Security Advisories (4)
CVE-2026-4176 (2026-03-29)

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

CVE-2026-13221 (2026-07-13)

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored in a 16-bit field. A branch count above 65535 overflows the field, and the trie's match decision table is truncated with no warning or error. A pattern of this shape produces false positive matches (matching strings it should not) and false negative matches (failing to match strings it should). When such a pattern gates an access or filtering decision, the result is wrong.

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

CVE-2026-57432 (2026-07-13)

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.

NAME

Test2::Tools::Tiny - Tiny set of tools for unfortunate souls who cannot use Test2::Suite.

DESCRIPTION

You should really look at Test2::Suite. This package is some very basic essential tools implemented using Test2. This exists only so that Test2 and other tools required by Test2::Suite can be tested. This is the package Test2 uses to test itself.

USE Test2::Suite INSTEAD

Use Test2::Suite if at all possible.

EXPORTS

ok($bool, $name)
ok($bool, $name, @diag)

Run a simple assertion.

is($got, $want, $name)
is($got, $want, $name, @diag)

Assert that 2 strings are the same.

isnt($got, $do_not_want, $name)
isnt($got, $do_not_want, $name, @diag)

Assert that 2 strings are not the same.

like($got, $regex, $name)
like($got, $regex, $name, @diag)

Check that the input string matches the regex.

unlike($got, $regex, $name)
unlike($got, $regex, $name, @diag)

Check that the input string does not match the regex.

is_deeply($got, $want, $name)
is_deeply($got, $want, $name, @diag)

Check 2 data structures. Please note that this is a DUMB implementation that compares the output of Data::Dumper against both structures.

diag($msg)

Issue a diagnostics message to STDERR.

note($msg)

Issue a diagnostics message to STDOUT.

skip_all($reason)

Skip all tests.

todo $reason => sub { ... }

Run a block in TODO mode.

plan($count)

Set the plan.

done_testing()

Set the plan to the current test count.

$warnings = warnings { ... }

Capture an arrayref of warnings from the block.

$exception = exception { ... }

Capture an exception.

tests $name => sub { ... }

Run a subtest.

$output = capture { ... }

Capture STDOUT and STDERR output.

Result looks like this:

{
    STDOUT => "...",
    STDERR => "...",
}

SOURCE

The source code repository for Test2 can be found at https://github.com/Test-More/test-more/.

MAINTAINERS

Chad Granum <exodist@cpan.org>

AUTHORS

Chad Granum <exodist@cpan.org>

COPYRIGHT

Copyright Chad Granum <exodist@cpan.org>.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See https://dev.perl.org/licenses/