Welcome to this week’s Perl 5 Porters summary. The list was back up to a more normal posting volume this week, so there’s plenty to talk about.
This week’s topics include:
- the “require” branch, maintperl, and security
- proposed/drafted new perl docs
- \V and \H skip too far and match incorrectly
- minimal copy of SVs, retain SVp_POK on copy
- Module::CoreList delta support
Big news on the 5.16.1 release front. Ricardo Signes (the current Perl project manager, aka pumpking) posted the following message:
Finally, 5.16.1 is unblocked. I can't tell you how relieved I am. In the course of investigating some unrelated and spurious reports, we discovered a surprising little bug. In short, C< require ::foo > acted like C< require "/foo.pm" > instead of searching only in @INC. The perl5 security team looked through this and a number of attached problems to try to determine whether this represented a vulnerability in perl, and we have determined that it does *not*. Still, we have already informed the security teams of downstream vendors of perl and given them time to object to proceeding with fixes for this as "business as usual." None objected. The smoke-me/require branch contains a fix for this bug, and will land on blead shortly assuming further testing finds no problems. It will then be backported to maint-5.16, which will be tested and released as usual. Once that's done, I'll move on to maint-5.14. A maint-5.12 is also likely after that. With that done, I hope to spend a little time lying atop a warm rock. Thanks for your patience during this unexpected and unexplained delay of maint-5.16. I think no one is more pleased than I to have things moving once again.
Back in June, Uri Guttman wrote an email explaining that he was proposing 4 new docs be included in Perl core:
- metadoc, a kind of “how to read Perl documentation document”,
- perlblurb which gives a short explanation about each of the Perl documents and document groups
- perladvantages, discussing some of Perl’s strengths relative to other languages
- perlresources, a skeleton outline of various perl resources.
This week Rik expressed surprise that the message generated no follow ups in nearly 7 weeks.
So how about it? What do you think about this idea? To be honest, I had forgotten about this email in all of the excitement leading up to YAPC::NA.
\V and \H skip too far and match incorrectly
Nicholas Clark reported he found a bug in perl that’s existed since 5.10 in the way the regex engine handles \V and \H. First, it provides an incorrect result, and second, it reads from unallocated memory.
[T]his patch finally allows us to distinguish cached string values from original string values in order to copy only that part of an SV that is actually helpful. As part of the same fix, it also allows the string vs. number nature of an SV to be determined, now that cached and original strings are correctly flagged and (when useful) copied. For example, in the past, if you use a $var in string operations at all, then store numbers in it and copy those numbers elsewhere e.g. into a huge array, _all_ those array elements will be SVt_PVNV even though they hold only NV values. This patch fixes that waste.
The rough consensus seems to be that this is a Good Idea, although there are some quibbles about the patch presentation.
Module::CoreList delta support
David Leadbeater posted a patch set which adds delta support to one of my favorite underknown Perl modules Module::CoreList in an attempt to make it smaller. There were calls to give this data a proper interface (rather than referencing bare hashes), and to invert the data using some work done at the Paris QA hackathon.