Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 417785 - app-portage/g-cpan-0.16.4 broken regexp building for some cpan modules
Summary: app-portage/g-cpan-0.16.4 broken regexp building for some cpan modules
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Robin Johnson
Keywords: PATCH
Depends on:
Reported: 2012-05-27 15:23 UTC by Andreas 'ac0v' Specht
Modified: 2014-07-14 11:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

patch unsecure/broken regexp execution (g-cpan_regexp.patch,557 bytes, patch)
2012-05-27 15:24 UTC, Andreas 'ac0v' Specht
Details | Diff (,657 bytes, text/plain)
2012-05-30 09:21 UTC, Sergiy Borodych

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas 'ac0v' Specht 2012-05-27 15:23:49 UTC
If you try to install eg.

g-cpan -i CPAN-Reporter-Smoker

there is an error during generating ghet ebuild for "Term-Title-0.03":


CPAN: Time::HiRes loaded ok (v1.9719)
 * Test::More is part of the core perl install
 * perl is part of the core perl install
\Unmatched ( in regex; marked by <-- HERE in m/\$^OeqMSWin32?( <-- HERE "Win32/Console"/ at /usr/bin/g-cpan line 541.


The issue is caused by an unsecure way of using foreign data inside of a perl regexp. Patch is attached.
Comment 1 Andreas 'ac0v' Specht 2012-05-27 15:24:31 UTC
Created attachment 313279 [details, diff]
patch unsecure/broken regexp execution
Comment 2 Sergiy Borodych 2012-05-29 06:17:25 UTC
Andreas, are you sure about version ?
Please show
 emerge -pv app-portage/g-cpan
Comment 3 Andreas 'ac0v' Specht 2012-05-29 06:38:14 UTC
Hi Sergiy,

yes, I think that's correct:

    mirror ~ # emerge -pv app-portage/g-cpan

    These are the packages that would be merged, in order:

    Calculating dependencies... done!
    [ebuild   R    ] app-portage/g-cpan-0.16.4  0 kB

    Total: 1 package (1 reinstall), Size of downloads: 0 kB

Comment 4 Sergiy Borodych 2012-05-30 09:20:57 UTC
Sorry Andreas, you are right problem exists.

I just made another path that IMHO could be better,
because it tries to resolve depends like those.
Please check it if you want.

As usually I added it to

I hope this will be included in the package some day :)

See also (ebuild with full patch)
Comment 5 Sergiy Borodych 2012-05-30 09:21:46 UTC
Created attachment 313593 [details]
Comment 6 Tony Vroon (RETIRED) gentoo-dev 2014-07-14 11:54:01 UTC
This pull request was actioned and the fix has made it into the 0.16.5 release. My apologies for the rather extreme delay here.