The taint.t test can now be included since it no longer uses Test::Fatal.
cpan/Module-Metadata/t/lib/MBTest.pm
cpan/Module-Metadata/t/lib/Tie/CPHash.pm
cpan/Module-Metadata/t/metadata.t
+cpan/Module-Metadata/t/taint.t
cpan/Module-Metadata/t/version.t
cpan/NEXT/lib/NEXT.pm Pseudo-class NEXT for method redispatch
cpan/NEXT/t/actual.t NEXT
'Module::Metadata' => {
'MAINTAINER' => 'dagolden',
- 'DISTRIBUTION' => 'ETHER/Module-Metadata-1.000017.tar.gz',
+ 'DISTRIBUTION' => 'ETHER/Module-Metadata-1.000018.tar.gz',
'FILES' => q[cpan/Module-Metadata],
'EXCLUDED' => [
- qw(t/taint.t),
qr{^maint},
qr{^xt},
],
use strict;
use warnings;
-our $VERSION = '1.000017';
+our $VERSION = '1.000018';
$VERSION = eval $VERSION;
use Carp qw/croak/;
--- /dev/null
+#!/usr/bin/perl -T
+use strict;
+use warnings;
+
+use 5.008000; # for ${^TAINT}
+use Test::More tests => 2;
+use Module::Metadata;
+use Carp 'croak';
+
+# stolen liberally from Class-Tiny/t/lib/TestUtils.pm - thanks xdg!
+sub exception(&) {
+ my $code = shift;
+ my $success = eval { $code->(); 1 };
+ my $err = $@;
+ return undef if $success; # original returned ''
+ croak "Execution died, but the error was lost" unless $@;
+ return $@;
+}
+
+ok(${^TAINT}, 'taint flag is set');
+
+# without the fix, we get:
+# Insecure dependency in eval while running with -T switch at lib/Module/Metadata.pm line 668, <GEN0> line 15.
+is(
+ exception { Module::Metadata->new_from_module( "Module::Metadata" )->version },
+ undef,
+ 'no exception',
+);
+
=item *
-L<Module::Metadata> has been upgraded from version 1.000014 to 1.000017.
+L<Module::Metadata> has been upgraded from version 1.000014 to 1.000018.
The module's DESCRIPTION has been re-worded regarding safety/security to
satisfy CVE-2013-1437. Also, versions are now detainted if needed. [cpan