[SCM] Debian packaging of libpetal-perl branch, master, updated. e5e557c5495c57fceec7ca6b00cc9a18a3fa29af
Damyan Ivanov
dmn at debian.org
Sun Aug 14 10:41:21 UTC 2011
The following commit has been merged in the master branch:
commit e5e557c5495c57fceec7ca6b00cc9a18a3fa29af
Author: Damyan Ivanov <dmn at debian.org>
Date: Sun Aug 14 13:39:04 2011 +0300
add no-Safe.patch, removing usage of Safe.pm in taint mode
This has the potential to break other code, but that code should be broken
already by the new Safe.
Closes: #582805 -- breaks with new Safe
diff --git a/debian/changelog b/debian/changelog
index 8d67cf0..b62734b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ libpetal-perl (2.19-2) UNRELEASED; urgency=low
* Import a patch from Stefan Seifert (nine_AT_detonation_DOT_org) replacing
UNIVERSAL usage.
* add liblocale-maketext-gettext-perl to B-D-I, enabling additional test
+ * add no-Safe.patch, removing usage of Safe.pm in taint mode. This has the
+ potential to break other code, but that code should be broken already by
+ the new Safe. Closes: #582805 -- breaks with new Safe
-- gregor herrmann <gregoa at debian.org> Sun, 16 Nov 2008 20:46:05 +0100
diff --git a/debian/patches/no-Safe.patch b/debian/patches/no-Safe.patch
new file mode 100644
index 0000000..cab248c
--- /dev/null
+++ b/debian/patches/no-Safe.patch
@@ -0,0 +1,45 @@
+Description: drop usage of Safe in taint mode
+ Safe 2.27 (included in Perl 5.12.1) adds a wrapper around code refs returned by reval. This causes severe problems in Petal internals.
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=57787
+Bug-Debian: http://bugs.debian.org/582805
+Author: Damyan Ivanov <dmn at debian.org>
+
+--- a/lib/Petal.pm
++++ b/lib/Petal.pm
+@@ -15,7 +15,6 @@ use Petal::Functions;
+ use Petal::Entities;
+ use File::Spec;
+ use Carp;
+-use Safe;
+ use Data::Dumper;
+ use Scalar::Util;
+ use strict;
+@@ -647,25 +646,9 @@ sub _code_memory_cached
+ my $code_perl = $self->_code_disk_cached;
+ my $VAR1 = undef;
+
+- if ($TAINT)
+- {
+- # important line, don't remove
+- ($code_perl) = $code_perl =~ m/^(.+)$/s;
+- die "\$code_perl is empty after untainting!" unless defined $code_perl && $code_perl;
+- my $cpt = Safe->new ("Petal::CPT");
+- $cpt->permit ('entereval');
+- $cpt->permit ('leaveeval');
+- $cpt->permit ('require');
+- $code = $cpt->reval($code_perl);
+- confess ("Error in reval:\n" . $@ . "\n" . $self->_code_with_line_numbers) if $@;
+- warn "\$code is empty after reval.\n" . Dumper($code, $Petal::CPT::VAR1, length($code_perl)) unless $code;
+- }
+- else
+- {
+- eval "$code_perl";
+- confess ($@ . "\n" . $self->_code_with_line_numbers) if $@;
+- $code = $VAR1;
+- }
++ eval "$code_perl";
++ confess ($@ . "\n" . $self->_code_with_line_numbers) if $@;
++ $code = $VAR1;
+
+ Petal::Cache::Memory->set ($self->_file_path_with_macro, $code, $self->language) if (defined $MEMORY_CACHE and $MEMORY_CACHE);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index 9d8690c..f682a17 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
no-UNIVERSAL-import.patch
+no-Safe.patch
--
Debian packaging of libpetal-perl
More information about the Pkg-perl-cvs-commits
mailing list