Bug#616288: perl-modules: SelfLoader breaks when taint-checking is enabled
Niko Tyni
ntyni at debian.org
Sat Mar 5 19:44:45 UTC 2011
forwarded 616288 http://rt.perl.org/rt3/Public/Bug/Display.html?id=72062
tag 616288 patch fixed-upstream
thanks
On Thu, Mar 03, 2011 at 10:58:37AM +0200, Niko Tyni wrote:
> On Thu, Mar 03, 2011 at 12:06:56AM -0800, Devin Carraway wrote:
> > Package: perl-modules
> > Version: 5.10.0-19lenny3
> > Severity: normal
>
> > Packages using SelfLoader (older ones, generally) seem to have broken recently
> > when taint checking is enabled. I haven't narrowed down exactly where this
> > was introduced, but I don't believe I saw it prior to the 5.0.8 point release
> > of Lenny, which included perl security fixes.
>
> I can reproduce this with 5.10.0-19lenny2 but not 5.8.8-7etch6.
> I suspect it broke between Etch and Lenny rather than a point update.
This is [perl #72062], fixed in SelfLoader-1.18 / Perl 5.13.7 with
http://perl5.git.perl.org/perl.git/commit/a3a44df66ac2cb0beb603b3dd9697fd81cfcfb30
The problem was introduced in Perl 5.10.0 with
http://perl5.git.perl.org/perl.git/commit/add1a1a3c3dc28dd49272f4754cfc04acae28e3b
Note that the upstream ticket has a longish discussion on whether silently
importing IO::Handle in such a low level module has bad side effects. The
patch has so far not made it into the 5.12 series, so we should probably
wait for 5.14 as well instead of backporting the patch.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list