[perl.git] branch smoke-me/cpan-115808, created. v5.25.2-87-g9bf81d175

Sat, 02 Jul 2016 23:11:55 -0700 

In perl.git, the branch smoke-me/cpan-115808 has been created

<http://perl5.git.perl.org/perl.git/commitdiff/9bf81d175ba72d8aa20b65d37cd585d6318d0ea3?hp=0000000000000000000000000000000000000000>

        at  9bf81d175ba72d8aa20b65d37cd585d6318d0ea3 (commit)

- Log -----------------------------------------------------------------
commit 9bf81d175ba72d8aa20b65d37cd585d6318d0ea3
Author: Father Chrysostomos <[email protected]>
Date:   Sat Jul 2 22:57:46 2016 -0700

    Increase $XSLoader::VERSION to 0.22

M       dist/XSLoader/XSLoader_pm.PL

commit 014d8912d3969aa3286cad4fe79ee5d596668309
Author: Father Chrysostomos <[email protected]>
Date:   Sat Jul 2 22:56:51 2016 -0700

    Don’t let XSLoader load relative paths
    
    [rt.cpan.org #115808]
    
    The logic in XSLoader for determining the library goes like this:
    
        my $c = () = split(/::/,$caller,-1);
        $modlibname =~ s,[\\/][^\\/]+$,, while $c--;    # Q&D basename
        my $file = "$modlibname/auto/$modpname/$modfname.bundle";
    
    (That last line varies by platform.)
    
    $caller is the calling package.  $modlibname is the calling file.  It
    removes as many path segments from $modlibname as there are segments
    in $caller.  So if you have List/MoreUtils/XS.pm calling XSLoader from
    the List::MoreUtils package, the $modlibname will end up containing
    the path in @INC where XS.pm was found, following by "/List".  Usually
    the fallback to Dynaloader::bootstrap_inherit, which does an @INC
    search, makes things Just Work.
    
    But List/MoreUtils/XS.pm actually calls XSLoader::load from
    inside a string eval.  That means the path ends up being
    "(eval 1)/auto/List/MoreUtils/MoreUtils.bundle".
    
    So if someone creates a directory named ‘(eval 1)’ with a
    naughty binary file in it, it will be loaded if a script
    using List::MoreUtils is run in the parent directory.  See
    <https://rt.cpan.org/Ticket/Display.html?id=115808>.
    
    This commit makes XSLoader fall back to Dynaloader’s @INC search if
    the calling file has a relative path.

M       dist/XSLoader/XSLoader_pm.PL
M       dist/XSLoader/t/XSLoader.t
-----------------------------------------------------------------------

--
Perl5 Master Repository

Reply via email to