CPAN 1.76_52 Deleted
Security Advisories
CVE-2023-31484
The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client
- https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0
- https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
- https://github.com/andk/cpanpm/pull/175
- https://www.openwall.com/lists/oss-security/2023/04/18/14
Fixed version: >=2.35
Reported: 2023-02-28
Archive::Tar preserves permissions in the tarball; extracted file permissions will be set from users umask instead.
- https://github.com/andk/cpanpm/commit/079fa2e7ee77d626eab8bb06d0465c6a05f6c8b6
- https://rt.cpan.org/Ticket/Display.html?id=46384
Fixed version: >=1.93
Reported: 2009-09-23
CVE-2020-16156
CPAN 2.28 allows Signature Verification Bypass.
- https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
- http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
Fixed version: >=2.29
Severity: high
Reported: 2021-12-13
Kwalitee Issues
- no_files_to_be_skipped
-
Fix MANIFEST.SKIP or use an authoring tool which respects MANIFEST.SKIP. Note that each entry in MANIFEST.SKIP is a regular expression. You may need to add appropriate meta characters not to ignore necessary stuff.
Error: ChangeLog,MANIFEST.SKIP
- has_human_readable_license
-
Add a section called "LICENSE" to the documentation, or add a file named LICENSE to the distribution.
- has_license_in_source_file
-
Add =head1 LICENSE and the text of the license to the main module in your code.
- use_strict
-
Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.
Error: Bundle::CPAN
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: CPAN-1.76_52/lib/Bundle/CPAN.pm -- Around line 58: Non-ASCII character seen before =encoding in 'König'. Assuming CP1252
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- proper_libs
-
Move your *.pm files in a directory named 'lib'. The directory structure should look like 'lib/Your/Module.pm' for a module named 'Your::Module'. If you need to provide additional files, e.g. for testing, that should not be considered for Kwalitee, then you should look at the 'provides' map in META.yml to limit the files scanned; or use the 'no_index' map to exclude parts of the distribution.
Error: BUNDLE/Test/Builder.pm, BUNDLE/Test/More.pm
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- has_known_license_in_source_file
-
Add =head1 LICENSE and/or the proper text of the well-known license to the main module in your code.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: Bundle::CPAN, CPAN, CPAN::Admin, CPAN::FirstTime, CPAN::Nox, Test::Builder, Test::More
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- Test::Builder
- Test::More
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.17,0.47,1.012,1.58,1.76_52,2.147
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Bundle::CPAN | A bundle to play with all the other modules on CPAN | 1.58 | metacpan |
CPAN | query, download and build perl modules from CPAN sites | 1.76_52 | metacpan |
CPAN::Admin | A CPAN Shell for CPAN admins | 1.012 | metacpan |
CPAN::FirstTime | Utility for CPAN::Config file Initialization | 2.147 | metacpan |
CPAN::Nox | Wrapper around CPAN.pm without using any XS module | 2.147 | metacpan |
Test::Builder | 0.17 | metacpan | |
Test::More | 0.47 | metacpan |
Provides
Name | File | View |
---|---|---|
CPAN::Author | lib/CPAN.pm | metacpan |
CPAN::Bundle | lib/CPAN.pm | metacpan |
CPAN::CacheMgr | lib/CPAN.pm | metacpan |
CPAN::Complete | lib/CPAN.pm | metacpan |
CPAN::Config | lib/CPAN.pm | metacpan |
CPAN::Debug | lib/CPAN.pm | metacpan |
CPAN::Distribution | lib/CPAN.pm | metacpan |
CPAN::Eval | lib/CPAN.pm | metacpan |
CPAN::Exception::RecursiveDependency | lib/CPAN.pm | metacpan |
CPAN::FTP | lib/CPAN.pm | metacpan |
CPAN::FTP::netrc | lib/CPAN.pm | metacpan |
CPAN::Index | lib/CPAN.pm | metacpan |
CPAN::InfoObj | lib/CPAN.pm | metacpan |
CPAN::LWP::UserAgent | lib/CPAN.pm | metacpan |
CPAN::Mirrored::By | lib/CPAN/FirstTime.pm | metacpan |
CPAN::Module | lib/CPAN.pm | metacpan |
CPAN::Queue | lib/CPAN.pm | metacpan |
CPAN::Shell | lib/CPAN.pm | metacpan |
CPAN::Tarzip | lib/CPAN.pm | metacpan |