Upgrade Module::Metadata from version 1.000016 to 1.000017

steve-m-hay · steve-m-hay · commit bff978faaae3 · 2013-09-11T09:38:23.000+01:00
diff --git a/MANIFEST b/MANIFEST
@@ -1764,6 +1764,7 @@ cpan/Module-Metadata/t/lib/ENDPOD.pm
 cpan/Module-Metadata/t/lib/MBTest.pm
 cpan/Module-Metadata/t/lib/Tie/CPHash.pm
 cpan/Module-Metadata/t/metadata.t
+cpan/Module-Metadata/t/taint.t
 cpan/Module-Metadata/t/version.t
 cpan/NEXT/lib/NEXT.pm		Pseudo-class NEXT for method redispatch
 cpan/NEXT/t/actual.t		NEXT
diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl
@@ -1241,7 +1241,7 @@ package Maintainers;
 
     'Module::Metadata' => {
         'MAINTAINER'   => 'dagolden',
-        'DISTRIBUTION' => 'ETHER/Module-Metadata-1.000016.tar.gz',
+        'DISTRIBUTION' => 'ETHER/Module-Metadata-1.000017.tar.gz',
         'FILES'        => q[cpan/Module-Metadata],
         'EXCLUDED'     => [
             qr{^maint},
diff --git a/cpan/Module-Metadata/lib/Module/Metadata.pm b/cpan/Module-Metadata/lib/Module/Metadata.pm
@@ -10,8 +10,9 @@ package Module::Metadata;
 # parrot future to look at other types of modules).
 
 use strict;
-use vars qw($VERSION);
-$VERSION = '1.000016';
+use warnings;
+
+our $VERSION = '1.000017';
 $VERSION = eval $VERSION;
 
 use Carp qw/croak/;
@@ -649,7 +650,7 @@ sub _evaluate_version_line {
   # compiletime/runtime issues with local()
   my $vsub;
   $pn++; # everybody gets their own package
-  my $eval = qq{BEGIN { q#  Hide from _packages_inside()
+  my $eval = qq{BEGIN { my \$dummy = q#  Hide from _packages_inside()
     #; package Module::Metadata::_version::p$pn;
     use version;
     no strict;
@@ -662,6 +663,8 @@ sub _evaluate_version_line {
       };
   }};
 
+  $eval = $1 if $eval =~ m{^(.+)}s;
+
   local $^W;
   # Try to get the $VERSION
   eval $eval;
diff --git a/cpan/Module-Metadata/t/encoding.t b/cpan/Module-Metadata/t/encoding.t
@@ -1,6 +1,7 @@
 #!perl
 
 use strict;
+use warnings;
 use File::Spec;
 use Test::More;
 
diff --git a/cpan/Module-Metadata/t/lib/DistGen.pm b/cpan/Module-Metadata/t/lib/DistGen.pm
@@ -1,6 +1,7 @@
 package DistGen;
 
 use strict;
+use warnings;
 
 use vars qw( $VERSION $VERBOSE @EXPORT_OK);
 
@@ -182,6 +183,7 @@ sub _gen_default_filedata {
       \$VERSION = '0.01';
 
       use strict;
+      use warnings;
 
       1;
 
@@ -205,6 +207,7 @@ sub _gen_default_filedata {
   $self->$add_unless('t/basic.t', undent(<<"    ---"));
     use Test::More tests => 1;
     use strict;
+    use warnings;
 
     use $self->{name};
     ok 1;
@@ -470,6 +473,7 @@ sub change_build_pl {
 
   $self->change_file( 'Build.PL', undent(<<"    ---") );
     use strict;
+    use warnings;
     use Module::Build;
     my \$b = Module::Build->new(
     # Some CPANPLUS::Dist::Build versions need to allow mismatches
diff --git a/cpan/Module-Metadata/t/lib/MBTest.pm b/cpan/Module-Metadata/t/lib/MBTest.pm
@@ -1,6 +1,7 @@
 package MBTest;
 
 use strict;
+use warnings;
 
 use IO::File ();
 use File::Spec;
diff --git a/cpan/Module-Metadata/t/lib/Tie/CPHash.pm b/cpan/Module-Metadata/t/lib/Tie/CPHash.pm
@@ -20,6 +20,7 @@ package Tie::CPHash;
 
 require 5.000;
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 @ISA = qw();
diff --git a/cpan/Module-Metadata/t/metadata.t b/cpan/Module-Metadata/t/metadata.t
@@ -3,6 +3,7 @@
 # vim:ts=8:sw=2:et:sta:sts=2
 
 use strict;
+use warnings;
 use lib 't/lib';
 use IO::File;
 use MBTest;
diff --git a/cpan/Module-Metadata/t/taint.t b/cpan/Module-Metadata/t/taint.t
@@ -0,0 +1,20 @@
+#!/usr/bin/perl -T
+use strict;
+use warnings;
+
+use 5.008000;   # for ${^TAINT}
+use Module::Metadata;
+use Test::More;
+use Test::Fatal;
+
+ok(${^TAINT}, 'taint flag is set');
+
+# without the fix, we get:
+# Insecure dependency in eval while running with -T switch at lib/Module/Metadata.pm line 668, <GEN0> line 15.
+is(
+    exception { Module::Metadata->new_from_module( "Module::Metadata" )->version },
+    undef,
+    'no exception',
+);
+
+done_testing;
diff --git a/cpan/Module-Metadata/t/version.t b/cpan/Module-Metadata/t/version.t
@@ -1,4 +1,5 @@
 use strict;
+use warnings;
 use Test::More;
 use Module::Metadata;
 use lib "t/lib/0_2";
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
@@ -325,10 +325,11 @@ C<requires> has been made more robust. [cpan #83728]
 
 =item *
 
-L<Module::Metadata> has been upgraded from version 1.000014 to 1.000016.
+L<Module::Metadata> has been upgraded from version 1.000014 to 1.000017.
 
 The module's DESCRIPTION has been re-worded regarding safety/security to
-satisfy CVE-2013-1437.
+satisfy CVE-2013-1437.  Also, versions are now detainted if needed. [cpan
+#88576]
 
 =item *
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`use strict;`
	`2`	`+use warnings;`
`2`	`3`	`use Test::More;`
`3`	`4`	`use Module::Metadata;`
`4`	`5`	`use lib "t/lib/0_2";`