rpms / perl

Clone
Source Code
GIT

Files

  1.   aa813884ece3e14d2a183724179df1431f198932
  2.   perl-5.10.0-Module-Load-Conditional-0.24.patch
Blob Blame History Raw 
diff -up perl-5.10.0/lib/Module/Load/Conditional.pm.BAD perl-5.10.0/lib/Module/Load/Conditional.pm
--- perl-5.10.0/lib/Module/Load/Conditional.pm.BAD	2007-12-18 05:47:07.000000000 -0500
+++ perl-5.10.0/lib/Module/Load/Conditional.pm	2008-03-08 15:26:18.000000000 -0500
@@ -9,7 +9,7 @@ use Locale::Maketext::Simple Style  => '
 use Carp        ();
 use File::Spec  ();
 use FileHandle  ();
-use version     qw[qv];
+use version;
 
 use constant ON_VMS  => $^O eq 'VMS';
 
@@ -18,7 +18,7 @@ BEGIN {
                         $FIND_VERSION $ERROR $CHECK_INC_HASH];
     use Exporter;
     @ISA            = qw[Exporter];
-    $VERSION        = '0.22';
+    $VERSION        = '0.24';
     $VERBOSE        = 0;
     $FIND_VERSION   = 1;
     $CHECK_INC_HASH = 0;
@@ -280,8 +280,14 @@ sub check_install {
         ### use qv(), as it will deal with developer release number
         ### ie ones containing _ as well. This addresses bug report
         ### #29348: Version compare logic doesn't handle alphas?
+        ###
+        ### Update from JPeacock: apparently qv() and version->new
+        ### are different things, and we *must* use version->new
+        ### here, or things like #30056 might start happening
         $href->{uptodate} = 
-            qv( $args->{version} ) <= qv( $href->{version} ) ? 1 : 0;
+            version->new( $args->{version} ) <= version->new( $href->{version} )
+                ? 1 
+                : 0;
     }
 
     return $href;
@@ -301,7 +307,8 @@ sub _parse_version {
     ### regex breaks under -T, we must modifiy it so
     ### it captures the entire expression, and eval /that/
     ### rather than $_, which is insecure.
-
+    my $taint_safe_str = do { $str =~ /(^.*$)/sm; $1 };
+        
     if( $str =~ /(?<!\\)([\$*])(([\w\:\']*)\bVERSION)\b.*\=/ ) {
         
         print "Evaluating: $str\n" if $verbose;
@@ -321,7 +328,7 @@ sub _parse_version {
 
             local $1$2;
             \$$2=undef; do {
-                $str
+                $taint_safe_str
             }; \$$2
         };
         
@@ -426,9 +433,14 @@ sub can_load {
             ### use qv(), as it will deal with developer release number
             ### ie ones containing _ as well. This addresses bug report
             ### #29348: Version compare logic doesn't handle alphas?
+            ###
+            ### Update from JPeacock: apparently qv() and version->new
+            ### are different things, and we *must* use version->new
+            ### here, or things like #30056 might start happening            
             if (    !$args->{nocache}
                     && defined $CACHE->{$mod}->{usable}
-                    && (qv($CACHE->{$mod}->{version}||0) >= qv($href->{$mod}))
+                    && (version->new( $CACHE->{$mod}->{version}||0 ) 
+                        >= version->new( $href->{$mod} ) )
             ) {
                 $error = loc( q[Already tried to use '%1', which was unsuccessful], $mod);
                 last BLOCK;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.