Skip Menu |
 

This queue is for tickets about the Module-Load-Conditional CPAN distribution.

Report information
The Basics
Id: 88567
Status: resolved
Priority: 0/
Queue: Module-Load-Conditional

People
Owner: Nobody in particular
Requestors: jos [...] dwim.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



CC: Jos Boumans <kane [...] cpan.org>, 717213 [...] bugs.debian.org, 722210 [...] bugs.debian.org
Subject: Re: Module::Load::Conditional and taint mode
Date: Mon, 9 Sep 2013 23:34:29 -0700
To: Daniel Kahn Gillmor <dkg [...] fifthhorseman.net>, bug-module-load-conditional [...] rt.cpan.org
From: Jos Boumans <jos [...] dwim.org>
Download (untitled) / with headers
text/plain 2.5k
adding to the bug tracker. On 9 Sep 2013, at 23:26, Daniel Kahn Gillmor wrote: Show quoted text
> It looks like some change introduced between 0.44 and 0.50 cause > Module::Load::Conditional::can_load to choke under taint mode. > > I note that both http://bugs.debian.org/722210 and > http://bugs.debian.org/717213 are related to Module::Load::Conditional > failures under taint mode. I suspect they're the same bug. > > The versions of Module::Load::Conditional associated here are: > > wheezy perl-modules 0.44 > wheezy libmodule-load-conditional-perl 0.50 > sid perl-modules 0.54 > sid libmodule-load-conditional-perl 0.52 > upstream 0.58 > > > here's a carp trace on a system with 0.58 installed: > > 0 dkg@alice:/tmp/cdtemp.YOjk3A$ perl -MCarp::Always -wTMModule::Load::Conditional -e 'Module::Load::Conditional::can_load(modules => { 'Test' => undef });' > Insecure dependency in eval while running with -T switch at /usr/share/perl/5.18/Module/Metadata.pm line 631, <GEN0> line 23. > Module::Metadata::_evaluate_version_line('Module::Metadata=HASH(0x1063878)', '$', 'VERSION', '$VERSION = \'1.26\';') called at /usr/share/perl/5.18/Module/Metadata.pm line 580 > Module::Metadata::_parse_fh('Module::Metadata=HASH(0x1063878)', 'FileHandle=GLOB(0x10d3568)') called at /usr/share/perl/5.18/Module/Metadata.pm line 358 > Module::Metadata::_init('Module::Metadata', undef, '/usr/share/perl/5.18/Test.pm', 'handle', 'FileHandle=GLOB(0x10d3568)') called at /usr/share/perl/5.18/Module/Metadata.pm line 79 > Module::Metadata::new_from_handle('Module::Metadata', 'FileHandle=GLOB(0x10d3568)', '/usr/share/perl/5.18/Test.pm') called at /usr/share/perl5/Module/Load/Conditional.pm line 259 > Module::Load::Conditional::check_install('module', 'Test', 'version', undef) called at /usr/share/perl5/Module/Load/Conditional.pm line 417 > Module::Load::Conditional::can_load('modules', 'HASH(0xd22cb8)') called at -e line 1 > 25 dkg@alice:/tmp/cdtemp.YOjk3A$ > > I note that the upstream changelog only mentions taint mode once, from > years ago: > > Changes for 0.24 Wed Jan 2 16:53:19 CET 2008 > ================================================= > * Readdress #29348 to make sure version comparisons > handle alpha versions (XX_YY type) gracefully. > * Address #31680 to make sure $FIND_VERSION works > nicely with taint mode enabled. > > > Jos, do you have any idea what is going on here, or if it's possible to > run Module::Load::Conditional while under taint mode? > > Regards, > > --dkg
CC: bug-module-load-conditional [...] rt.cpan.org, Jos Boumans <kane [...] cpan.org>, 717213 [...] bugs.debian.org, 722210 [...] bugs.debian.org
Subject: Re: [rt.cpan.org #88567] Module::Load::Conditional and taint mode
Date: Tue, 10 Sep 2013 02:54:48 -0400
To: Jos Boumans <jos [...] dwim.org>
From: Daniel Kahn Gillmor <dkg [...] fifthhorseman.net>
Download (untitled) / with headers
text/plain 1.6k
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09/10/2013 02:34 AM, Jos Boumans wrote: Show quoted text
> On 9 Sep 2013, at 23:26, Daniel Kahn Gillmor wrote: >
>> It looks like some change introduced between 0.44 and 0.50 cause >> Module::Load::Conditional::can_load to choke under taint mode.
woops, sorry, i think i specified the version number wrong. The problem appears to have been introduced in 0.52. I am unable to reproduce it with 0.50. the upstream changelog for 0.52 is: Changes for 0.52 Sun Jul 29 10:06:44 BST 2012 ================================================= * Various enhancements, including now uses Module::Metadata (vpit) --dkg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSLsI1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcO4wQAOfI5Kt4evHY0GmkH7+IIrM9 b/OscQcOi9jEt4s3DZmqyVOq95hE/ELbZ2D0RdiBgKl70J3rE2h5WvpxXLN8dgia MdeFFUJQLW/QCyOYyZohfk6idPmgVVtYl+uiJFYLjelZpCPpXB1mFIpn2Y0PUWcN NyGINwhd6ScsFy3g7aG0BePqK9HiawEcMkM3NgDZVeG0rJTNMpeyPqfScK6wUzA1 6BChWwcr6PCPcXvjDOn300Nxi3AyTJh8Nvtm4v2WCLNoXwQBUOIJVoRM/Nn5s53C /25EWRkhkcXDT+i+bi7gaTIZ9iYAxtNAb0/PEw54uOY37fG2x46Ofn0M8KMjrD9x gIplt9ksnscu6jgl3sf/J4wr+5jagLTXDJMbh9ptc+AStDw6LjPrehAkY8T9y1g4 0r4ralT+PKRncqda9Ka89HM9ntblNFSpyEsDGerr4OxhSupCqzKlcZFO0Kes+ZWr LE1eBBTae+MyrhUxu86cS/FK0dbd4GGFjhkkPTRHxwTJxVwFZTq/xDn784WXE6th YStv3qbQ1D9WNoKBAu9z2dzd4aLiaZBpSkud5spc9UgFENO+wjTnOkRmRtYvIEvI b79Mj47RTN/rny3QmzUB4t3VyiBJ3YUvPbblPEMvUEYtbrsYJjA0ShmV8M3K1PPH NRIjMm1QP+/kIPsdT0Go =o9+C -----END PGP SIGNATURE-----
RT-Send-CC: 722210 [...] bugs.debian.org, dkg [...] fifthhorseman.net, 717213 [...] bugs.debian.org, kane [...] cpan.org
Download (untitled) / with headers
text/plain 454b
The problem is with Module::Metadata. $ perl -MModule::Metadata -E 'say Module::Metadata->new_from_module( "Test" )->filename' /opt/perl-5.18.1/lib/5.18.1/Test.pm $ perl -TMModule::Metadata -E 'say Module::Metadata->new_from_module( "Test" )->filename' Insecure dependency in eval while running with -T switch at /opt/perl-5.18.1/lib/site_perl/5.18.1/Module/Metadata.pm line 667, <GEN0> line 23. I will raise a ticket with Module-Metadata maintainers.
Subject: Bug#717213: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Tue, 10 Sep 2013 10:57:10 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Download (untitled) / with headers
text/plain 799b
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 717213@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 717213: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717213 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
Subject: Bug#722210: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Tue, 10 Sep 2013 10:57:13 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Download (untitled) / with headers
text/plain 763b
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Niko Tyni <ntyni@debian.org> If you wish to submit further information on this problem, please send it to 722210@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 722210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722210 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
RT-Send-CC: 722210 [...] bugs.debian.org, dkg [...] fifthhorseman.net, 717213 [...] bugs.debian.org, kane [...] cpan.org
Download (untitled) / with headers
text/plain 187b
A release of Module::Metadata that resolves the issue has been made available on CPAN, thanks to Karen Etheridge. http://metacpan.org/release/ETHER/Module-Metadata-1.000018 Many thanks.
Subject: Bug#717213: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Wed, 11 Sep 2013 20:09:04 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Download (untitled) / with headers
text/plain 799b
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 717213@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 717213: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717213 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
Subject: Bug#722210: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Wed, 11 Sep 2013 20:09:07 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Download (untitled) / with headers
text/plain 763b
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Niko Tyni <ntyni@debian.org> If you wish to submit further information on this problem, please send it to 722210@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 722210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722210 Debian Bug Tracking System Contact owner@bugs.debian.org with problems


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.