Control: tags -1 - pending Hi,
It appears I missed one of the patches. Here it is. Apologies for the oversight/noise. Thanks, Dominic.
>From 142436ea9b345e35c70c55cb3163b6dfe4c32385 Mon Sep 17 00:00:00 2001 From: Dominic Hargreaves <[email protected]> Date: Wed, 20 Jul 2016 00:25:25 +0100 Subject: [PATCH 2/4] Export PERL_USE_UNSAFE_INC to fix a further set of packages which fail to build with . removed from @INC --- Debian/Debhelper/Dh_Lib.pm | 5 +++++ debian/changelog | 2 ++ 2 files changed, 7 insertions(+) diff --git a/Debian/Debhelper/Dh_Lib.pm b/Debian/Debhelper/Dh_Lib.pm index 0519d20..64ea4ac 100644 --- a/Debian/Debhelper/Dh_Lib.pm +++ b/Debian/Debhelper/Dh_Lib.pm @@ -982,6 +982,11 @@ sub set_buildflags { return if $ENV{DH_INTERNAL_BUILDFLAGS} || compat(8); $ENV{DH_INTERNAL_BUILDFLAGS}=1; + # Export PERL_USE_UNSAFE_INC as a transitional step to allow us + # to remove . from @INC by default without breaking packages which + # rely on this [CVE-2016-1238] + $ENV{PERL_USE_UNSAFE_INC}=1; + eval "use Dpkg::BuildFlags"; if ($@) { warning "unable to load build flags: $@"; diff --git a/debian/changelog b/debian/changelog index d1455c4..c5d2a6d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ debhelper (9.20150101+deb8u1) UNRELEASED; urgency=medium * Non-maintainer upload. * Invoke Makefile.PL and Build.PL with perl -I. as part of the fixes for CVE-2016-1238 + * Export PERL_USE_UNSAFE_INC to fix a further set of packages which + fail to build with . removed from @INC -- Dominic Hargreaves <[email protected]> Thu, 07 Jul 2016 16:53:02 +0200 -- 2.1.4
