[libmodule-metadata-perl] 01/01: Imported Upstream version 1.000018
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 11 20:13:52 UTC 2013
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to annotated tag upstream/1.000018
in repository libmodule-metadata-perl.
commit 26804837519723d1421a41f5908120998e968493
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Wed Sep 11 22:03:37 2013 +0200
Imported Upstream version 1.000018
---
Changes | 47 +++++++++++++++++++++++++++------------------
MANIFEST | 1 +
META.json | 34 +++++++++++++++++++++++++++++---
META.yml | 20 +++++++++++++++----
Makefile.PL | 14 ++++++++++++--
lib/Module/Metadata.pm | 9 ++++++---
maint/Makefile.PL.include | 1 +
maint/bump-version | 1 +
t/encoding.t | 1 +
t/lib/DistGen.pm | 4 ++++
t/lib/MBTest.pm | 1 +
t/lib/Tie/CPHash.pm | 1 +
t/metadata.t | 1 +
t/taint.t | 29 ++++++++++++++++++++++++++++
t/version.t | 1 +
15 files changed, 134 insertions(+), 31 deletions(-)
diff --git a/Changes b/Changes
index bbc2618..91e2e5a 100644
--- a/Changes
+++ b/Changes
@@ -1,81 +1,90 @@
Release history for Module-Metadata
-1.000015 - 2013-08-21
+1.000018 2013-09-11
+ - re-release of detainting fix without unstated non-core test dependencies
+
+1.000017 2013-09-10
+ - detaint version, if needed (RT#88576, Chris Williams)
+
+1.000016 2013-08-21
+ - Re-release to fix prereqs and other metadata
+
+1.000015 2013-08-21
- Change wording about safety/security to satisfy CVE-2013-1437
-1.000014 - 2013-05-09
+1.000014 2013-05-09
- Remove "now installs to 'site' for perl 5.12+" from last version
-1.000013 - 2013-05-08
+1.000013 2013-05-08
- Fix reliance on recent Test::Builder
- Make tests perl 5.6 compatible
- now installs to 'site' for perl 5.12+, as per p5p recommendation
-1.000012 - 2013-05-04
+1.000012 2013-05-04
- improved package detection heuristics (thanks, Edward Zborowski!)
- fix ->contains_pod (RT#84932, Tokuhiro Matsuno)
- fix detection of pod after __END__ (RT79656, Tokuhiro Matsuno)
-1.000011 2012-08-16
+1.000011 2012-08-16
- LEONT++ hasn't found any issues with my changes; mark it done (or at
least ready for smoking). (APEIRON)
-1.000010_003 2012-08-16 01:00:00
+1.000010_003 2012-08-16 01:00:00
- Remove other spurious message (APEIRON)
-1.000010_002 2012-08-15 20:15:00
+1.000010_002 2012-08-15 20:15:00
- APEIRON is an idiot (APEIRON)
-1.000010_001 2012-08-15 20:00:00
+1.000010_001 2012-08-15 20:00:00
- Dev release to test removing a warning about modules not using the
'eval $VERSION' syntax which causes lots of spew. (APEIRON)
-1.000010 2012-07-29 19:30:00
+1.000010 2012-07-29 19:30:00
- Performance improvement: the creation of a Module::Metadata object
for a typical module file has been sped up by about 40% (VPIT)
- Fix t/metadata.t failure under Cygwin (JDHEDDEN)
- Portability fix-ups for new_from_module() and test failures on VMS (CBERRY)
-1.000009 2012-02-08 12:00:00
+1.000009 2012-02-08 12:00:00
- API of 'provides' changed to require a 'version' argument to future
proof the function against CPAN Meta Spec changes (DAGOLDEN)
- Fatal errors now use 'croak' instead of 'die'; Carp added as
prerequisite (DAGOLDEN)
-1.000008 2012-02-07 22:30:00
+1.000008 2012-02-07 22:30:00
- Adds 'provides' method to generate a CPAN META provides data structure
correctly; use of package_versions_from_directory is discouraged (DAGOLDEN)
-1.000007 2011-09-07 12:00:00
+1.000007 2011-09-07 12:00:00
- Apply VMS fixes backported from blead (Craig A. Berry)
-1.000006 2011-08-29 04:00:00
+1.000006 2011-08-29 04:00:00
- Support PACKAGE BLOCK syntax (VPIT)
-1.000005 2011-08-02 09:45:00
+1.000005 2011-08-02 09:45:00
- Localize $package::VERSION during version discovery (MIYAGAWA)
- Fix references to Module::Build::ModuleInfo [RT #66133] (DAGOLDEN)
- Added 'new_from_handle()' method [RT #68875] (DAGOLDEN)
- Improved documentation (SYNOPSIS, broke out class/object method, and
other minor edits) (DAGOLDEN)
-1.000004 2011-02-03 07:55:00
+1.000004 2011-02-03 07:55:00
- Fix broken metadata.t when @INC has relative paths (JJORE)
-1.000003 2011-01-06 21:35:00
+1.000003 2011-01-06 21:35:00
- Pod cleanup (DAGOLDEN)
-1.000002 2010-12-10 12:00:00
+1.000002 2010-12-10 12:00:00
- Remove Module::Metadata::Version and depend directly on version.pm
(DAGOLDEN)
- Munge versions that fail even "lax" version number rules to try
to return something sensible (DAGOLDEN)
-1.000001 2010-07-09 00:52:37
+1.000001 2010-07-09 00:52:37
- fix build code to prevent Author.PL being mistakenly run during make
and add some extra author-side tools (MSTROUT)
-1.000000 2010-07-07
+1.000000 2010-07-07
- Initial release (MSTROUT)
- Code extracted from Module::Build + Module::Build::Version (MSTROUT)
- Tests extracted from Module::Build (DAGOLDEN)
diff --git a/MANIFEST b/MANIFEST
index 966e3ab..47c68c2 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -18,6 +18,7 @@ t/lib/ENDPOD.pm
t/lib/MBTest.pm
t/lib/Tie/CPHash.pm
t/metadata.t
+t/taint.t
t/version.t
xt/pod.t
META.yml Module YAML meta-data (added by MakeMaker)
diff --git a/META.json b/META.json
index 76cb924..ff4088f 100644
--- a/META.json
+++ b/META.json
@@ -4,7 +4,7 @@
"Ken Williams <kwilliams at cpan.org>, Randy W. Sims <RandyS at ThePierianSpring.org>"
],
"dynamic_config" : 0,
- "generated_by" : "ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.120921",
+ "generated_by" : "ExtUtils::MakeMaker version 6.76, CPAN::Meta::Converter version 2.132510",
"license" : [
"perl_5"
],
@@ -19,9 +19,37 @@
"inc"
]
},
+ "prereqs" : {
+ "build" : {
+ "requires" : {
+ "ExtUtils::MakeMaker" : "0"
+ }
+ },
+ "runtime" : {
+ "requires" : {
+ "Carp" : "0",
+ "File::Find" : "0",
+ "File::Spec" : "0",
+ "IO::File" : "0",
+ "perl" : "5.006",
+ "strict" : "0",
+ "vars" : "0",
+ "version" : "0.87",
+ "warnings" : "0"
+ }
+ }
+ },
"release_status" : "stable",
"resources" : {
- "homepage" : "http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit/Module-Metadata.git"
+ "bugtracker" : {
+ "mailto" : "bug-Module-Metadata at rt.cpan.org",
+ "web" : "https://rt.cpan.org/Public/Dist/Display.html?Name=Module-Metadata"
+ },
+ "repository" : {
+ "type" : "git",
+ "url" : "git://git.shadowcat.co.uk/p5sagit/Module-Metadata.git",
+ "web" : "http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit/Module-Metadata.git"
+ }
},
- "version" : "1.000015"
+ "version" : "1.000018"
}
diff --git a/META.yml b/META.yml
index 816a56e..b041b90 100644
--- a/META.yml
+++ b/META.yml
@@ -2,9 +2,10 @@
abstract: 'Gather package and POD information from perl module files'
author:
- 'Ken Williams <kwilliams at cpan.org>, Randy W. Sims <RandyS at ThePierianSpring.org>'
-build_requires: {}
+build_requires:
+ ExtUtils::MakeMaker: 0
dynamic_config: 0
-generated_by: 'ExtUtils::MakeMaker version 6.66, CPAN::Meta::Converter version 2.120921'
+generated_by: 'ExtUtils::MakeMaker version 6.76, CPAN::Meta::Converter version 2.132510'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -14,6 +15,17 @@ no_index:
directory:
- t
- inc
+requires:
+ Carp: 0
+ File::Find: 0
+ File::Spec: 0
+ IO::File: 0
+ perl: 5.006
+ strict: 0
+ vars: 0
+ version: 0.87
+ warnings: 0
resources:
- homepage: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit/Module-Metadata.git
-version: 1.000015
+ bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=Module-Metadata
+ repository: git://git.shadowcat.co.uk/p5sagit/Module-Metadata.git
+version: 1.000018
diff --git a/Makefile.PL b/Makefile.PL
index 9b7e4ad..8717afd 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -1,6 +1,7 @@
use strict;
use warnings FATAL => 'all';
use ExtUtils::MakeMaker;
+use 5.006;
(do 'maint/Makefile.PL.include' or die $@) unless -f 'META.yml';
@@ -9,12 +10,14 @@ WriteMakefile(
VERSION_FROM => 'lib/Module/Metadata.pm',
ABSTRACT_FROM => 'lib/Module/Metadata.pm',
LICENSE => 'perl',
+ MIN_PERL_VERSION => '5.006',
PREREQ_PM => {
'Carp' => 0,
'File::Find' => 0,
'File::Spec' => 0,
'IO::File' => 0,
'strict' => 0,
+ 'warnings' => 0,
'vars' => 0,
'version' => 0.87,
'warnings' => 0,
@@ -28,8 +31,15 @@ WriteMakefile(
dynamic_config => 0,
resources => {
# r/w: p5sagit at git.shadowcat.co.uk:Module-Metadata.git
- repository => 'git://git.shadowcat.co.uk/p5sagit/Module-Metadata.git',
- homepage => 'http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit/Module-Metadata.git',
+ repository => {
+ url => 'git://git.shadowcat.co.uk/p5sagit/Module-Metadata.git',
+ web => 'http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=p5sagit/Module-Metadata.git',
+ type => 'git',
+ },
+ bugtracker => {
+ mailto => 'bug-Module-Metadata at rt.cpan.org',
+ web => 'https://rt.cpan.org/Public/Dist/Display.html?Name=Module-Metadata',
+ },
},
},
);
diff --git a/lib/Module/Metadata.pm b/lib/Module/Metadata.pm
index 81c6351..a92d05f 100644
--- a/lib/Module/Metadata.pm
+++ b/lib/Module/Metadata.pm
@@ -10,8 +10,9 @@ package Module::Metadata;
# parrot future to look at other types of modules).
use strict;
-use vars qw($VERSION);
-$VERSION = '1.000015';
+use warnings;
+
+our $VERSION = '1.000018';
$VERSION = eval $VERSION;
use Carp qw/croak/;
@@ -649,7 +650,7 @@ sub _evaluate_version_line {
# compiletime/runtime issues with local()
my $vsub;
$pn++; # everybody gets their own package
- my $eval = qq{BEGIN { q# Hide from _packages_inside()
+ my $eval = qq{BEGIN { my \$dummy = q# Hide from _packages_inside()
#; package Module::Metadata::_version::p$pn;
use version;
no strict;
@@ -662,6 +663,8 @@ sub _evaluate_version_line {
};
}};
+ $eval = $1 if $eval =~ m{^(.+)}s;
+
local $^W;
# Try to get the $VERSION
eval $eval;
diff --git a/maint/Makefile.PL.include b/maint/Makefile.PL.include
index be3ee28..cfb2c95 100644
--- a/maint/Makefile.PL.include
+++ b/maint/Makefile.PL.include
@@ -2,6 +2,7 @@ BEGIN { -e 'Distar' or system("git clone git://git.shadowcat.co.uk/p5sagit/Dista
use lib 'Distar/lib';
use Distar;
+use ExtUtils::MakeMaker 6.68; # ensure meta-spec v2 compatibility
author 'Ken Williams <kwilliams at cpan.org>, Randy W. Sims <RandyS at ThePierianSpring.org>';
manifest_include(
diff --git a/maint/bump-version b/maint/bump-version
index f3b01e6..3434fde 100755
--- a/maint/bump-version
+++ b/maint/bump-version
@@ -8,6 +8,7 @@ use autodie;
chomp(my $LATEST = qx(grep '^[0-9]' Changes | head -1 | awk '{print \$1}'));
my @parts = split /\./, $LATEST;
+splice(@parts, 1, 0, 0) if @parts == 2;
my $OLD_DECIMAL = sprintf('%i.%03i%03i', @parts);
diff --git a/t/encoding.t b/t/encoding.t
index a0970e0..b010f7e 100644
--- a/t/encoding.t
+++ b/t/encoding.t
@@ -1,6 +1,7 @@
#!perl
use strict;
+use warnings;
use File::Spec;
use Test::More;
diff --git a/t/lib/DistGen.pm b/t/lib/DistGen.pm
index 9fbd6d0..2353120 100644
--- a/t/lib/DistGen.pm
+++ b/t/lib/DistGen.pm
@@ -1,6 +1,7 @@
package DistGen;
use strict;
+use warnings;
use vars qw( $VERSION $VERBOSE @EXPORT_OK);
@@ -182,6 +183,7 @@ sub _gen_default_filedata {
\$VERSION = '0.01';
use strict;
+ use warnings;
1;
@@ -205,6 +207,7 @@ sub _gen_default_filedata {
$self->$add_unless('t/basic.t', undent(<<" ---"));
use Test::More tests => 1;
use strict;
+ use warnings;
use $self->{name};
ok 1;
@@ -470,6 +473,7 @@ sub change_build_pl {
$self->change_file( 'Build.PL', undent(<<" ---") );
use strict;
+ use warnings;
use Module::Build;
my \$b = Module::Build->new(
# Some CPANPLUS::Dist::Build versions need to allow mismatches
diff --git a/t/lib/MBTest.pm b/t/lib/MBTest.pm
index 005920f..fb239ab 100644
--- a/t/lib/MBTest.pm
+++ b/t/lib/MBTest.pm
@@ -1,6 +1,7 @@
package MBTest;
use strict;
+use warnings;
use IO::File ();
use File::Spec;
diff --git a/t/lib/Tie/CPHash.pm b/t/lib/Tie/CPHash.pm
index b167622..217d642 100644
--- a/t/lib/Tie/CPHash.pm
+++ b/t/lib/Tie/CPHash.pm
@@ -20,6 +20,7 @@ package Tie::CPHash;
require 5.000;
use strict;
+use warnings;
use vars qw(@ISA $VERSION);
@ISA = qw();
diff --git a/t/metadata.t b/t/metadata.t
index 286b1ae..20e6440 100644
--- a/t/metadata.t
+++ b/t/metadata.t
@@ -3,6 +3,7 @@
# vim:ts=8:sw=2:et:sta:sts=2
use strict;
+use warnings;
use lib 't/lib';
use IO::File;
use MBTest;
diff --git a/t/taint.t b/t/taint.t
new file mode 100644
index 0000000..ef527de
--- /dev/null
+++ b/t/taint.t
@@ -0,0 +1,29 @@
+#!/usr/bin/perl -T
+use strict;
+use warnings;
+
+use 5.008000; # for ${^TAINT}
+use Test::More tests => 2;
+use Module::Metadata;
+use Carp 'croak';
+
+# stolen liberally from Class-Tiny/t/lib/TestUtils.pm - thanks xdg!
+sub exception(&) {
+ my $code = shift;
+ my $success = eval { $code->(); 1 };
+ my $err = $@;
+ return undef if $success; # original returned ''
+ croak "Execution died, but the error was lost" unless $@;
+ return $@;
+}
+
+ok(${^TAINT}, 'taint flag is set');
+
+# without the fix, we get:
+# Insecure dependency in eval while running with -T switch at lib/Module/Metadata.pm line 668, <GEN0> line 15.
+is(
+ exception { Module::Metadata->new_from_module( "Module::Metadata" )->version },
+ undef,
+ 'no exception',
+);
+
diff --git a/t/version.t b/t/version.t
index 061a063..e523f97 100644
--- a/t/version.t
+++ b/t/version.t
@@ -1,4 +1,5 @@
use strict;
+use warnings;
use Test::More;
use Module::Metadata;
use lib "t/lib/0_2";
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libmodule-metadata-perl.git
More information about the Pkg-perl-cvs-commits
mailing list