./devel/p5-Lexical-SealRequireHints, Perl5 module to prevent leakage of lexical hints

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.011, Package name: p5-Lexical-SealRequireHints-0.011, Maintainer: pkgsrc-users

There is a bug in Perl's handling of the %^H (lexical hints) variable that
causes lexical state in one file to leak into another that is required/used
from it. This bug will probably be fixed in Perl 5.10.2, and is definitely
fixed in Perl 5.11.0, but in any earlier version it is necessary to work
around it. On versions of Perl that require a fix, this module globally
changes the behaviour of require and use so that they no longer exhibit the
bug. This is the most convenient kind of workaround, and is meant to be
invoked by modules that make use of lexical state.

The workaround supplied by this module takes effect the first time its
import method is called. Typically this will be done by means of a use
statement. This should be done before putting anything into %^H that would
have a problem with leakage; usually it suffices to do this when loading
the module that supplies the mechanism to set up the vulnerable lexical
state. Invoking this module multiple times, from multiple lexical-related
modules, is not a problem: the workaround is only applied once, and applies
to everything.


Master sites:

SHA1: dbeec7975ada463ccb3029018d9bad46475d7b0e
RMD160: 9fc079dce4f47db370df8cfe43c841efc9bf79cf
Filesize: 20.165 KB

Version history: (Expand)


CVS history: (Expand)


   2017-09-17 12:44:57 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
p5-Lexical-SealRequireHints: update to 0.011.

version 0.011; 2017-07-15

  * update test suite to not rely on . in @INC, which is no longer
    necessarily there from Perl 5.25.7

  * no longer include a Makefile.PL in the distribution

  * update op-munging code to the PERL_OP_PARENT-compatible style
    (though none of it is actually used on Perls new enough to support
    PERL_OP_PARENT)

  * rename internal gen_*_op() functions into a better style

  * consistently use THX_ prefix on internal function names
   2017-06-05 16:25:36 by Ryo ONODERA | Files touched by this commit (2298)
Log message:
Recursive revbump from lang/perl5 5.26.0
   2016-06-08 21:25:20 by Thomas Klausner | Files touched by this commit (2236) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.
   2016-04-29 15:23:06 by Makoto Fujiwara | Files touched by this commit (2) | Package updated
Log message:
Updated to devel/p5-Lexican-SealRequireHints-0.010
--------------------------------------------------
version 0.010; 2016-03-18
  * skip test with lexical $_ on Perl 5.23.4+ where that feature has
    been removed
   2015-11-03 04:29:40 by Alistair G. Crooks | Files touched by this commit (1995)
Log message:
Add SHA512 digests for distfiles for devel category

Issues found with existing distfiles:
	distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
	distfiles/fortran-utils-1.1.tar.gz
	distfiles/ivykis-0.39.tar.gz
	distfiles/enum-1.11.tar.gz
	distfiles/pvs-3.2-libraries.tgz
	distfiles/pvs-3.2-linux.tgz
	distfiles/pvs-3.2-solaris.tgz
	distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-04-10 03:03:20 by Makoto Fujiwara | Files touched by this commit (2) | Package updated
Log message:
Update 0.007 to 0.009
---------------------
version 0.009; 2015-03-20

  * in test of require for version checking, work around [perl #124135]
    which was introduced in Perl 5.21.4

version 0.008; 2015-03-20

  * bugfix: don't localise hints around a version-number require, so that
    "use v5.10.0" can have its intentional effect of setting feature flags

  * bugfix: in pure Perl implementation, use a ($) prototype on
    CORE::GLOBAL::require, so that the argument expression will be in
    the correct context

  * better error message for refusing to use pure Perl implementation
    on Perl 5.9.4 to 5.10.0

  * document that the pure Perl implementation breaks the use of the
    implicit $_ parameter with require

  * in swash test, don't fail if utf8.pm was loaded unexpectedly early,
    as has been seen to happen on some systems

  * test idempotence

  * fix test for thread safety, which risked false negatives

  * when preemptively loading Carp and Carp::Heavy, avoid the Perl core
    bug regarding the context applied to file scope of required modules,
    in case of future versions of those modules becoming vulnerable and
    running on an old Perl

  * declare correct version for Test::More dependency

  * typo fix in documentation

  * typo fix in a comment
   2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049)
Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.