Bug 998447

Summary: Review Request: perl-Taint-Util - Test for and flip the taint flag without regex matches or eval
Product: [Fedora] Fedora Reporter: Paul Howarth <paul>
Component: Package ReviewAssignee: Ralf Corsepius <rc040203>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: notting, rc040203
Target Milestone: ---Flags: rc040203: fedora-review+
gwync: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: perl-Taint-Util-0.08-3.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-30 22:57:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 998496    

Description Paul Howarth 2013-08-19 10:47:10 UTC 
Spec URL: http://subversion.city-fan.org/repos/cfo-repo/perl-Taint-Util/branches/fedora/perl-Taint-Util.spec
SRPM URL: http://www.city-fan.org/~paul/extras/perl-Taint-Util/perl-Taint-Util-0.08-2.fc20.src.rpm

Description:
Wraps perl's internal routines for checking and setting the taint flag and
thus does not rely on regular expressions for untainting or odd tricks
involving eval and kill for checking whether data is tainted; instead, it
checks and flips a flag on the scalar in-place.

Fedora Account System Username: pghmcfc
Comment 1 Ralf Corsepius 2013-08-20 07:06:58 UTC 
Basically OK, but there still seems to be a utf8 issue:

rpmlint complains:
...
perl-Taint-Util.x86_64: W: manual-page-warning /usr/share/man/man3/Taint::Util.3pm.gz 264: warning: macro `AE' not defined
...

Seems to me as if something doesn't grok the HTML magic applied to the author's name inside of Taint/Utils.pm, correctly.
Comment 2 Paul Howarth 2013-08-20 08:21:35 UTC 
I see that issue on an F-18 (or earlier) build but not for F-19 or Rawhide builds. I think it must be an issue with the POD toolchain.
Comment 3 Paul Howarth 2013-08-20 10:11:08 UTC 
In fact it's a bug in Pod::Man prior to 2.26 (podlators 2.4.1), mentioned in this changelog entry:

    * lib/Pod/Man.pm: Fix the ASCII fallback string for the AE
    ligature to use the string that was actually defined.

Updating perl-podlators made this problem go away for me.
Comment 4 Ralf Corsepius 2013-08-20 11:29:45 UTC 
(In reply to Paul Howarth from comment #3)
> In fact it's a bug in Pod::Man prior to 2.26 (podlators 2.4.1),
>
> Updating perl-podlators made this problem go away for me.

I don't think this is an option for f18 and epel, because both don't have perl-podlators ;)

Leaves us with 3 options:
a) Ignore this issue.

b) BR: perl(Man::Pod) >= 2.26, and leave epelX and f18 alone until these distros ship and appropriate Man::Pod.

c) BR: perl(Man::Pod) >= 2.26 for f19/rawhide and manually patch the man-page for epelX and f18.

I am leaning towards b) or c) but am leaving the final decision to your discretion.


Besides this: APPROVED
Comment 5 Paul Howarth 2013-08-20 11:50:34 UTC 
(In reply to Ralf Corsepius from comment #4)
> (In reply to Paul Howarth from comment #3)
> > In fact it's a bug in Pod::Man prior to 2.26 (podlators 2.4.1),
> >
> > Updating perl-podlators made this problem go away for me.
> 
> I don't think this is an option for f18 and epel, because both don't have
> perl-podlators ;)
> 
> Leaves us with 3 options:
> a) Ignore this issue.
> 
> b) BR: perl(Man::Pod) >= 2.26, and leave epelX and f18 alone until these
> distros ship and appropriate Man::Pod.
> 
> c) BR: perl(Man::Pod) >= 2.26 for f19/rawhide and manually patch the
> man-page for epelX and f18.
> 
> I am leaning towards b) or c) but am leaving the final decision to your
> discretion.

Given that I only currently need this as a dependency of perl5i, which is never going to make it to F-18 or earlier due to a myriad of other dependency issues, I'll go for (b) for the time being. I don't expect a Pod::Man update to happen in either F-18 or EPEL so I may consider (c) at a later date.

> Besides this: APPROVED

Thanks for the review.

New Package SCM Request
=======================
Package Name: perl-Taint-Util
Short Description: Test for and flip the taint flag without regex matches or eval
Owners: pghmcfc
Branches: F-19
InitialCC: perl-sig
Comment 6 Gwyn Ciesla 2013-08-20 12:16:11 UTC 
Git done (by process-git-requests).
Comment 7 Fedora Update System 2013-08-20 13:39:43 UTC 
perl-Taint-Util-0.08-3.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/perl-Taint-Util-0.08-3.fc19
Comment 8 Fedora Update System 2013-08-21 00:11:51 UTC 
perl-Taint-Util-0.08-3.fc19 has been pushed to the Fedora 19 testing repository.
Comment 9 Fedora Update System 2013-08-30 22:57:20 UTC 
perl-Taint-Util-0.08-3.fc19 has been pushed to the Fedora 19 stable repository.