Skip Menu |

This queue is for tickets about the Module-Load-Conditional CPAN distribution.

Report information
The Basics
Id: 88567
Status: resolved
Priority: 0/
Queue: Module-Load-Conditional
People
Owner: Nobody in particular
Requestors: jos [...] dwim.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Sep 10 02:34:49 2013 jos [...] dwim.org - Ticket created
CC: Jos Boumans <kane [...] cpan.org>, 717213 [...] bugs.debian.org, 722210 [...] bugs.debian.org
Subject: Re: Module::Load::Conditional and taint mode
Date: Mon, 9 Sep 2013 23:34:29 -0700
To: Daniel Kahn Gillmor <dkg [...] fifthhorseman.net>, bug-module-load-conditional [...] rt.cpan.org
From: Jos Boumans <jos [...] dwim.org>
adding to the bug tracker. On 9 Sep 2013, at 23:26, Daniel Kahn Gillmor wrote: Show quoted text
> It looks like some change introduced between 0.44 and 0.50 cause > Module::Load::Conditional::can_load to choke under taint mode. > > I note that both http://bugs.debian.org/722210 and > http://bugs.debian.org/717213 are related to Module::Load::Conditional > failures under taint mode. I suspect they're the same bug. > > The versions of Module::Load::Conditional associated here are: > > wheezy perl-modules 0.44 > wheezy libmodule-load-conditional-perl 0.50 > sid perl-modules 0.54 > sid libmodule-load-conditional-perl 0.52 > upstream 0.58 > > > here's a carp trace on a system with 0.58 installed: > > 0 dkg@alice:/tmp/cdtemp.YOjk3A$ perl -MCarp::Always -wTMModule::Load::Conditional -e 'Module::Load::Conditional::can_load(modules => { 'Test' => undef });' > Insecure dependency in eval while running with -T switch at /usr/share/perl/5.18/Module/Metadata.pm line 631, <GEN0> line 23. > Module::Metadata::_evaluate_version_line('Module::Metadata=HASH(0x1063878)', '$', 'VERSION', '$VERSION = \'1.26\';') called at /usr/share/perl/5.18/Module/Metadata.pm line 580 > Module::Metadata::_parse_fh('Module::Metadata=HASH(0x1063878)', 'FileHandle=GLOB(0x10d3568)') called at /usr/share/perl/5.18/Module/Metadata.pm line 358 > Module::Metadata::_init('Module::Metadata', undef, '/usr/share/perl/5.18/Test.pm', 'handle', 'FileHandle=GLOB(0x10d3568)') called at /usr/share/perl/5.18/Module/Metadata.pm line 79 > Module::Metadata::new_from_handle('Module::Metadata', 'FileHandle=GLOB(0x10d3568)', '/usr/share/perl/5.18/Test.pm') called at /usr/share/perl5/Module/Load/Conditional.pm line 259 > Module::Load::Conditional::check_install('module', 'Test', 'version', undef) called at /usr/share/perl5/Module/Load/Conditional.pm line 417 > Module::Load::Conditional::can_load('modules', 'HASH(0xd22cb8)') called at -e line 1 > 25 dkg@alice:/tmp/cdtemp.YOjk3A$ > > I note that the upstream changelog only mentions taint mode once, from > years ago: > > Changes for 0.24 Wed Jan 2 16:53:19 CET 2008 > ================================================= > * Readdress #29348 to make sure version comparisons > handle alpha versions (XX_YY type) gracefully. > * Address #31680 to make sure $FIND_VERSION works > nicely with taint mode enabled. > > > Jos, do you have any idea what is going on here, or if it's possible to > run Module::Load::Conditional while under taint mode? > > Regards, > > --dkg
  Tue Sep 10 02:55:05 2013 dkg [...] fifthhorseman.net - Correspondence added
CC: bug-module-load-conditional [...] rt.cpan.org, Jos Boumans <kane [...] cpan.org>, 717213 [...] bugs.debian.org, 722210 [...] bugs.debian.org
Subject: Re: [rt.cpan.org #88567] Module::Load::Conditional and taint mode
Date: Tue, 10 Sep 2013 02:54:48 -0400
To: Jos Boumans <jos [...] dwim.org>
From: Daniel Kahn Gillmor <dkg [...] fifthhorseman.net>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09/10/2013 02:34 AM, Jos Boumans wrote: Show quoted text
> On 9 Sep 2013, at 23:26, Daniel Kahn Gillmor wrote: >
>> It looks like some change introduced between 0.44 and 0.50 cause >> Module::Load::Conditional::can_load to choke under taint mode.
woops, sorry, i think i specified the version number wrong. The problem appears to have been introduced in 0.52. I am unable to reproduce it with 0.50. the upstream changelog for 0.52 is: Changes for 0.52 Sun Jul 29 10:06:44 BST 2012 ================================================= * Various enhancements, including now uses Module::Metadata (vpit) --dkg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSLsI1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcO4wQAOfI5Kt4evHY0GmkH7+IIrM9 b/OscQcOi9jEt4s3DZmqyVOq95hE/ELbZ2D0RdiBgKl70J3rE2h5WvpxXLN8dgia MdeFFUJQLW/QCyOYyZohfk6idPmgVVtYl+uiJFYLjelZpCPpXB1mFIpn2Y0PUWcN NyGINwhd6ScsFy3g7aG0BePqK9HiawEcMkM3NgDZVeG0rJTNMpeyPqfScK6wUzA1 6BChWwcr6PCPcXvjDOn300Nxi3AyTJh8Nvtm4v2WCLNoXwQBUOIJVoRM/Nn5s53C /25EWRkhkcXDT+i+bi7gaTIZ9iYAxtNAb0/PEw54uOY37fG2x46Ofn0M8KMjrD9x gIplt9ksnscu6jgl3sf/J4wr+5jagLTXDJMbh9ptc+AStDw6LjPrehAkY8T9y1g4 0r4ralT+PKRncqda9Ka89HM9ntblNFSpyEsDGerr4OxhSupCqzKlcZFO0Kes+ZWr LE1eBBTae+MyrhUxu86cS/FK0dbd4GGFjhkkPTRHxwTJxVwFZTq/xDn784WXE6th YStv3qbQ1D9WNoKBAu9z2dzd4aLiaZBpSkud5spc9UgFENO+wjTnOkRmRtYvIEvI b79Mj47RTN/rny3QmzUB4t3VyiBJ3YUvPbblPEMvUEYtbrsYJjA0ShmV8M3K1PPH NRIjMm1QP+/kIPsdT0Go =o9+C -----END PGP SIGNATURE-----
  Tue Sep 10 02:55:05 2013 The RT System itself - Status changed from 'new' to 'open'
  Tue Sep 10 06:47:33 2013 BINGOS [...] cpan.org - Correspondence added
RT-Send-CC: 722210 [...] bugs.debian.org, dkg [...] fifthhorseman.net, 717213 [...] bugs.debian.org, kane [...] cpan.org
The problem is with Module::Metadata. $ perl -MModule::Metadata -E 'say Module::Metadata->new_from_module( "Test" )->filename' /opt/perl-5.18.1/lib/5.18.1/Test.pm $ perl -TMModule::Metadata -E 'say Module::Metadata->new_from_module( "Test" )->filename' Insecure dependency in eval while running with -T switch at /opt/perl-5.18.1/lib/site_perl/5.18.1/Module/Metadata.pm line 667, <GEN0> line 23. I will raise a ticket with Module-Metadata maintainers.
  Tue Sep 10 06:47:35 2013 BINGOS [...] cpan.org - Status changed from 'open' to 'stalled'
  Tue Sep 10 06:57:45 2013 717213 [...] bugs.debian.org - Correspondence added
Subject: Bug#717213: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Tue, 10 Sep 2013 10:57:10 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 717213@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 717213: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717213 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
  Tue Sep 10 06:57:45 2013 The RT System itself - Status changed from 'stalled' to 'open'
  Tue Sep 10 06:57:46 2013 722210 [...] bugs.debian.org - Correspondence added
Subject: Bug#722210: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Tue, 10 Sep 2013 10:57:13 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Niko Tyni <ntyni@debian.org> If you wish to submit further information on this problem, please send it to 722210@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 722210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722210 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
  Wed Sep 11 16:06:41 2013 BINGOS [...] cpan.org - Correspondence added
RT-Send-CC: 722210 [...] bugs.debian.org, dkg [...] fifthhorseman.net, 717213 [...] bugs.debian.org, kane [...] cpan.org
A release of Module::Metadata that resolves the issue has been made available on CPAN, thanks to Karen Etheridge. http://metacpan.org/release/ETHER/Module-Metadata-1.000018 Many thanks.
  Wed Sep 11 16:06:42 2013 BINGOS [...] cpan.org - Status changed from 'open' to 'resolved'
  Wed Sep 11 16:09:19 2013 717213 [...] bugs.debian.org - Correspondence added
Subject: Bug#717213: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Wed, 11 Sep 2013 20:09:04 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> If you wish to submit further information on this problem, please send it to 717213@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 717213: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717213 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
  Wed Sep 11 16:09:20 2013 722210 [...] bugs.debian.org - Correspondence added
Subject: Bug#722210: Info received ([rt.cpan.org #88567] Re: Module::Load::Conditional and taint mode)
Date: Wed, 11 Sep 2013 20:09:07 +0000
To: bug-Module-Load-Conditional [...] rt.cpan.org
From: owner [...] bugs.debian.org (Debian Bug Tracking System)
Thank you for the additional information you have supplied regarding this Bug report. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): Niko Tyni <ntyni@debian.org> If you wish to submit further information on this problem, please send it to 722210@bugs.debian.org. Please do not send mail to owner@bugs.debian.org unless you wish to report a problem with the Bug-tracking system. -- 722210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722210 Debian Bug Tracking System Contact owner@bugs.debian.org with problems