* The XS code had a code path where it could pass the contents of a Perl
variable as the first argument to the XS croak() subroutine. This subroutine
is like printf(), and should receive a format string as its first
argument. According to RT #74777, this can lead to segfaults on some systems.
This could in theory be a security bug, but it's very unlikely that
untrusted user input could end up being passed to this croak(). It is called
when a spec specifies a "depend" value on another parameter. The value of
the "depend" parameter was passed in the first argument to croak().
1.04 2012-02-08
* Use the latest Module::XSOrPP dzil plugin to generate a saner Build.PL. No
need update if you're using an earlier version.
* This release uses Module::Implementation to handle loading the XS or pure
Perl implementation of Params::Validate.
1.02 2012-02-06
* The previous release never loaded the XS implementation, even if it had been
compiled.
* With newer versions of Perl, the pure Perl implementation treated regexp
objects differently than the XS implementation. They should be treated as
belonging to the SCALARREF type for backwards compatibility.
* These two bugs combined managed to break the test suites of a number of
modules on CPAN. This release should fix them.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Params-Validate?expand=0&rev=29
- The XS version of the code always called Carp::confess, regardless of
whether you provided your own on_fail callback. Reported by Scott Bolte. RT
#66359.
- There were a couple spots that called eval without localizing $@ first. RT
#58087.
- The parameters for each key validation (can, isa, regex) are now checked,
and an error is thrown if any of the keys are not valid. Basically, we
validate the validation spec. Based on a patch by Andreas Faafeng. RT
#57831.
- This module now requires Perl 5.8.1.
- Switched to version 2.0 of the Artistic License.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Params-Validate?expand=0&rev=12
