Bug#1042985: libgnupg-interface-perl: FTBFS with Perl 5.38: Insecure directory in $ENV{PATH} while running with -T switch
Niko Tyni
ntyni at debian.org
Thu Aug 3 20:10:04 BST 2023
Source: libgnupg-interface-perl
Version: 1.02-3
Severity: important
Tags: ftbfs trixie sid
User: debian-perl at lists.debian.org
Usertags: perl-5.38-transition
X-Debbugs-Cc: Andrew Ruthven <andrew at etc.gen.nz>
This package fails to build from source with Perl 5.38 (currently in
experimental.)
http://perl.debian.net/rebuild-logs/perl-5.38-throwaway/libgnupg-interface-perl_1.02-3/libgnupg-interface-perl_1.02-3_amd64-2023-07-06T13:45:16Z.build
Insecure directory in $ENV{PATH} while running with -T switch at /<<PKGBUILDDIR>>/blib/lib/GnuPG/Interface.pm line 355.
Use of uninitialized value $line in pattern match (m//) at /<<PKGBUILDDIR>>/blib/lib/GnuPG/Interface.pm line 828.
Use of uninitialized value $a in split at /<<PKGBUILDDIR>>/blib/lib/GnuPG/Interface.pm line 842.
Use of uninitialized value $a in split at /<<PKGBUILDDIR>>/blib/lib/GnuPG/Interface.pm line 842.
GnuPG Version 1.4 or 2.2+ required at (eval 208) line 83.
t/taint.t ..................
1..2
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 2/2 subtests
This is a Debian specific test file (debian/patches/detect-taint-mode)
but it seems to flag a real upstream issue.
lib/GnuPG/Interface.pm has this:
local $ENV{PATH} if tainted $ENV{PATH};
exec @command or die "exec() error: $ERRNO";
which broke with
https://github.com/Perl/perl5/commit/5ede4453c4877110eb5214ff400c173210b101b1
for a good reason: an empty $ENV{PATH} is equivalent to '.' (cwd).
Andrew, I'm copying you as you were involved in this stuff a few years
back so you might still be interested :)
Hm, possibly perl should add a Breaks for earlier versions once this is fixed.
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list