Bug#794963: libnet-xmpp-perl: "Insecure dependency in eval (...) at /usr/share/perl5/Net/XMPP/Protocol.pm line 1007."
Axel Beckert
abe at debian.org
Sat Aug 8 19:05:10 UTC 2015
Hi,
Christoph Biedl wrote:
> after upgrading to jessie, an XMPP client application written in Perl
> failed to start with
>
> | Insecure dependency in eval while running setuid at /usr/share/perl5/Net/XMPP/Protocol.pm line 1007.
>
> The offending line
>
> | eval "\$obj = new $NEWOBJECT{$tag}(\$tree);";
>
> isn't something I'd call good Perl style. Replacing it with
>
> | eval { $obj = new {$NEWOBJECT{$tag}}($tree); };
>
> made the woes go away. This code still exists in stretch.
There is a new upstream release available which also changed that
code, but differently:
https://metacpan.org/source/DAPATRICK/Net-XMPP-1.05/lib/Net/XMPP/Protocol.pm#L1302
| eval "\$obj = $NEWOBJECT{$tag}->new(\$tree);";
Likely the relevant changelog entry is this one:
| Replace indirect object notation with direct invocation notation
Regards, Axel
--
,''`. | Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
More information about the pkg-perl-maintainers
mailing list