Following is the p5p (Perl 5 Porters) mailing list summary for the past week and a half.
We had a great four days at meta::hack a couple of weeks ago. I've tried to briefly summarize what we accomplished.
Net::ACME offers a number of attractive features:
- It’s based closely on cPanel’s widely used Let’s Encrypt plugin.
- Memory usage is light: no Moose/Moo/etc.
- It can run in pure Perl, as long as you have an OpenSSL binary. (Otherwise, it needs Crypt::OpenSSL::RSA.)
- Thorough error checking—even Perl calling context!
- Errors are represented as typed, queryable exceptions. (The framework includes its own exception class hierarchy.)
- It’s “global clean”: no careless overwriting of variables like $@, $!, $?, etc.
The object hierarchy also closely mirrors ACME’s own object hierarchy: separate classes exist to represent ACME registrations, authorizations, challenges, and certificates.
The distribution includes example scripts that demonstrate usage of the module and should also give a good feel for the protocol itself.
I hope it’s useful!
Perl was created for systems administration, and Perl 6 has all the chops you've come to expect from the brand. Here I needed to use MD5 checksums from my collaborator to verify that I downloaded all their data without errors. Each data "$file" has an accompanying "$file.md5" that looks like this:
$ cat HOT232_1_0770m/prodigal.gff.md5 a36e4adfaa62cc4adb8cea44c4f7825f HOT232_1_0770m/prodigal.gff
So I need to read the contents of this file, get just the first field, then execute my local "md5" (or "md5sum") program on the file without the ".md5" extension and determine if they are the same. All standard stuff, and I think Perl 6 gives us elegant ways to accomplish all of these, including a dead-simple testing framework. Here's my solution:
A vulnerability was discovered that can lead to a use after free when using prepared statements. This vulnerability is present in all releases at least back to versions 3.0 of the driver, which were released in 2005.
The CVE identifier for this vulnerability is CVE-2016-1251.
Version 4.041, including the fix for this vulnerability, is available on CPAN at https://metacpan.org/pod/DBD::mysql
Users of DBD::mysql with prepared statements are advised to patch their installations as soon as possible.
Many thanks to Pali Rohár for discovering and fixing the vulnerability.
The DBD::mysql maintainers, Patrick Galbraith Michiel Beijen
The last two weeks, I didn't do much programming with OpenGL and GLSL. I used the weekend to catch up with some of the bug reports on Github and made the application more robust against missing input data or broken shaders. The net result is that it now can also cycle through a set of shaders:
Have Hash Get Routes
One of my long standing mental code blocks has been trying to get me little brain to understand what a 'Route' is. This really came to a head when I first started to use Mojolicous in a big way.
You see in the old days it was easy, you just had an URL that pointed to something and you could either get or a post to it. It was of course used and abused in all sorts of ways, I still have a browser bookmark that looks like this
http://www.roman-artifacts.com/Armor Fragments Attachments/Lorica Hamata Armor Fragment/lorica hamata fragment.htm?counter=0111&pox=110103....
So the Web, in all its wisdom, came up with many ways to try to set some sort of standard for data transfer and that eventually morphed into what we all now call Web Services. Which to some looks more like this;
blogs.perl.org is a common blogging platform for the Perl community. Written in Perl and offering the modern features you’ve come to expect in blog platforms, the site is hosted by Dave Cross and Aaron Crane, with a design donated by Six Apart, Ltd.