Welcome to this week’s Perl 5 Porters summary. The list was back up to a more normal posting volume this week, so there’s plenty to talk about.
This week’s topics include:
- the “require” branch, maintperl, and security
- proposed/drafted new perl docs
- \V and \H skip too far and match incorrectly
- minimal copy of SVs, retain SVp_POK on copy
- Module::CoreList delta support
the “require” branch, maintperl, and security
Big news on the 5.16.1 release front. Ricardo Signes (the current Perl project manager, aka pumpking) posted the following message:
Finally, 5.16.1 is unblocked. I can't tell you how relieved I am.
In the course of investigating some unrelated and spurious reports, we
discovered a surprising little bug. In short, C< require ::foo > acted like
C< require "/foo.pm" > instead of searching only in @INC.
The perl5 security team looked through this and a number of attached problems
to try to determine whether this represented a vulnerability in perl, and we
have determined that it does *not*. Still, we have already informed the
security teams of downstream vendors of perl and given them time to object to
proceeding with fixes for this as "business as usual." None objected.
The smoke-me/require branch contains a fix for this bug, and will land on blead
shortly assuming further testing finds no problems. It will then be backported
to maint-5.16, which will be tested and released as usual. Once that's done,
I'll move on to maint-5.14. A maint-5.12 is also likely after that. With that
done, I hope to spend a little time lying atop a warm rock.
Thanks for your patience during this unexpected and unexplained delay of
maint-5.16. I think no one is more pleased than I to have things moving once
again.proposed/drafted new perl docs
Back in June, Uri Guttman wrote an email explaining that he was proposing 4 new docs be included in Perl core:
- metadoc, a kind of “how to read Perl documentation document”,
- perlblurb which gives a short explanation about each of the Perl documents and document groups
- perladvantages, discussing some of Perl’s strengths relative to other languages
- perlresources, a skeleton outline of various perl resources.
This week Rik expressed surprise that the message generated no follow ups in nearly 7 weeks.
So how about it? What do you think about this idea? To be honest, I had forgotten about this email in all of the excitement leading up to YAPC::NA.
Git repo of these docs (in POD)
Uri’s original message
Rik’s reply
\V and \H skip too far and match incorrectly
Nicholas Clark reported he found a bug in perl that’s existed since 5.10 in the way the regex engine handles \V and \H. First, it provides an incorrect result, and second, it reads from unallocated memory.
minimal copy of SVs, retain SVp_POK on copy
Chip Salzenberg posted an interesting patch this week that builds on top of his “magic flags fixup” patch.
He explains:
[T]his patch finally allows us to distinguish cached string values from
original string values in order to copy only that part of an SV that is
actually helpful. As part of the same fix, it also allows the string vs.
number nature of an SV to be determined, now that cached and original
strings are correctly flagged and (when useful) copied.
For example, in the past, if you use a $var in string operations at all,
then store numbers in it and copy those numbers elsewhere e.g. into a huge
array, _all_ those array elements will be SVt_PVNV even though they hold
only NV values. This patch fixes that waste.
The rough consensus seems to be that this is a Good Idea, although there are some quibbles about the patch presentation.
Module::CoreList delta support
David Leadbeater posted a patch set which adds delta support to one of my favorite underknown Perl modules Module::CoreList in an attempt to make it smaller. There were calls to give this data a proper interface (rather than referencing bare hashes), and to invert the data using some work done at the Paris QA hackathon.