adding to the bug tracker. On 9 Sep 2013, at 23:26, Daniel Kahn Gillmor wrote:
> It looks like some change introduced between 0.44 and 0.50 cause > Module::Load::Conditional::can_load to choke under taint mode. > > I note that both http://bugs.debian.org/722210 and > http://bugs.debian.org/717213 are related to Module::Load::Conditional > failures under taint mode. I suspect they're the same bug. > > The versions of Module::Load::Conditional associated here are: > > wheezy perl-modules 0.44 > wheezy libmodule-load-conditional-perl 0.50 > sid perl-modules 0.54 > sid libmodule-load-conditional-perl 0.52 > upstream 0.58 > > > here's a carp trace on a system with 0.58 installed: > > 0 dkg@alice:/tmp/cdtemp.YOjk3A$ perl -MCarp::Always > -wTMModule::Load::Conditional -e 'Module::Load::Conditional::can_load(modules > => { 'Test' => undef });' > Insecure dependency in eval while running with -T switch at > /usr/share/perl/5.18/Module/Metadata.pm line 631, <GEN0> line 23. > > Module::Metadata::_evaluate_version_line('Module::Metadata=HASH(0x1063878)', > '$', 'VERSION', '$VERSION = \'1.26\';') called at > /usr/share/perl/5.18/Module/Metadata.pm line 580 > Module::Metadata::_parse_fh('Module::Metadata=HASH(0x1063878)', > 'FileHandle=GLOB(0x10d3568)') called at > /usr/share/perl/5.18/Module/Metadata.pm line 358 > Module::Metadata::_init('Module::Metadata', undef, > '/usr/share/perl/5.18/Test.pm', 'handle', 'FileHandle=GLOB(0x10d3568)') > called at /usr/share/perl/5.18/Module/Metadata.pm line 79 > Module::Metadata::new_from_handle('Module::Metadata', > 'FileHandle=GLOB(0x10d3568)', '/usr/share/perl/5.18/Test.pm') called at > /usr/share/perl5/Module/Load/Conditional.pm line 259 > Module::Load::Conditional::check_install('module', 'Test', 'version', > undef) called at /usr/share/perl5/Module/Load/Conditional.pm line 417 > Module::Load::Conditional::can_load('modules', 'HASH(0xd22cb8)') called > at -e line 1 > 25 dkg@alice:/tmp/cdtemp.YOjk3A$ > > I note that the upstream changelog only mentions taint mode once, from > years ago: > > Changes for 0.24 Wed Jan 2 16:53:19 CET 2008 > ================================================= > * Readdress #29348 to make sure version comparisons > handle alpha versions (XX_YY type) gracefully. > * Address #31680 to make sure $FIND_VERSION works > nicely with taint mode enabled. > > > Jos, do you have any idea what is going on here, or if it's possible to > run Module::Load::Conditional while under taint mode? > > Regards, > > --dkg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
