.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1 @@
-SOURCES/Module-ScanDeps-1.24.tar.gz
+/Module-ScanDeps-[0-9.]*.tar.gz

.perl-Module-ScanDeps.metadata

@@ -1 +0,0 @@
-dad18fa371bfb1ae7565cceb26b771356fc5ffb4 SOURCES/Module-ScanDeps-1.24.tar.gz

Module-ScanDeps-1.30-fix-parsing-of-use-if.patch

@@ -0,0 +1,31 @@
+From 90476aae7c2b5ef7d94ac1b22672ca8dc4adae20 Mon Sep 17 00:00:00 2001
+From: rschupp <roderich.schupp@gmail.com>
+Date: Thu, 14 Nov 2024 23:09:10 +0100
+Subject: [PATCH] fix parsing of "use if ..."
+
+---
+ lib/Module/ScanDeps.pm | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/lib/Module/ScanDeps.pm
++++ b/lib/Module/ScanDeps.pm
+@@ -874,7 +874,7 @@ sub scan_line {
+           }
+         }
+ 
+-        if (my ($pragma, $args) = /^use \s+ (autouse|if) \s+ (.+)/x)
++        if (my ($pragma, $args) = /^(?:use|no) \s+ (autouse|if) \s+ (.+)/x)
+         {
+             # NOTE: There are different ways the MODULE may
+             # be specified for the "autouse" and "if" pragmas, e.g.
+@@ -887,7 +887,9 @@ sub scan_line {
+             else {
+                 # The syntax of the "if" pragma is
+                 #   use if COND, MODULE => ARGUMENTS
+-                (undef, $module) = _parse_module_list($args);
++                # NOTE: This works only for simple conditions.
++                $args =~ s/.*? (?:,|=>) \s*//x;
++                ($module) = _parse_module_list($args);
+             }
+             $found{_mod2pm($pragma)}++;
+             $found{_mod2pm($module)}++ if $module;

Module-ScanDeps-1.30-replace-eval-constructs.patch

@@ -0,0 +1,139 @@
+From bc57e5072fc7ace1d206246999dd852652939335 Mon Sep 17 00:00:00 2001
+From: rschupp <roderich.schupp@gmail.com>
+Date: Mon, 21 Oct 2024 14:08:01 +0200
+Subject: [PATCH] replace 'eval "..."' constructs
+
+---
+ lib/Module/ScanDeps.pm | 122 ++++++++++++++++++++++++++---------------
+ 1 file changed, 78 insertions(+), 44 deletions(-)
+
+--- a/lib/Module/ScanDeps.pm
++++ b/lib/Module/ScanDeps.pm
+@@ -880,41 +880,26 @@ sub scan_line {
+             # be specified for the "autouse" and "if" pragmas, e.g.
+             #   use autouse Module => qw(func1 func2);
+             #   use autouse "Module", qw(func1);
+-            # To avoid to parse them ourself, we simply try to eval the
+-            # string after the pragma (in a list context). The MODULE
+-            # should be the first ("autouse") or second ("if") element
+-            # of the list.
+             my $module;
+-            {
+-                no strict; no warnings;
+-                if ($pragma eq "autouse") {
+-                    ($module) = eval $args;
+-                }
+-                else {
+-                    # The syntax of the "if" pragma is
+-                    #   use if COND, MODULE => ARGUMENTS
+-                    # The COND may contain undefined functions (i.e. undefined
+-                    # in Module::ScanDeps' context) which would throw an
+-                    # exception. Sneak  "1 || " in front of COND so that
+-                    # COND will not be evaluated. This will work in most
+-                    # cases, but there are operators with lower precedence
+-                    # than "||" which will cause this trick to fail.
+-                    (undef, $module) = eval "1 || $args";
+-                }
+-                # punt if there was a syntax error
+-                return if $@ or !defined $module;
+-            };
+-            $module =~ s{::}{/}g;
+-            $found{"$pragma.pm"}++;
+-            $found{"$module.pm"}++;
++            if ($pragma eq "autouse") {
++                ($module) = _parse_module_list($args);
++            }
++            else {
++                # The syntax of the "if" pragma is
++                #   use if COND, MODULE => ARGUMENTS
++                (undef, $module) = _parse_module_list($args);
++            }
++            $found{_mod2pm($pragma)}++;
++            $found{_mod2pm($module)}++ if $module;
+             next CHUNK;
+         }
+ 
+-        if (my ($how, $libs) = /^(use \s+ lib \s+ | (?:unshift|push) \s+ \@INC \s+ ,) (.+)/x)
++        if (my ($how, $libs) = /^(use \s+ lib \s+ | (?:unshift|push) \s+ \@INC \s*,\s*) (.+)/x)
+         {
+             my $archname = defined($Config{archname}) ? $Config{archname} : '';
+             my $ver = defined($Config{version}) ? $Config{version} : '';
+-            foreach my $dir (do { no strict; no warnings; eval $libs }) {
++            while ((my $dir, $libs) = _parse_libs($libs))
++            {
+                 next unless defined $dir;
+                 my @dirs = $dir;
+                 push @dirs, "$dir/$ver", "$dir/$archname", "$dir/$ver/$archname"
+@@ -932,6 +917,72 @@ sub scan_line {
+     return sort keys %found;
+ }
+ 
++# convert module name to file name
++sub _mod2pm {
++    my $mod = shift;
++    $mod =~ s!::!/!g;
++    return "$mod.pm";
++}
++
++# parse a comma-separated list of module names (as string literals or qw() lists)
++sub _parse_module_list {
++    my $list = shift;
++
++    # split $list on anything that's not a word character or ":"
++    # and ignore "q", "qq" and "qw"
++    return grep { length and !/^:|^q[qw]?$/ } split(/[^\w:]+/, $list);
++}
++
++# incrementally parse a comma separated list library paths:
++# returning a pair: the contents of the first strings literal and the remainder of the string
++# - for "string", 'string', q/string/, qq/string/ also unescape \\ and \<delimiter>)
++# - for qw(foo bar quux) return ("foo", qw(bar quux))
++# - otherwise skip over the first comma and return (undef, "remainder")
++# - return () if the string is exhausted
++# - as a special case, if the string starts with $FindBin::Bin, replace it with our $Bin
++sub _parse_libs {
++    local $_ = shift;
++
++    s/^[\s,]*//;
++    return if $_ eq "";
++
++    if (s/^(['"]) ((?:\\.|.)*?) \1//x) {
++        return (_unescape($1, $2), $_);
++    }
++    if (s/^qq? \s* (\W)//x) {
++        my $opening_delim = $1;
++        (my $closing_delim = $opening_delim) =~ tr:([{<:)]}>:;
++        s/^((?:\\.|.)*?) \Q$closing_delim\E//x;
++        return (_unescape($opening_delim, $1), $_);
++    }
++
++    if (s/^qw \s* (\W)//x) {
++        my $opening_delim = $1;
++        (my $closing_delim = $opening_delim) =~ tr:([{<:)]}>:;
++        s/^((?:\\.|.)*?) \Q$closing_delim\E//x;
++        my $contents = $1;
++        my @list = split(" ", $contents);
++        return (undef, $_) unless @list;
++        my $first = shift @list;
++        return (_unescape($opening_delim, $first),
++                @list ? "qw${opening_delim}@list${closing_delim}$_" : $_);
++    }
++
++    # nothing recognizable in the first list item, skip to the next
++    if (s/^.*? ,//x) {
++        return (undef, $_);
++    }
++    return;     # list exhausted
++}
++
++sub _unescape {
++    my ($delim, $str) = @_;
++    $str =~ s/\\([\\\Q$delim\E])/$1/g;
++    $str =~ s/^\$FindBin::Bin\b/$FindBin::Bin/;
++
++    return $str;
++}
++
+ # short helper for scan_chunk
+ my %LoaderRegexp; # cache
+ sub _build_loader_regexp {

Module-ScanDeps-1.30-use-three-argument-open.patch

@@ -0,0 +1,20 @@
+From 9a46eab1c78656386ba9d18bc4b341f4b2561635 Mon Sep 17 00:00:00 2001
+From: rschupp <roderich.schupp@gmail.com>
+Date: Mon, 21 Oct 2024 14:03:19 +0200
+Subject: [PATCH] use three-argument open()
+
+---
+ lib/Module/ScanDeps.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/Module/ScanDeps.pm
++++ b/lib/Module/ScanDeps.pm
+@@ -810,7 +810,7 @@ sub scan_file{
+     my $file = shift;
+     my %found;
+     my $FH;
+-    open $FH, $file or die "Cannot open $file: $!";
++    open $FH, "<", $file or die "Cannot open $file: $!";
+ 
+     $SeenTk = 0;
+     # Line-by-line scanning

gating.yaml

@@ -0,0 +1,7 @@
+# RHEL
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

perl-Module-ScanDeps.rpmlintrc

@@ -0,0 +1,2 @@
+from Config import *
+addFilter("unexpanded-macro %description -l C %INC");

perl-Module-ScanDeps.spec

@@ -1,17 +1,28 @@
-# Run prefork optional test
+# Run prefork and optional test
+%if ! (0%{?rhel})
 %{bcond_without perl_Module_ScanDeps_enables_prefork}
+%{bcond_without perl_Module_ScanDeps_enables_optional_tests}
+%else
+%{bcond_with perl_Module_ScanDeps_enables_prefork}
+%{bcond_with perl_Module_ScanDeps_enables_optional_tests}
+%endif
 
 Name:           perl-Module-ScanDeps
 Summary:        Recursively scan Perl code for dependencies
-Version:        1.24
+Version:        1.30
-Release:        3%{?dist}
+Release:        6%{?dist}
 License:        GPL+ or Artistic
-Source0:        http://search.cpan.org/CPAN/authors/id/R/RS/RSCHUPP/Module-ScanDeps-%{version}.tar.gz 
+URL:            https://metacpan.org/release/Module-ScanDeps
-URL:            http://search.cpan.org/dist/Module-ScanDeps/
+Source0:        https://cpan.metacpan.org/authors/id/R/RS/RSCHUPP/Module-ScanDeps-%{version}.tar.gz
 BuildArch:      noarch
+# Fixed CVE-2024-10224, in upstream since 1.36
+Patch1:         Module-ScanDeps-1.30-use-three-argument-open.patch
+Patch2:         Module-ScanDeps-1.30-replace-eval-constructs.patch
+Patch3:         Module-ScanDeps-1.30-fix-parsing-of-use-if.patch
+BuildRequires:  coreutils
 BuildRequires:  make
-BuildRequires:  perl-interpreter
 BuildRequires:  perl-generators
+BuildRequires:  perl-interpreter
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  perl(strict)
 BuildRequires:  perl(warnings)
@@ -30,8 +41,10 @@ BuildRequires:  perl(File::Basename)
 BuildRequires:  perl(File::Find)
 BuildRequires:  perl(File::Path)
 BuildRequires:  perl(File::Spec)
+BuildRequires:  perl(File::Spec::Functions)
 BuildRequires:  perl(File::Temp)
 BuildRequires:  perl(FileHandle)
+BuildRequires:  perl(FindBin)
 # Getopt::Long not used by tests
 BuildRequires:  perl(Module::Metadata)
 # Storable is optional and not used by tests
@@ -42,11 +55,15 @@ BuildRequires:  perl(version)
 # VMS::Filespec never used
 # Tests:
 BuildRequires:  perl(autouse)
+BuildRequires:  perl(Carp)
 BuildRequires:  perl(if)
+BuildRequires:  perl(less)
 BuildRequires:  perl(lib)
+BuildRequires:  perl(Net::FTP)
 BuildRequires:  perl(Test::More)
 BuildRequires:  perl(Test::Requires)
 # Optional tests:
+%if %{with perl_Module_ScanDeps_enables_optional_tests}
 BuildRequires:  perl(Module::Pluggable)
 %if !%{defined perl_bootstrap} && %{with perl_Module_ScanDeps_enables_prefork}
 # Cycle: perl-Module-ScanDeps → perl-prefork → perl-Perl-MinimumVersion
@@ -56,34 +73,94 @@ BuildRequires:  perl(Module::Pluggable)
 BuildRequires:  perl(prefork)
 %endif
 BuildRequires:  perl(Test::Pod) >= 1.00
-Requires:       perl(:MODULE_COMPAT_%(eval "$(perl -V:version)"; echo $version))
+%endif
 Requires:       perl(B)
 Requires:       perl(DynaLoader)
 Requires:       perl(Data::Dumper)
 Requires:       perl(Encode)
 Requires:       perl(File::Find)
+Requires:       perl(FindBin)
 Requires:       perl(Text::ParseWords)
 Recommends:     perl(Digest::MD5)
 Recommends:     perl(Storable)
 Suggests:       perl(CPANPLUS::Backend)
 
+# Filter modules bundled for tests
+%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}/%{name}
+%global __requires_exclude_from %{?__requires_exclude_from:%__requires_exclude_from|}^%{_libexecdir}/%{name}/t/data
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Utils\\)
+%if %{defined perl_bootstrap} || %{without perl_Module_ScanDeps_enables_prefork}
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(prefork\\)
+%endif
+
 %description
 This module scans potential modules used by perl programs and returns a
 hash reference.  Its keys are the module names as they appear in %%INC (e.g.
 Test/More.pm).  The values are hash references.
 
+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl-Test-Harness
+Requires:       perl(AutoLoader)
+Requires:       perl(autouse)
+Requires:       perl(Carp)
+Requires:       perl(if)
+Requires:       perl(less)
+Requires:       perl(Net::FTP)
+# Optional tests:
+%if %{with perl_Module_ScanDeps_enables_optional_tests}
+Requires:       perl(Module::Pluggable)
+%if !%{defined perl_bootstrap} && %{with perl_Module_ScanDeps_enables_prefork}
+Requires:       perl(prefork)
+%endif
+%endif
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n Module-ScanDeps-%{version}
+%patch -P1 -p1
+%patch -P2 -p1
+%patch -P3 -p1
+
+# Help file to recognise the Perl scripts
+for F in `find t -name *.t -o -name *.pl`; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done
 
 %build
-perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
-make %{?_smp_mflags}
+%{make_build}
 
 %install
-make pure_install DESTDIR=%{buildroot}
+%{make_install}
 %{_fixperms} %{buildroot}
 
+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t %{buildroot}%{_libexecdir}/%{name}
+rm -f %{buildroot}%{_libexecdir}/%{name}/t/0-pod.t
+perl -i -pe 's{ "-Mblib",}{}' %{buildroot}%{_libexecdir}/%{name}/t/19-autosplit.t
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/bash
+set -e
+# Some tests write into temporary files/directories. The easiest solution
+# is to copy the tests into a writable directory and execute them from there.
+DIR=$(mktemp -d)
+pushd "$DIR"
+cp -a %{_libexecdir}/%{name}/* ./
+prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
+popd
+rm -rf "$DIR"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
+
 %check
+export HARNESS_OPTIONS=j$(perl -e 'if ($ARGV[0] =~ /.*-j([0-9][0-9]*).*/) {print $1} else {print 1}' -- '%{?_smp_mflags}')
 make test
 
 %files
@@ -94,7 +171,83 @@ make test
 %{_mandir}/man1/scandeps.pl.1*
 %{_mandir}/man3/Module::ScanDeps.3pm*
 
+%files tests
+%{_libexecdir}/%{name}
+
 %changelog
+* Fri Nov 22 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.30-6
+- Resolves: RHEL-68282
+- Fix CVE-2024-10224
+- Package tests
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.30-5
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.30-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.30-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Jan 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1.30-2
+- Do not use optional perl(prefork) for ELN
+
+* Thu Jan 14 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1.30-1
+- 1.30 bump
+
+* Wed Aug 19 2020 Petr Pisar <ppisar@redhat.com> - 1.29-1
+- 1.29 bump
+
+* Thu Aug 06 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.28-1
+- 1.28 bump
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.27-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jun 26 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.27-9
+- Perl 5.32 re-rebuild of bootstrapped packages
+
+* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.27-8
+- Perl 5.32 rebuild
+
+* Thu Mar 12 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.27-7
+- Add BRs: perl(less), perl(Carp)
+- Use make_* macros
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.27-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.27-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Jun 02 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.27-4
+- Perl 5.30 re-rebuild of bootstrapped packages
+
+* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.27-3
+- Perl 5.30 rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.27-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Jan 16 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.27-1
+- 1.27 bump
+
+* Fri Dec 14 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.26-1
+- 1.26 bump
+
+* Tue Aug 21 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.25-1
+- 1.25 bump
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.24-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Sun Jul 01 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.24-5
+- Perl 5.28 re-rebuild of bootstrapped packages
+
+* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 1.24-4
+- Perl 5.28 rebuild
+
 * Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.24-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 

plans/sanity.fmf

@@ -0,0 +1,5 @@
+summary: Sanity tests
+discover:
+    how: fmf
+execute:
+    how: tmt

sources

@@ -0,0 +1 @@
+SHA512 (Module-ScanDeps-1.30.tar.gz) = 4813dd38e6defc2576b802f5fda2712f06cc6c763f06aa82115957f2b6eed36a14cd835669c46acc5ec9afd5a74c750b3f0f9a574471017e7a58fefede5311ac

tests/upstream-tests.fmf

@@ -0,0 +1,12 @@
+summary: Upstream tests
+contact: Jitka Plesnikova <jplesnik@redhat.com>
+component: perl-Module-ScanDeps
+require: perl-Module-ScanDeps-tests
+test: /usr/libexec/perl-Module-ScanDeps/test
+enabled: true
+tag:
+  - rhel-buildroot
+adjust:
+  - enabled: false
+    when: distro < rhel-9 or distro < centos-stream-9
+    continue: false