[Bps-public-commit] GnuPG-Interface branch fix-perl-5-38-taint-mode created. 1.02-2-g3745c68

BPS Git Server git at git.bestpractical.com
Thu Sep 14 15:26:40 UTC 2023 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG-Interface".

The branch, fix-perl-5-38-taint-mode has been created
        at  3745c68f4fc314d4f4566da8fd8bc7f8c37b93fa (commit)

- Log -----------------------------------------------------------------
commit 3745c68f4fc314d4f4566da8fd8bc7f8c37b93fa
Author: Brad Embree <brad at bestpractical.com>
Date:   Thu Sep 14 08:24:10 2023 -0700

    Add fix for taint mode in Perl 5.38
    
    Patch provided by Andrew Ruthven to fix taint mode in Perl 5.38.

diff --git a/lib/GnuPG/Interface.pm b/lib/GnuPG/Interface.pm
index 905ae30..3d45e38 100644
--- a/lib/GnuPG/Interface.pm
+++ b/lib/GnuPG/Interface.pm
@@ -351,7 +351,11 @@ sub fork_attach_exec( $% ) {
             @commands,     @command_args
         );
 
-        local $ENV{PATH} if tainted $ENV{PATH};
+        # On Unix, PATH is by default '.' and Perl >= v5.38 rejects '.'
+        # being in the path when in taint mode. Set a path, if running
+        # in taint mode whomever is calling us should be providing the
+        # path to the gpg program to use.
+        local $ENV{PATH} = '/usr/bin' if tainted $ENV{PATH};
         exec @command or die "exec() error: $ERRNO";
     }
 

commit d1f64a5fcc3151dd8d39097c9d97b11ad7283562
Author: Brad Embree <brad at bestpractical.com>
Date:   Thu Sep 14 08:23:17 2023 -0700

    Add test for running in taint mode
    
    Patch provided by Andrew Ruthven

diff --git a/t/taint_mode.t b/t/taint_mode.t
new file mode 100644
index 0000000..b9d8df8
--- /dev/null
+++ b/t/taint_mode.t
@@ -0,0 +1,26 @@
+#!/usr/bin/perl -wT
+#
+# Ensure we can instatiate in Taint mode. Don't need to
+# do any work, as GnuPG::Interface runs the command we're going
+# to use to detect the version.
+
+use strict;
+
+use lib './t';
+use MyTest;
+
+use GnuPG::Interface;
+
+my $gnupg;
+
+# See that we instantiate an object in Taint mode
+TEST
+{
+    $gnupg = GnuPG::Interface->new( call => '/usr/bin/gpg' );
+};
+
+# See that version is set
+TEST
+{
+    defined $gnupg->version;
+};

-----------------------------------------------------------------------


hooks/post-receive
-- 
GnuPG-Interface

More information about the Bps-public-commit mailing list