CPANTS

PAR 1.002

Security Advisories

CVE-2011-4114

PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).

https://rt.cpan.org/Public/Bug/Display.html?id=69560

Fixed version: >=1.003

Reported: 2011-07-18

CVE-2011-5060

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

Fixed version: >=1.003

Reported: 2012-01-13

Kwalitee Issues

This is not the latest release. The following issues may have already been fixed in the newer releases.

meta_yml_conforms_to_known_spec

Take a look at the META.yml Spec at https://metacpan.org/pod/CPAN::Meta::History::Meta_1_4 (for version 1.4) or https://metacpan.org/pod/CPAN::Meta::Spec (for version 2), and change your META.yml accordingly.

Error: 'Module::Signature' for 'Digest' is not a valid version. (recommends -> Digest) [Validation: 1.4]

use_strict

Add 'use strict' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules are strictly written.

Error: PAR::Heavy

no_pod_errors

Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.

Error: PAR-1.002/lib/PAR/FAQ.pod -- Around line 215: Non-ASCII character seen before =encoding in 'âicon'. Assuming UTF-8

3 Extra Issues

has_meta_json

Add a META.json to the distribution. Your buildtool should be able to autogenerate it.

use_warnings

Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.

Error: PAR::Heavy

consistent_version

Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).

Error: 0.12,1.002

2 Experimental Issues

meta_yml_has_repository_resource: Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
has_separate_license_file: This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.

Modules

Name	Abstract	Version	View
PAR	Perl Archive Toolkit	1.002	metacpan
PAR::Heavy	PAR guts	0.12	metacpan
PAR::SetupProgname	Setup $ENV{PAR_PROGNAME}	1.002	metacpan
PAR::SetupTemp	Setup $ENV{PAR_TEMP}	1.002	metacpan

Other Files


ChangeLog	metacpan
MANIFEST	metacpan
META.yml	metacpan
Makefile.PL	metacpan
README	metacpan