fix hash order dependency bug in new Module::Corelist::deprecated_in()

The code was doing

    $version= List::Util::min(keys %$versions);

which introduces a hash order dependency as min() returns either the first or last
(i didnt check which) of the lowest items in the list, and considers 5.011000 and
5.011 to be equivalent. Depending on the hash order it would return
either one. Hash randomization revealed this bug immediately.

Changing the function to use List::Util::minstr() eliminates the
dependency.

    $version= List::Util::minstr(keys %$versions);

diff --git a/dist/Module-CoreList/Changes b/dist/Module-CoreList/Changes
index 3e8442a..76c298b 100644 (file)
--- a/dist/Module-CoreList/Changes
+++ b/dist/Module-CoreList/Changes
@@ -1,3 +1,11 @@
+2.78 Sat Nov 12 2012
+  - Fix hash order dependency bug in deprecated_in().
+    Tests would would fail or succeed depending on what order keys()
+    would return the version list in. List::Utils::min() considers
+    '5.011' and '5.011000' to be equivalent, and returns the first
+    whichever it encounters. Changing to List::Utils::minstr() fixes
+    this.
+
 2.77 Sat Nov 10 2012
   - Updated for v5.12.5
   - deprecated_in() function added

diff --git a/dist/Module-CoreList/lib/Module/CoreList.pm b/dist/Module-CoreList/lib/Module/CoreList.pm
index f37402d..f4fd7bd 100644 (file)
--- a/dist/Module-CoreList/lib/Module/CoreList.pm
+++ b/dist/Module-CoreList/lib/Module/CoreList.pm
@@ -3,7 +3,7 @@ use strict;
 use vars qw/$VERSION %released %version %families %upstream
            %bug_tracker %deprecated/;
 use Module::CoreList::TieHashDelta;
-$VERSION = '2.77';
+$VERSION = '2.78';
 
 my $dumpinc = 0;
 sub import {
@@ -86,7 +86,7 @@ sub deprecated_in {
     my @perls = grep { exists $deprecated{$_}{$module} } keys %deprecated;
     return unless @perls;
     require List::Util;
-    return List::Util::min(@perls);
+    return List::Util::minstr(@perls);
 }
 
 sub removed_from {