Skip Menu |

This queue is for tickets about the Petal CPAN distribution.

Report information
The Basics
Id: 57787
Status: resolved
Priority: 0/
Queue: Petal
People
Owner: Nobody in particular
Requestors: ntyni [...] iki.fi
Cc: ANSGAR [...] cpan.org
dam [...] cpan.org
jquelin [...] cpan.org
AdminCc:
Bug Information
Severity: Important
Broken in: 2.19
Fixed in: (no value)

History Show all quoted text
  Sun May 23 15:36:47 2010 ntyni [...] iki.fi - Ticket created
Subject: Safe-2.27 breaks Petal
Recent CPAN tester failures, for example this: http://www.cpantesters.org/cpan/report/07267724-b19f-3f77-b713-d32bba55d77f are caused by Safe.pm 2.27, which now wraps code refs returned from reval(). The symptoms are % perl -I ../Safe-2.27/blib/blib -I ../Safe-2.27/blib/arch t/008_Quoted_Params.t (in cleanup) Can't locate object method "process" via package "Petal::Hash::Var" (perhaps you forgot to load "Petal::Hash::Var"?) at lib/Petal/Hash.pm line 188. not ok 1 - ran # Failed test 'ran' # at t/008_Quoted_Params.t line 24. # [PETAL ERROR] Can't locate object method "process" via package "Petal::Hash::Var" (perhaps you forgot to load "Petal::Hash::Var"?) at lib/Petal/Hash.pm line 188. # . Debug info written in /tmp/petal_debug.19258.1274642976.ofugvhtngi at lib/Petal.pm line 484. 1..1 # Looks like you failed 1 test of 1. As Safe-2.27 is bundled with Perl 5.12.1, this will bite quite many people. Thanks for your work on Petal, -- Niko Tyni (Debian Perl group) ntyni@debian.org
  Wed Jul 21 07:05:54 2010 ANSGAR [...] cpan.org - Cc ANSGAR added
  Fri Jan 28 07:34:42 2011 jquelin [...] cpan.org - Cc JQUELIN added
  Fri Aug 05 11:27:25 2011 mathias.reitinger [...] loop0.org - Correspondence added
From: mathias.reitinger [...] loop0.org
we have been using a modified[1] Petal version that works with perl 5.12 with CiderWebmail (http://ciderwebmail.org) for quite some time now. i have been trying to reach the current maintainer (Bruno Postle) via e-mail but the address listed in the README currently bounces. if I am not able to reach the maintainer in the next few weeks I will attempt to adopt this module so we can get a working version uploaded to CPAN. please note that I do not plan on any active development on petal other than keeping it working with new perl versions - so if anyone is interested in further development please go ahead! [1] http://arctic.loop0.org/~mathias/petal_perl_5.12.diff - credit goes to Stefan Seifert (nine_AT_detonation_DOT_org)
  Fri Aug 05 11:27:27 2011 The RT System itself - Status changed from 'new' to 'open'
  Fri Aug 05 18:27:01 2011 BPOSTLE [...] cpan.org - Correspondence added
On Fri Aug 05 11:27:25 2011, mreitinger wrote: Show quoted text
> i have been trying to reach the current maintainer (Bruno Postle) via > e-mail but the address listed in the README currently bounces.
Show quoted text
> if I am not able to reach the maintainer in the next few weeks I will > attempt to adopt this module so we can get a working version uploaded to > CPAN.
Hi, my email is <bruno@postle.net>. Though I still use Petal, I'm not actively developing it. So yes I'm open to giving someone co-maintainership to get a new release out.
  Mon Aug 08 13:21:45 2011 gregoa [...] cpan.org - Correspondence added
RT-Send-CC: mathias.reitinger [...] loop0.org
On Fri Aug 05 11:27:25 2011, mreitinger wrote: Show quoted text
> [1] http://arctic.loop0.org/~mathias/petal_perl_5.12.diff - credit goes > to Stefan Seifert (nine_AT_detonation_DOT_org)
Thanks for the patch! Unfortunately it doesn't seem to fix _this_ bug, I still get the same errors reported by Niko. Cf. also http://bugs.debian.org/582805 Cheers, gregor, Debian Perl Group
  Sun Aug 14 06:36:13 2011 dam [...] cpan.org - Correspondence added
На Sun, 23 May 2010 22:36:47 +0300, ntyni@iki.fi написа: Show quoted text
> Recent CPAN tester failures, for example this: > >
http://www.cpantesters.org/cpan/report/07267724-b19f-3f77-b713-d32bba55d77f Show quoted text
> > are caused by Safe.pm 2.27, which now wraps code refs returned from
reval(). Show quoted text
> > The symptoms are > > % perl -I ../Safe-2.27/blib/blib -I ../Safe-2.27/blib/arch > t/008_Quoted_Params.t > (in cleanup) Can't locate object method "process" via package > "Petal::Hash::Var" (perhaps you forgot to load "Petal::Hash::Var"?) at > lib/Petal/Hash.pm line 188. > not ok 1 - ran
Here's a patch that removes usage of Safe (and blind untainting) from _code_memory_cached. This has the potential to break other code that feeds untainted text in tainted mode, but that code is broken already by the Safe upgrade. At least the test suite now completes without problems.
Subject: no-Safe.patch
Description: drop usage of Safe in taint mode Safe 2.27 (included in Perl 5.12.1) adds a wrapper around code refs returned by reval. This causes severe problems in Petal internals. Bug: https://rt.cpan.org/Public/Bug/Display.html?id=57787 Bug-Debian: http://bugs.debian.org/582805 Author: Damyan Ivanov <dmn@debian.org> --- a/lib/Petal.pm +++ b/lib/Petal.pm @@ -15,7 +15,6 @@ use Petal::Functions; use Petal::Entities; use File::Spec; use Carp; -use Safe; use Data::Dumper; use Scalar::Util; use strict; @@ -647,25 +646,9 @@ sub _code_memory_cached my $code_perl = $self->_code_disk_cached; my $VAR1 = undef; - if ($TAINT) - { - # important line, don't remove - ($code_perl) = $code_perl =~ m/^(.+)$/s; - die "\$code_perl is empty after untainting!" unless defined $code_perl && $code_perl; - my $cpt = Safe->new ("Petal::CPT"); - $cpt->permit ('entereval'); - $cpt->permit ('leaveeval'); - $cpt->permit ('require'); - $code = $cpt->reval($code_perl); - confess ("Error in reval:\n" . $@ . "\n" . $self->_code_with_line_numbers) if $@; - warn "\$code is empty after reval.\n" . Dumper($code, $Petal::CPT::VAR1, length($code_perl)) unless $code; - } - else - { - eval "$code_perl"; - confess ($@ . "\n" . $self->_code_with_line_numbers) if $@; - $code = $VAR1; - } + eval "$code_perl"; + confess ($@ . "\n" . $self->_code_with_line_numbers) if $@; + $code = $VAR1; Petal::Cache::Memory->set ($self->_file_path_with_macro, $code, $self->language) if (defined $MEMORY_CACHE and $MEMORY_CACHE); }
  Sun Aug 14 06:55:23 2011 dam [...] cpan.org - Cc DAM added
  Mon Aug 29 03:36:59 2011 nine [...] detonation.org - Correspondence added
Applied both patches in this ticket and released Petal 2.20. Many thanks for the patch removing Safe usage. Though it has been a nice feature, AFAIK it has never been mentioned in any documentation and I just could not find a way to keep it working without a complete rewrite of Petal.
  Mon Aug 29 03:37:00 2011 nine [...] detonation.org - Status changed from 'open' to 'resolved'