Skip Menu |
 

This queue is for tickets about the Perl-Dist-Strawberry CPAN distribution.

Report information
The Basics
Id: 95482
Status: open
Priority: 0/
Queue: Perl-Dist-Strawberry

People
Owner: Nobody in particular
Requestors: ether [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Uses File::Slurp, known to be buggy and vulnerable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Message-ID: <rt-4.0.18-24753-1399588094-776.0-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 145
Download (untitled) / with headers
text/plain 145b
e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be dismayed Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-24753-1399588094-776.0-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-24753-1399588094-776.0-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-14220-1399915859-980.95482-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 241
Download (untitled) / with headers
text/plain 241b
On 2014-05-08 15:28:14, ETHER wrote: Show quoted text
> e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be > dismayed > > Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
oops s/Path::Slurp::Tiny/File::Slurp::Tiny/ sorry
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-14220-1399915859-980.95482-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-24753-1399588094-776.0-0-0 [...] rt.cpan.org> <rt-4.0.18-14220-1399915859-980.95482-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-9273-1400162007-1746.95482-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 565
Download (untitled) / with headers
text/plain 565b
On Mon May 12 13:30:59 2014, ETHER wrote: Show quoted text
> On 2014-05-08 15:28:14, ETHER wrote:
> > e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be > > dismayed > > > > Path::Slurp::Tiny and Path::Tiny are both excellent alternatives.
> > > oops s/Path::Slurp::Tiny/File::Slurp::Tiny/ sorry
And since the current version of Perl::Dist::Strawberry is not using any encoding settings in perl code other than :raw, (I just checked with a grep) #83126 is of no consequence to us. If there are any other bugs that ARE, make a case as to why we're hitting them.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-9273-1400162007-1746.95482-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-24753-1399588094-776.0-0-0 [...] rt.cpan.org> <rt-4.0.18-14220-1399915859-980.95482-0-0 [...] rt.cpan.org> <rt-4.0.18-9273-1400162007-1746.95482-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-1618-1400176825-812.95482-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 594
Download (untitled) / with headers
text/plain 594b
On Thu May 15 09:53:27 2014, CSJEWELL wrote: Show quoted text
> And since the current version of Perl::Dist::Strawberry is not using > any encoding settings in perl code other than :raw, (I just checked > with a grep) #83126 is of no consequence to us. If there are any other > bugs that ARE, make a case as to why we're hitting them.
This is also a cleanup/modernisation pass. File::Slurp is old code with scary corners because of its ancient origins and subsequent adoption. While I'm grateful to Uri for continuing to maintain it at all, it's time to let it die the quiet death of old age that it's earned.
MIME-Version: 1.0
X-Spam-Status: No, score=-2.01 tagged_above=-99.9 required=10 tests=[AWL=-0.810, BAYES_50=0.8, FROM_OUR_RT=-2, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
In-Reply-To: <rt-4.0.18-1618-1400176825-613.95482-5-0 [...] rt.cpan.org>
X-Spam-Flag: NO
X-RT-Interface: API
References: <RT-Ticket-95482 [...] rt.cpan.org> <rt-4.0.18-24753-1399588094-776.95482-5-0 [...] rt.cpan.org> <rt-4.0.18-14220-1399915859-980.95482-5-0 [...] rt.cpan.org> <rt-4.0.18-9273-1400162007-1746.95482-5-0 [...] rt.cpan.org> <rt-4.0.18-1618-1400176825-613.95482-5-0 [...] rt.cpan.org>
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <53752658.2050104 [...] volny.cz>
content-type: text/plain; charset="utf-8"; format="flowed"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -2.01
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id C191C2407F9 for <cpan-bug+perl-dist-strawberry [...] hipster.bestpractical.com>; Thu, 15 May 2014 16:42:43 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bq+PB5WkzNIj for <cpan-bug+perl-dist-strawberry [...] hipster.bestpractical.com>; Thu, 15 May 2014 16:42:42 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 465D42407F4 for <bug-perl-dist-strawberry [...] rt.cpan.org>; Thu, 15 May 2014 16:42:41 -0400 (EDT)
Received: (qmail 10902 invoked by alias); 15 May 2014 20:42:40 -0000
Received: from fep22.mx.upcmail.net (HELO fep22.mx.upcmail.net) (62.179.121.42) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Thu, 15 May 2014 13:42:36 -0700
Received: from edge03.upcmail.net ([192.168.13.238]) by viefep22-int.chello.at (InterMail vM.8.01.05.05 201-2260-151-110-20120111) with ESMTP id <20140515204231.RNJP19492.viefep22-int.chello.at [...] edge03.upcmail.net> for <bug-perl-dist-strawberry [...] rt.cpan.org>; Thu, 15 May 2014 22:42:31 +0200
Received: from [192.168.9.101] ([89.176.203.112]) by edge03.upcmail.net with edge id 2LiT1o02b2S15sR03LiVJP; Thu, 15 May 2014 22:42:31 +0200
Delivered-To: cpan-bug+perl-dist-strawberry [...] hipster.bestpractical.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
Subject: Re: [rt.cpan.org #95482] Uses File::Slurp, known to be buggy and vulnerable
Return-Path: <kmx [...] volny.cz>
X-Spam-Check-BY: la.mx.develooper.com
X-Original-To: cpan-bug+perl-dist-strawberry [...] hipster.bestpractical.com
X-RT-Mail-Extension: perl-dist-strawberry
Date: Thu, 15 May 2014 22:40:56 +0200
X-Sourceip: 89.176.203.112
X-Spam-Level:
To: bug-Perl-Dist-Strawberry [...] rt.cpan.org
Content-Transfer-Encoding: 7bit
From: kmx <kmx [...] volny.cz>
RT-Message-ID: <rt-4.0.18-8643-1400186564-1061.95482-0-0 [...] rt.cpan.org>
Content-Length: 245
Download (untitled) / with headers
text/plain 245b
The fact is that we hadn't any trouble or negative experience with read_file, write_file, append_file from File::Slurp On the other hand it is good to know about alternatives but at least in short term we will stay with File::Slurp -- kmx
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-8643-1400186564-1061.95482-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <RT-Ticket-95482 [...] rt.cpan.org> <rt-4.0.18-24753-1399588094-776.95482-5-0 [...] rt.cpan.org> <rt-4.0.18-14220-1399915859-980.95482-5-0 [...] rt.cpan.org> <rt-4.0.18-9273-1400162007-1746.95482-5-0 [...] rt.cpan.org> <rt-4.0.18-1618-1400176825-613.95482-5-0 [...] rt.cpan.org> <53752658.2050104 [...] volny.cz> <rt-4.0.18-8643-1400186564-1061.95482-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-23668-1400258592-1422.95482-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 337
Download (untitled) / with headers
text/plain 337b
On Thu May 15 16:42:44 2014, kmx@volny.cz wrote: Show quoted text
> The fact is that we hadn't any trouble or negative experience with > read_file, write_file, append_file from File::Slurp
Yet. Show quoted text
> On the other hand it is good to know about alternatives but at least in > short term we will stay with File::Slurp
Would you be willing to trial a patch?


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.