Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Perl News

( [id://23771]=superdoc: print w/replies, xml ) Need Help??

For the latest news on what's happening in the Perl world, check out these sites:

If you have a Perl-related news item you'd like to share, you may post it in the Perl News section. Please try to avoid duplicating news; but pointers (with summaries) to important stories on other sites are acceptable here.

Perl News
Registration for The Perl and Raku Conference 2024 is open!
No replies — Read more | Post response
by talexb
on Mar 16, 2024 at 00:59

    The Perl and Raku Conference (formerly known as YAPC::NA) is going strong!

    This year, we are celebrating 25 years, our silver anniversary, in the Silver State, Nevada! The main conference will be in Las Vegas on June 25-27, but there will be hackathons and possibly classes on the day before and the day after the conference (June 24th and 28th), so please consider joining us for the whole week!

    The backbone of this conference has always been our tracks of "traditional" talks by community members and what we have come to call the "Hallway Track", the informal exchange of ideas and camaraderie that sparks new projects and fuels collaboration.

    This year, we are pleased also to host the presentation of Papers and Posters accepted by the Science Perl Journal!

    Go now to https://tprc.us/ to check out what is planned and to book a room (see link to Alexis Park Resort under "Location"). Rooms start at only $75 per night, so it’s worth booking early!

    The best way to register for the conference is here.

    Alex / talexb / Toronto

    Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

Houston Perl Mongers March Meeting #1
No replies — Read more | Post response
by oodler
on Mar 12, 2024 at 16:25
    Houston Perl Mongers presents:
    Title: Introducing Intellexer::API
    When: Thur March 14th at 6:00-8:00 PM CT (+6 UTC)
    Where: (virtual, see below):
    What: Josh Day (HAX) will discuss his new CPAN module Intellexer::API
    https://us02web.zoom.us/j/920069702
    Meeting ID: 920 069 702
    Password can be found by running this statement or reading the comment. perl -e 'print +(0b1000100).((3<<2)*10).(010)."\n"' # 681208
    
    We are starting a second meeting on the 4th Wednesdays of each month via our Discord server. Details shall be posted in a couple of weeks. We also have a Facebook page, just search for "Houston Perl Mongers". Open access.
CFP: Science Track Papers Needed at 2024 The Perl & Raku Conference
No replies — Read more | Post response
by oodler
on Feb 26, 2024 at 06:01
TPRC Call for Papers is open!
1 direct reply — Read more / Contribute
by talexb
on Feb 16, 2024 at 20:39

    The Call for Papers for The Perl and Raku Conference 2024 is now open!

    From the TPRF website, "TPRC 2024 is being held in Las Vegas, NV from June 24-28 2024." The organizing committe has a few surprises lined up -- there will be more information to come.

    Alex / talexb / Toronto

    Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

February 08, 2024 @ 6pm CT ~ Houston Perl Mongers Zoom Meeting
3 direct replies — Read more / Contribute
by oodler
on Jan 29, 2024 at 19:11
    February 08, 6pm CT ~ Houston Perl Mongers Zoom Meeting 🔗 Thu Jan 25 2024
    Title: Using Perl Prototypes

    When: Thur February 8th at 6:00-8:00 PM CT (+6 UTC)

    Where: (virtual, see below):

    https://us02web.zoom.us/j/920069702
    Meeting ID: 920 069 702
    Password can be found by running this statement.
    perl -e 'print +(0b1000100).((3<<2)*10).(010)."\n"' # 681208
    Original post:
    https://houstonperlmongers.org/posts/3a99ac5b-f9f9-4409-a38c-e9ef91d972c8
Serious vulnerability in Spreadsheet::ParseExcel (SOLVED)
1 direct reply — Read more / Contribute
by Cody Fendant
on Jan 03, 2024 at 14:51

    A serious vulnerability in Spreadsheet::ParseExcel has been announced.

    “This library is used by the Amavis virus scanner that runs on Barracuda ESG appliances. An attacker can trigger the vulnerability to execute arbitrary code on vulnerable ESG appliances through parameter injection.”

    No mention of specific version numbers or of response from the Perl community in any way. What would we expect to happen in a situation like this?

Happy advent!
3 direct replies — Read more / Contribute
by hippo
on Dec 01, 2023 at 04:05
THREE new perl releases
5 direct replies — Read more / Contribute
by Tux
on Nov 26, 2023 at 04:33

    Today, three new perl versions have been released:

    The main reason is two fixed CVE's:

    • CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
    • CVE-2023-47039 - Perl for Windows binary hijacking vulnerability

    CVE-2023-47038 is only relevant during the use of \p in regexes. This is only a problem if you accept regular expressions from untrusted sources.

    update 2023-11-29: Now that the CVE's are getting public, I could add one link.

    update 2023-12-02:


    CVE-2023-47038

    Write past buffer end via illegal user-defined Unicode property

    This vulnerability was reported directly to the Perl security team by Nathan Mills the.true.nathan.mills@...il.com.

    A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer.


    CVE-2023-47039

    Perl for Windows binary hijacking vulnerability

    This vulnerability was reported to the Intel Product Security Incident Response Team (PSIRT) by GitHub user ycdxsb https://github.com/ycdxsb/WindowsPrivilegeEscalation. PSIRT then reported it to the Perl security team.

    Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory.

    An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.


    Enjoy, Have FUN! H.Merijn
Recordings of the German Perl Workshop 2023 (gpw2023) are online
No replies — Read more | Post response
by Corion
on Oct 20, 2023 at 15:23

    After a long time of work, the videos are finally available on Youtube. 20 presentations with a total of 14 hours of airtime review the three days of the workshop and you can watch the things you missed on site.

    We would especially like to thank Lee Johnson, who made the recordings, and the presenters, of course, without whom the workshop would not have taken place. The support from our sponsors helps us make the workshop take place.

    OTOBO
    united-domains
    Perl-Services.de Renée Bäcker
    Geizhals Preisvergleich
    PayProp

    The recordings of the German Perl Workshop 2023 are organised in the order of the day in a playlist available at gpw2023.

    We are planning the German Perl Workshop 2024 again and are already in the final negotiations. As soon as we have a place and date fixed, we will update this post and also make a separate announcement.

A Roguelike in Perl Tutorials by Chris Prather
1 direct reply — Read more / Contribute
by ait
on Aug 08, 2023 at 05:19
berrybrew version 1.40 released
1 direct reply — Read more / Contribute
by stevieb
on Aug 02, 2023 at 13:38

    I have released version 1.40 of berrybrew. It comes with some extensive changes over this, and the previous 1.39 version. (See the changes list).

    User facing changes include:

    • Ability to install and use the new 5.36 and 5.38 releases of Strawberry Perl
    • berrybrew archives hidden command. It displays the list of portable Strawberry Perl zip files previously downloaded
    • berrybrew download hidden command. Download, but do not extract the zip archive of a perl version
    • berrybrew snapshot command. Export an installed perl version to a zip archive, and import a previous zip snapshot to a new installed instance

    berrybrew snapshot usage:

    • bb snapshot export <perl version> [snapshot name]
    • bb snapshot import <snapshot name> [new instance name]

    As far as changes on the developer side, the changes are significant. Here's a high-level list:

    • Broke out like functionality in the main berrybrew.cs source file, and spread it across several new classes, each in their own source file
    • Removed the deprecated berrybrew upgrade command. Upgrades shall be done via the installer
    • Created a very extensive MANIFEST checking system for the installer. This ensures that all files that need to be installed are, those same files are removed upon uninstall, and no rogue files when building the installer are accidentally leaked in
    • Added a significant amount of documentation for the development, build, test and release lifecycle of the project. If I get hit by a bus, I've created a fantastic roadmap for someone to carry on the project quite readily (bb dev docs)
    • A few minor bug fixes, and one major one

    -stevieb

Another interview with our illustrious founder (aka Slashdot is 25)
No replies — Read more | Post response
by jdporter
on Jul 31, 2023 at 10:49
berrybrew can now use 5.36 and 5.38
2 direct replies — Read more / Contribute
by stevieb
on Jul 20, 2023 at 17:43

    Update: The most recent release of berrybrew now includes the 5.36 and 5.38 version information, so no change of options are required to use them. As always, you can if you like review the Changes log to see what else has changed.

    I forked the Strawberry Perl repo and updated the releases.json file, which berrybrew uses to know what perls are available.

    One small gotcha... normally it gets this file from Strawberry Perl website, but nobody currently has access to manage it. I've created a PR to get the releases.json updated, but until the PR is merged, we can use my forked version (I will update this thread with what will become the official URL after the PR is merged. After the Strawberry site is back to being actively maintained, the temporary link can be removed, but will going forward remain valid).

    To use the new perls, we have to update a berrybrew option that specifies where we get our version information:

    berrybrew options download_url https://raw.githubusercontent.com/stevi +eb9/strawberryperl.com/gh-pages/releases.json

    Then fetch the new versions:

    berrybrew fetch

    Now they're available:

    berrybrew available

    Here's the entire operation:

    > berrybrew options download_url https://raw.githubusercontent.com/ste +vieb9/strawberryperl.com/gh-pages/releases.json download_url: https://raw.githubusercontent.com/stevieb9/st +rawberryperl.com/gh-pages/releases.json > berrybrew fetch Attempting to fetch the updated Perls list... Successfully updated the available Perls list... > berrybrew available The following Strawberry Perls are available: 5.38.0_64 5.38.0_64_PDL 5.36.1_64 5.36.1_64_PDL 5.32.1_64 5.32.1_64_PDL 5.32.1_32 … > berrybrew install 5.38.0 Downloading https://github.com/StrawberryPerl/Perl-Dist-Strawberry/rel +eases/download/SP_5380_5361/strawberry-perl-5.38.0.1-64bit-portable.z +ip to C:\berrybrew\temp\strawberry-perl-5.38.0.1-64bit-portable.zip Confirming checksum ... Checksum OK Extracting C:\berrybrew\temp\strawberry-perl-5.38.0.1-64bit-portable.z +ip The following Strawberry Perls are available: 5.38.0_64 [installed] … berrybrew switch 5.38.0 Switched to Perl version 5.38.0_64... > exit > perl -v (new CLI window) This is perl 5, version 38, subversion 0 (v5.38.0) built for MSWin32-x +64-multi-thread
TPRC 2023 - Videos on YouTube
No replies — Read more | Post response
by marto
on Jul 12, 2023 at 10:02

    Videos for The Perl & Raku Conference 2023 in Toronto have begun to appear on YouTube.

perl v5.38.0 is now available
3 direct replies — Read more / Contribute
by Corion
on Jul 03, 2023 at 03:16

    rjbs has released 5.38:

    Take my advice and live for a long, long time. Because the maddest thing a man can do in this life is to let himself die.

    — Miguel de Cervantes, Don Quixote

    We are happy to announce version 38.0, the first stable release of version 38 of Perl 5. In other words: v5.38.0 has been released, and this is good!

    You will soon be able to download Perl 5.38.0 from the CPAN at:

    https://metacpan.org/release/RJBS/perl-5.38.0/

    SHA256 digests for this release are:

    5c4dea06509959fedcccaada8d129518487399b7 perl-5.38.0.tar.gz 2e7b1c56c1f795e8173c83a52e91218ba05ee72c perl-5.38.0.tar.xz

    The full announcement is at https://www.nntp.perl.org/group/perl.perl5.porters/2023/07/msg266602.html.


Add a piece of Perl News
Title:
Text:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2024-03-19 08:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found