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: perl-Lexical-SealRequireHints Distribution: openSUSE Tumbleweed
Version: 0.012 Vendor: openSUSE
Release: 1.10 Build date: Sat Mar 11 04:06:17 2023
Group: Unspecified Build host: reproducible
Size: 46294 Source RPM: perl-Lexical-SealRequireHints-0.012-1.10.src.rpm
Packager: http://bugs.opensuse.org
Url: https://metacpan.org/release/Lexical-SealRequireHints
Summary: Prevent leakage of lexical hints
This module works around two historical bugs in Perl's handling of the
'%^H' (lexical hints) variable. One bug causes lexical state in one file to
leak into another that is 'require'd/'use'd/'do'ed from it. This bug, [perl

The second bug causes lexical state (normally a blank '%^H' once the first
bug is fixed) to leak outwards from 'utf8.pm', if it is automatically
loaded during Unicode regular expression matching, into whatever source is
compiling at the time of the regexp match. This bug, [perl #73174], was
present from Perl 5.8.7 up to Perl 5.11.5, fixed in Perl 5.12.0.

Both of these bugs seriously damage the usability of any module relying on
'%^H' for lexical scoping, on the affected Perl versions. It is in practice
essential to work around these bugs when using such modules. On versions of
Perl that require such a workaround, this module globally changes the
behaviour of 'require', including 'use' and the implicit 'require'
performed in Unicode regular expression matching, and of 'do', so that they
no longer exhibit these bugs.

The workaround supplied by this module takes effect the first time its
'import' method is called. Typically this will be done by means of a 'use'
statement. This should be done as early as possible, because it only
affects 'require'/'use'/'do' statements that are compiled after the
workaround goes into effect. For 'use' statements, and 'require' and 'do'
statements that are executed immediately and only once, it suffices to
invoke the workaround when loading the first module that will set up
vulnerable lexical state. Delayed-action 'require' and 'do' statements,
however, are more troublesome, and can require the workaround to be loaded
much earlier. Ultimately, an affected Perl program may need to load the
workaround as very nearly its first action. Invoking this module multiple
times, from multiple modules, is not a problem: the workaround is only
applied once, and applies to everything subsequently compiled.

This module is implemented in XS, with a pure Perl backup version for
systems that can't handle XS modules. The XS version has a better chance of
playing nicely with other modules that modify 'require' or 'do' handling.
The pure Perl version can't work at all on some Perl versions; users of
those versions must use the XS. On all Perl versions suffering the
underlying hint leakage bug, pure Perl hooking of 'require' breaks the use
of 'require' without an explicit parameter (implicitly using '$_').

Provides

Requires

License

Artistic-1.0 OR GPL-1.0-or-later

Changelog

* Sat Mar 11 2023 Tina Müller <timueller+perl@suse.de>
  - updated to 0.012
    see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
    version 0.012; 2023-03-10
    * bugfix: comprehensive set of preemptive loads of modules for which
      a delayed load might have been compiled while loading this module
    * bugfix: if AutoLoader was loaded during (or before) loading this
      module, flush its compiled code and reload it, to make subsequent
      autoloads of *.al files not leak hints
    * bugfix: if utf8_heavy.pl was loaded during (or before) loading this
      module, flush its compiled code and reload it, to make subsequent
      loads of Unicode data files not leak hints
    * bugfix: perform preemptive loads, of modules for which a delayed
      load might have been compiled while loading this module, regardless
      of whether XS module loading was successful
    * bugfix: also work around hint leakage affecting do-file, which
      suffers exactly the same problem as require
    * correct thread behaviour: make the XS implementation behave the way
      the pure Perl implementation already did, by not applying workaround
      until it has been requested in a particular thread (including being
      requested pre-cloning in a thread from which this thread was cloned)
    * be more conservative about maintaining op tree structure
    * port to Perl 5.33.1, which defines a PERL_VERSION_GE() macro that
      clashes with the one this module previously had
    * delay the preemptive module loads, of modules potentially subject
      to early-compiled delayed loads, until applying the fix
    * update swash test for Perl 5.27.11, which avoids actually loading
      swashes most of the time
    * skip thread tests on some old versions of Perl (around 5.10.0) where
      a core bug makes thread creation violate an internal assertion and
      causes crashes
    * skip thread tests on pre-5.8.9 Perls where a core bug makes thread
      creation corrupt memory
    * skip thread tests on pre-5.8.3 Perls where a core bug makes thread
      completion break the global PL_sv_placeholder
    * in t/override.t, make the test overrides of require() provide the
      correct context to the file scope of each file being loaded
    * test the point at which the workaround goes into effect
    * in documentation, describe the bug affecting "do" on Perls 5.15.{5..7}
    * in documentation, use four-column indentation for all verbatim
      material
    * in META.{yml,json}, point to public bug tracker
    * use full stricture in the module, now that delayed module loads
      compiled while loading this module are properly handled so there's
      no need to try avoiding them entirely
    * in XS, better argument parenthesisation in a macro
    * avoid some compiler warnings that arise on Perl 5.6
    * fix indentation in the reserve definition of wrap_op_checker()
* Tue Jul 25 2017 coolo@suse.com
  - updated to 0.011
    see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
    version 0.011; 2017-07-15
    * update test suite to not rely on . in @INC, which is no longer
      necessarily there from Perl 5.25.7
    * no longer include a Makefile.PL in the distribution
    * update op-munging code to the PERL_OP_PARENT-compatible style
      (though none of it is actually used on Perls new enough to support
      PERL_OP_PARENT)
    * rename internal gen_*_op() functions into a better style
    * consistently use THX_ prefix on internal function names
* Wed Mar 23 2016 coolo@suse.com
  - updated to 0.010
    see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
    version 0.010; 2016-03-18
    * skip test with lexical $_ on Perl 5.23.4+ where that feature has
      been removed
* Mon Apr 13 2015 coolo@suse.com
  - updated to 0.009
    see /usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
    version 0.009; 2015-03-20
    * in test of require for version checking, work around [perl #124135]
      which was introduced in Perl 5.21.4
    version 0.008; 2015-03-20
    * bugfix: don't localise hints around a version-number require, so that
      "use v5.10.0" can have its intentional effect of setting feature flags
    * bugfix: in pure Perl implementation, use a ($) prototype on
      CORE::GLOBAL::require, so that the argument expression will be in
      the correct context
    * better error message for refusing to use pure Perl implementation
      on Perl 5.9.4 to 5.10.0
    * document that the pure Perl implementation breaks the use of the
      implicit $_ parameter with require
    * in swash test, don't fail if utf8.pm was loaded unexpectedly early,
      as has been seen to happen on some systems
    * test idempotence
    * fix test for thread safety, which risked false negatives
    * when preemptively loading Carp and Carp::Heavy, avoid the Perl core
      bug regarding the context applied to file scope of required modules,
      in case of future versions of those modules becoming vulnerable and
      running on an old Perl
    * declare correct version for Test::More dependency
    * typo fix in documentation
    * typo fix in a comment
* Thu Feb 27 2014 coolo@suse.com
  - initial package 0.007
    * created by cpanspec 1.78.07

Files

/usr/lib/perl5/vendor_perl/5.40.0/i586-linux-thread-multi-64int/Lexical
/usr/lib/perl5/vendor_perl/5.40.0/i586-linux-thread-multi-64int/Lexical/SealRequireHints.pm
/usr/lib/perl5/vendor_perl/5.40.0/i586-linux-thread-multi-64int/auto/Lexical
/usr/lib/perl5/vendor_perl/5.40.0/i586-linux-thread-multi-64int/auto/Lexical/SealRequireHints
/usr/lib/perl5/vendor_perl/5.40.0/i586-linux-thread-multi-64int/auto/Lexical/SealRequireHints/SealRequireHints.bs
/usr/lib/perl5/vendor_perl/5.40.0/i586-linux-thread-multi-64int/auto/Lexical/SealRequireHints/SealRequireHints.so
/usr/share/doc/packages/perl-Lexical-SealRequireHints
/usr/share/doc/packages/perl-Lexical-SealRequireHints/Changes
/usr/share/doc/packages/perl-Lexical-SealRequireHints/README
/usr/share/man/man3/Lexical::SealRequireHints.3pm.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Jan 6 23:47:25 2025