|
If you're new here please read PerlMonks FAQ
and Create a new user.
|
Quests
|
Monk Quips Quest
Starts at: May 01, 2023 at 08:00
Ends at: Dec 31, 2023 at 18:59
Current Status: Active
|
8 replies
|
by erzuuli
|
Esteemed Monk kcott has recently proposed an excellent idea.
heretoforthwithstanding, we invite all monks to submit ideas for new monk quips!
Your quip suggestion should include the following details:
- Intended quip location: either XP Nodelet, Chatterbox, or Monkbar (that's the page header).
- Text of quip.
- Optional: background & foreground colours. If you include these, be sure they are nicely contrasting.
.
|
poll ideas quest 2023
Starts at: Jan 01, 2023 at 00:00
Ends at: Dec 31, 2023 at 23:59
Current Status: Active
|
7 replies
|
by pollsters
|
|
|
|
|
Perl News
|
Happy advent!
on Dec 01, 2023 at 04:05
|
2 replies
|
by hippo
|
|
|
THREE new perl releases
on Nov 26, 2023 at 04:33
|
5 replies
|
by Tux
|
Today, three new perl versions have been released:
The main reason is two fixed CVE's:
- CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
- CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
CVE-2023-47038 is only relevant during the use of \p in regexes. This is only a problem if you accept regular expressions from untrusted sources.
update 2023-11-29: Now that the CVE's are getting public, I could add one link.
update 2023-12-02:
|
| CVE-2023-47038 |
Write past buffer end via illegal user-defined Unicode property
This vulnerability was reported directly to the Perl security team by
Nathan Mills the.true.nathan.mills@...il.com.
A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can
cause a one-byte attacker controlled buffer overflow in a heap allocated buffer.
|
|
| CVE-2023-47039 |
Perl for Windows binary hijacking vulnerability
This vulnerability was reported to the Intel Product Security Incident Response
Team (PSIRT) by GitHub user ycdxsb https://github.com/ycdxsb/WindowsPrivilegeEscalation.
PSIRT then reported it to the Perl security team.
Perl for Windows relies on the system path environment variable to find the
shell (cmd.exe). When running an executable which uses Windows Perl interpreter,
Perl attempts to find and execute cmd.exe within the operating system. However,
due to path search order issues, Perl initially looks for cmd.exe in the current
working directory.
An attacker with limited privileges can exploit this behavior by placing cmd.exe
in locations with weak permissions, such as C:\ProgramData. By doing so, when an
administrator attempts to use this executable from these compromised locations,
arbitrary code can be executed.
|
Enjoy, Have FUN! H.Merijn
|
|
|
Supplications
|
XS Modules - why and when?
3 direct replies — Read more / Contribute
|
by Bod
on Dec 04, 2023 at 19:22
|
|
|
I know little about XS modules but I was looking at RPi::DHT11 and noticed that it is an XS module which seemed a little strange. Hence the question here. I was going to email stevieb, the author and ask but thought it would be good to get other people's take on this.
My understanding of an XS module is that it uses XSLoader to load C / C++ / C# code. The Perl is just a wrapper around the loaded code with the Perl doing little processing. I believe the main reason to do this is for speed as compiled languages of the C family are faster than interpreted languages such as Perl. Is that about right so far?
Assuming that is something like correct...
Why would the RPi::DHT11 module use XS? The DHT11 is a temperature and humidity sensor with a maximum frequency of 0.5Hz (one read per 2 seconds). So speed is not the issue here!
What reason would there be for creating an XS module in this use case? Would it not be easier and simpler and just as fast given the speed of the sensor, to write all the code in Perl?
I'm hoping for more insights into the world of XS modules here...
|
How to create and install a module compatible with both UTF8 and Perl 5.8.3 without using non-core modules?
2 direct replies — Read more / Contribute
|
by Polyglot
on Dec 02, 2023 at 12:04
|
|
|
My attempt at launching my module belly-flopped. I've learned that even though Test::More is part of Perl core going back to v5.6.2, Test::More::UTF8 was never part of Perl's core. Furthermore, Test2, said to be unicode compatible, only made it to core in Perl 5.25.1.
My module does not need to use unicode. If the unicode comments and POD were stripped out of it, it would not even require "use utf8;" as there is no unicode in its actual code. But because it is for utf8 and the tests, to be meaningful, incorporate uft8 characters, the entire module fails to install on perl systems which do not already have the non-core module "Test::More::UTF8."
In order to make the installation as easy and fuss-free as possible, and more space-conserving, too, I don't want to require the installation of non-core modules. If there is not a better way to do this, my next version release will abandon all of those useful tests and put in one or more tests which require no unicode at all--just a "free pass" so to speak. This way, at least, the install would be able to complete.
So the question remains, is it even possible to create, and install, a module designed for Perl 5.8.3 compatibility, that provides UTF8 functions, and that does not require any non-core modules--and do this with reasonable UTF8-based tests?
UPDATE:
I think I've managed to find a hackish solution that should get me by for now. I've dumped once again (I should not have gone back to it after dropping it the first time) the "Test::More::UTF8" package earlier thought to be a "solution" for the lack of UTF8 compatibility of Test::More...it wasn't, and even when the package was manually installed (not part of core), it tended to generate some inexplicable 'wide character' warnings. So, I went with a pure-ASCII solution, no need even for "use utf8" in the testing script. Instead of testing on actual UTF8 characters, the script now tests on the hexadecimal codepoints returned from the module. If the correct codepoint is returned, the function can legitimately be considered to be installed and functioning. It would have been nice to test on real unicode, but oh well...the module will still work just fine, I'm sure.
|
Converting Unicode
3 direct replies — Read more / Contribute
|
by BernieC
on Dec 01, 2023 at 18:20
|
|
|
I can't get unicode to work. I have a file that , mixed in with regular text, there are the unicode characters for open quote, close quote and apostrophe. i've been trying to write a little program to replace them with non-unicode characters {" " and ,}. I've tried this test program
these are the constants from cryptfix
# use constant APOSTROPHE => "’" ;
# use constant OPENQUOTE => "“" ;
# use constant CLOSEQUOTE => "”" ;
# use constant COMMA => "¸" ;
# This is the version from a hex dump of the crypt text file
use constant APOSTROPHE => "\x{e2}\x{80}\x{22}" ;
use constant OPENQUOTE => "\x{e2}\x{80}\x{90}" ;
use constant CLOSEQUOTE => "\x{e2}\x{80}\x{9d}" ;
use constant COMMA => "¸" ;
unless (@ARGV)
{ die "usage: <crypts-text-file>\n" ; }
open(CRYPTS, "<", $ARGV[0]) or die "Can't open $ARGV[0]: $!" ;
while (my $line = <CRYPTS>)
{ say "apostrophe in line $." if $line =~ /@{[APOSTROPHE]}/;
say "open quote in line $." if $line =~ /@{[OPENQUOTE]}/;
say "close quote in line $." if $line =~ /@{[CLOSEQUOTE]}/;
}
and I feed it the text file with the unicode characters in it and it never finds any. I'm not sure what I'm getting wrong.
|
Strange error when using JSON module "XS.c: loadable library and perl binaries are mismatched"
2 direct replies — Read more / Contribute
|
by WithABeard
on Nov 30, 2023 at 02:42
|
|
|
I get this weird error when using the JSON or JSON::XS module:
$ perl -MJSON -e ''
XS.c: loadable library and perl binaries are mismatched (got first handshake key 0xeb80080, needed 0xf380080)
And the same error for perl -MJSON::XS -e ''
perl -v
This is perl 5, version 38, subversion 0 (v5.38.0) built for x86_64-li
+nux-thread-multi
...
What could cause this, and what can I do to fix it?
|
perl interpreter must be named my_perl?
1 direct reply — Read more / Contribute
|
by Anonymous Monk
on Nov 30, 2023 at 00:53
|
|
|
Hi Monks,
Today I've started to study perlembed, Here is the first code example in Perlembed:
#include <EXTERN.h> /* from the Perl distribution */
#include <perl.h> /* from the Perl distribution *
+/
static PerlInterpreter *my_perl; /*** The Perl interpreter ***
+/
int main(int argc, char **argv, char **env)
{
PERL_SYS_INIT3(&argc,&argv,&env);
my_perl = perl_alloc();
perl_construct(my_perl);
PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
perl_parse(my_perl, NULL, argc, argv, (char **)NULL);
perl_run(my_perl);
perl_destruct(my_perl);
perl_free(my_perl);
PERL_SYS_TERM();
exit(EXIT_SUCCESS);
}
Ican build it successfully, and it works as expected.(windows 10, strawberry perl 5.32)
But if I change interpreter variable name to his_perl, it doesn't work!
#include <EXTERN.h>
#include <perl.h>
static PerlInterpreter *his_perl ; /*** The Perl interpreter *
+**/
int main(int argc, char **argv, char **env)
{
PERL_SYS_INIT3(&argc,&argv,&env);
PERL_SYS_TERM(); his_perl = perl_alloc();
perl_construct(his_perl);
PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
perl_parse(his_perl, NULL, argc, argv, (char **)NULL);
perl_run(his_perl);
perl_destruct(his_perl);
perl_free(his_perl);
exit(EXIT_SUCCESS);
}
It can't be build, and complains identifier "my_perl" is undefined. I notice in perl.h aTHX hard code define to my_perl, I guess that is the reason why his_perl version can't be built. But why is this name(my_perl) so important, that it should write it into perl.h? Please enlighten me.
|
Compare two strings of same length, character-by-character
⭐
5 direct replies — Read more / Contribute
|
by Anonymous Monk
on Nov 28, 2023 at 16:51
|
|
|
Hi Monks,
I have two strings, of the same length, and I want to check how many of the characters are the same.
Example:
$str1='LFGSLSIIVAHHM';
$str2='LFGSLSIIVSHHM';
I don't want to do LCSS, because it will only give me LFGSLSIIV, although we also have HHM. What I have done is to split each string and then compare the characters in each position, increase a 'correct' counter by 1 if they are the same and then compare the number of correct characters to the length of the string (to see what % of the string was the exact match).
I was wondering if there would be any quicker solution to this, with a module or something that I might not be familiar with.
|
Starman "Server closed connection without sending any data back"
2 direct replies — Read more / Contribute
|
by nikosv
on Nov 28, 2023 at 05:17
|
|
|
I have setup a plack psgi application tha works with cgi files. When I start starman server from the shell of the user 'starman'
the service runs fine and responds to requests.
When I try to set it up as a systemd Unit (Centos) , the client gets an error of "Server closed connection without sending any data back"
without emitting any data.OS is Centos7.
Can't find anything in the log files,expect from dmseg which has error :
111362894.832068 starman master 24776: segfault at c1 ip 00007f29bd8d2057 sp
00007fff6ba44168 error 4 in XS.so7f29bd8cf000+15000
The service is set up as :
[Unit]
Description=StarmanService
[Service]
Type=simple
User=starman
Group=starman
ExecStart=/home/starman/perl5/bin/starman -E debug --ssl-key=/home/sta
+rman/starm
anpem+5-key.pem --ssl-cert=/home/starman/starmanpem+5.pem --listen :50
+00:ssl --w
orkers=1 /home/starman/app.psgi --access-log /home/starman/access.log
+--user=sta
rman --error-log /home/starman/error1.log
Restart=always
WorkingDirectory=/home/starman/cgi-bin
[Install]
WantedBy=multi-user.target
|
|
|
|
