From bff978faaae3c8c03edc7cf579be6660fdc89fb3 Mon Sep 17 00:00:00 2001 From: Steve Hay Date: Wed, 11 Sep 2013 09:34:33 +0100 Subject: [PATCH] Upgrade Module::Metadata from version 1.000016 to 1.000017 --- MANIFEST | 1 + Porting/Maintainers.pl | 2 +- cpan/Module-Metadata/lib/Module/Metadata.pm | 9 ++++++--- cpan/Module-Metadata/t/encoding.t | 1 + cpan/Module-Metadata/t/lib/DistGen.pm | 4 ++++ cpan/Module-Metadata/t/lib/MBTest.pm | 1 + cpan/Module-Metadata/t/lib/Tie/CPHash.pm | 1 + cpan/Module-Metadata/t/metadata.t | 1 + cpan/Module-Metadata/t/taint.t | 20 ++++++++++++++++++++ cpan/Module-Metadata/t/version.t | 1 + pod/perldelta.pod | 5 +++-- 11 files changed, 40 insertions(+), 6 deletions(-) create mode 100644 cpan/Module-Metadata/t/taint.t diff --git a/MANIFEST b/MANIFEST index 8e16f93..915d418 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1764,6 +1764,7 @@ cpan/Module-Metadata/t/lib/ENDPOD.pm cpan/Module-Metadata/t/lib/MBTest.pm cpan/Module-Metadata/t/lib/Tie/CPHash.pm cpan/Module-Metadata/t/metadata.t +cpan/Module-Metadata/t/taint.t cpan/Module-Metadata/t/version.t cpan/NEXT/lib/NEXT.pm Pseudo-class NEXT for method redispatch cpan/NEXT/t/actual.t NEXT diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index 96e185c..bbc404f 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -1241,7 +1241,7 @@ use File::Glob qw(:case); 'Module::Metadata' => { 'MAINTAINER' => 'dagolden', - 'DISTRIBUTION' => 'ETHER/Module-Metadata-1.000016.tar.gz', + 'DISTRIBUTION' => 'ETHER/Module-Metadata-1.000017.tar.gz', 'FILES' => q[cpan/Module-Metadata], 'EXCLUDED' => [ qr{^maint}, diff --git a/cpan/Module-Metadata/lib/Module/Metadata.pm b/cpan/Module-Metadata/lib/Module/Metadata.pm index a9a81ef..c7bcb43 100644 --- a/cpan/Module-Metadata/lib/Module/Metadata.pm +++ b/cpan/Module-Metadata/lib/Module/Metadata.pm @@ -10,8 +10,9 @@ package Module::Metadata; # parrot future to look at other types of modules). use strict; -use vars qw($VERSION); -$VERSION = '1.000016'; +use warnings; + +our $VERSION = '1.000017'; $VERSION = eval $VERSION; use Carp qw/croak/; @@ -649,7 +650,7 @@ sub _evaluate_version_line { # compiletime/runtime issues with local() my $vsub; $pn++; # everybody gets their own package - my $eval = qq{BEGIN { q# Hide from _packages_inside() + my $eval = qq{BEGIN { my \$dummy = q# Hide from _packages_inside() #; package Module::Metadata::_version::p$pn; use version; no strict; @@ -662,6 +663,8 @@ sub _evaluate_version_line { }; }}; + $eval = $1 if $eval =~ m{^(.+)}s; + local $^W; # Try to get the $VERSION eval $eval; diff --git a/cpan/Module-Metadata/t/encoding.t b/cpan/Module-Metadata/t/encoding.t index a0970e0..b010f7e 100644 --- a/cpan/Module-Metadata/t/encoding.t +++ b/cpan/Module-Metadata/t/encoding.t @@ -1,6 +1,7 @@ #!perl use strict; +use warnings; use File::Spec; use Test::More; diff --git a/cpan/Module-Metadata/t/lib/DistGen.pm b/cpan/Module-Metadata/t/lib/DistGen.pm index 9fbd6d0..2353120 100644 --- a/cpan/Module-Metadata/t/lib/DistGen.pm +++ b/cpan/Module-Metadata/t/lib/DistGen.pm @@ -1,6 +1,7 @@ package DistGen; use strict; +use warnings; use vars qw( $VERSION $VERBOSE @EXPORT_OK); @@ -182,6 +183,7 @@ sub _gen_default_filedata { \$VERSION = '0.01'; use strict; + use warnings; 1; @@ -205,6 +207,7 @@ sub _gen_default_filedata { $self->$add_unless('t/basic.t', undent(<<" ---")); use Test::More tests => 1; use strict; + use warnings; use $self->{name}; ok 1; @@ -470,6 +473,7 @@ sub change_build_pl { $self->change_file( 'Build.PL', undent(<<" ---") ); use strict; + use warnings; use Module::Build; my \$b = Module::Build->new( # Some CPANPLUS::Dist::Build versions need to allow mismatches diff --git a/cpan/Module-Metadata/t/lib/MBTest.pm b/cpan/Module-Metadata/t/lib/MBTest.pm index 005920f..fb239ab 100644 --- a/cpan/Module-Metadata/t/lib/MBTest.pm +++ b/cpan/Module-Metadata/t/lib/MBTest.pm @@ -1,6 +1,7 @@ package MBTest; use strict; +use warnings; use IO::File (); use File::Spec; diff --git a/cpan/Module-Metadata/t/lib/Tie/CPHash.pm b/cpan/Module-Metadata/t/lib/Tie/CPHash.pm index b167622..217d642 100644 --- a/cpan/Module-Metadata/t/lib/Tie/CPHash.pm +++ b/cpan/Module-Metadata/t/lib/Tie/CPHash.pm @@ -20,6 +20,7 @@ package Tie::CPHash; require 5.000; use strict; +use warnings; use vars qw(@ISA $VERSION); @ISA = qw(); diff --git a/cpan/Module-Metadata/t/metadata.t b/cpan/Module-Metadata/t/metadata.t index 286b1ae..20e6440 100644 --- a/cpan/Module-Metadata/t/metadata.t +++ b/cpan/Module-Metadata/t/metadata.t @@ -3,6 +3,7 @@ # vim:ts=8:sw=2:et:sta:sts=2 use strict; +use warnings; use lib 't/lib'; use IO::File; use MBTest; diff --git a/cpan/Module-Metadata/t/taint.t b/cpan/Module-Metadata/t/taint.t new file mode 100644 index 0000000..8ca1346 --- /dev/null +++ b/cpan/Module-Metadata/t/taint.t @@ -0,0 +1,20 @@ +#!/usr/bin/perl -T +use strict; +use warnings; + +use 5.008000; # for ${^TAINT} +use Module::Metadata; +use Test::More; +use Test::Fatal; + +ok(${^TAINT}, 'taint flag is set'); + +# without the fix, we get: +# Insecure dependency in eval while running with -T switch at lib/Module/Metadata.pm line 668, line 15. +is( + exception { Module::Metadata->new_from_module( "Module::Metadata" )->version }, + undef, + 'no exception', +); + +done_testing; diff --git a/cpan/Module-Metadata/t/version.t b/cpan/Module-Metadata/t/version.t index 061a063..e523f97 100644 --- a/cpan/Module-Metadata/t/version.t +++ b/cpan/Module-Metadata/t/version.t @@ -1,4 +1,5 @@ use strict; +use warnings; use Test::More; use Module::Metadata; use lib "t/lib/0_2"; diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 18f2c71..9cc7fe0 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -325,10 +325,11 @@ C has been made more robust. [cpan #83728] =item * -L has been upgraded from version 1.000014 to 1.000016. +L has been upgraded from version 1.000014 to 1.000017. The module's DESCRIPTION has been re-worded regarding safety/security to -satisfy CVE-2013-1437. +satisfy CVE-2013-1437. Also, versions are now detainted if needed. [cpan +#88576] =item * -- 2.7.4