./devel/p5-Lexical-SealRequireHints, Perl5 module to prevent leakage of lexical hints

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.010nb1, Package name: p5-Lexical-SealRequireHints-0.010nb1, Maintainer: pkgsrc-users

There is a bug in Perl's handling of the %^H (lexical hints) variable that
causes lexical state in one file to leak into another that is required/used
from it. This bug will probably be fixed in Perl 5.10.2, and is definitely
fixed in Perl 5.11.0, but in any earlier version it is necessary to work
around it. On versions of Perl that require a fix, this module globally
changes the behaviour of require and use so that they no longer exhibit the
bug. This is the most convenient kind of workaround, and is meant to be
invoked by modules that make use of lexical state.

The workaround supplied by this module takes effect the first time its
import method is called. Typically this will be done by means of a use
statement. This should be done before putting anything into %^H that would
have a problem with leakage; usually it suffices to do this when loading
the module that supplies the mechanism to set up the vulnerable lexical
state. Invoking this module multiple times, from multiple lexical-related
modules, is not a problem: the workaround is only applied once, and applies
to everything.


Required to run:
[lang/perl5]

Required to build:
[devel/p5-Module-Build]

Master sites: (Expand)

SHA1: afb6a3df0149dbf434426c261fcc5a415c7a3d7d
RMD160: 107ee569b01f57b06d97962a531b48db074effdb
Filesize: 20.413 KB

Version history: (Expand)


CVS history: (Expand)


   2016-06-08 21:25:20 by Thomas Klausner | Files touched by this commit (2236) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.
   2016-04-29 15:23:06 by Makoto Fujiwara | Files touched by this commit (2) | Package updated
Log message:
Updated to devel/p5-Lexican-SealRequireHints-0.010
--------------------------------------------------
version 0.010; 2016-03-18
  * skip test with lexical $_ on Perl 5.23.4+ where that feature has
    been removed
   2015-11-03 04:29:40 by Alistair G. Crooks | Files touched by this commit (1995)
Log message:
Add SHA512 digests for distfiles for devel category

Issues found with existing distfiles:
	distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
	distfiles/fortran-utils-1.1.tar.gz
	distfiles/ivykis-0.39.tar.gz
	distfiles/enum-1.11.tar.gz
	distfiles/pvs-3.2-libraries.tgz
	distfiles/pvs-3.2-linux.tgz
	distfiles/pvs-3.2-solaris.tgz
	distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-06-12 12:52:19 by Thomas Klausner | Files touched by this commit (3152)
Log message:
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
   2015-04-10 03:03:20 by Makoto Fujiwara | Files touched by this commit (2) | Package updated
Log message:
Update 0.007 to 0.009
---------------------
version 0.009; 2015-03-20

  * in test of require for version checking, work around [perl #124135]
    which was introduced in Perl 5.21.4

version 0.008; 2015-03-20

  * bugfix: don't localise hints around a version-number require, so that
    "use v5.10.0" can have its intentional effect of setting feature flags

  * bugfix: in pure Perl implementation, use a ($) prototype on
    CORE::GLOBAL::require, so that the argument expression will be in
    the correct context

  * better error message for refusing to use pure Perl implementation
    on Perl 5.9.4 to 5.10.0

  * document that the pure Perl implementation breaks the use of the
    implicit $_ parameter with require

  * in swash test, don't fail if utf8.pm was loaded unexpectedly early,
    as has been seen to happen on some systems

  * test idempotence

  * fix test for thread safety, which risked false negatives

  * when preemptively loading Carp and Carp::Heavy, avoid the Perl core
    bug regarding the context applied to file scope of required modules,
    in case of future versions of those modules becoming vulnerable and
    running on an old Perl

  * declare correct version for Test::More dependency

  * typo fix in documentation

  * typo fix in a comment
   2014-05-30 01:38:20 by Thomas Klausner | Files touched by this commit (3049)
Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
   2013-07-03 11:02:50 by Jens Rehsack | Files touched by this commit (2)
Log message:
Updating package for CPAN distribution Lexical-SealRequireHints in
devel/p5-Lexical-SealRequireHints from 0.005nb2 to 0.007.

Upstream changes since 0.005:
version 0.007; 2012-02-11
  * be thread-safe, by mutex control on op check hooking
  * in pure Perl implementation, avoid putting extra eval stack frames
    around the require, to avoid unnecessary complication of exception
    handling; this can't be done on Perls 5.9.4 to 5.10.0, so don't
    allow use of the pure Perl implementation on those Perls
  * revise documentation to suggest loading this module earlier
  * document the relevant changes to the Perl core in more detail
  * on Perl versions where the pure Perl implementation can't work,
    dynamically declare requirement for XS infrastructure in Build.PL
  * refine threshold for ability to correctly override require from
    5.8.0 to 5.7.2
  * revise minimum required Perl version down from 5.6.1 to 5.6.0
  * test that modules see the correct context at file scope
  * test that module return values are handled correctly
  * test that the module doesn't generate warnings
  * in pure Perl implementation, fix handling of the variable that
    previously needed to be "our"
  * rearrange and better comment the treatment of lexical warnings in
    the Perl code

version 0.006; 2011-11-20
  * bugfix: avoid loading warnings.pm and leaving its delayed requires
    of Carp.pm susceptible to hint leakage, which was causing trouble
    on some Perls
  * skip swash test on Perl 5.6, where swash loading appears to be broken
    by loading Test::More or anything else useful
  * remove bogus tests that cause false failures on Perl 5.15.5
  * in Build.PL, declare incompatibility with pre-0.19
    B::Hooks::OP::Check, which doesn't play nicely around op check hooking
  * comment why a variable surprisingly needs to be "our"
  * convert .cvsignore to .gitignore
   2013-05-31 14:42:58 by Thomas Klausner | Files touched by this commit (2880)
Log message:
Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.