In perl.git, the branch maint-5.22 has been updated <http://perl5.git.perl.org/perl.git/commitdiff/09e0d4147e7836adfd05824fba31e72d7078e0e1?hp=15d9149a6d07d0a16068c287f292b98e24f4d29e>
- Log ----------------------------------------------------------------- commit 09e0d4147e7836adfd05824fba31e72d7078e0e1 Author: Steve Hay <[email protected]> Date: Fri Dec 30 17:23:13 2016 +0000 perldelta - Remove section on base.pm; a fix is now expected for 5.22.4 M pod/perldelta.pod commit 3f9fd29b3078c406bbcee750ee3c0efcd400ae4e Author: Steve Hay <[email protected]> Date: Fri Dec 30 17:05:15 2016 +0000 corelist-perldelta.pl update to account for reverted base.pm changes M pod/perldelta.pod commit f7cf1490ec5bb6bae2e4bc879c04e1b33c595173 Author: Steve Hay <[email protected]> Date: Fri Dec 30 16:56:36 2016 +0000 corelist.pl update to account for reverted base.pm changes M dist/Module-CoreList/lib/Module/CoreList.pm commit 6e93caade08a2408d4df814e51eda31aa2fab630 Author: Steve Hay <[email protected]> Date: Fri Dec 30 16:00:51 2016 +0000 Revert base.pm part of "(perl #127834) update CUSTOMIZED entries" This reverts the base.pm part of commit 94c781b3ce20124dcde1f0cce0086cf3fdf51a46. It also reverts the later commits 55acfabdc7e61c9e3607d98a6dbfd77b235c3e73, 990e80c153251695558491b553d71392aa17ca0d and 34527a0964485e5b84e76074838015e516f41e98, which updated customized.dat for various base.pm changes that have since been reverted. base.pm is now as it was in perl-5.22.2, which was not actually in sync with base-2.18 but had no customized.dat entry since files in dist/ are not generally listed anyway. M Porting/Maintainers.pl M t/porting/customized.dat commit 6cd660a9d049ca471bbb5ae7ff865ff93ccee175 Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:57:12 2016 +0000 Revert base.pm part of "dist/: remove . from @INC when loading optional modules" This reverts the base.pm part of commit ac5b10a9c5ff29cb2fbb732524e471547414c5f8. M dist/base/lib/base.pm commit d3eb4f013fc44862ee89e09335ec189ac7e014ac Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:54:37 2016 +0000 Revert base.pm part of "dist/: bump $VERSION as needed" This reverts the base.pm part of commit bfe2dd1e9c3296bebf3ab9adc2ca48d3eb8d105d. M dist/base/lib/base.pm commit a6beb839fe457ff8ed93b362217ef22dc08743f5 Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:51:30 2016 +0000 Revert "[perl #128769] Improve base.pm @INC '.' handling" This reverts commit 37e3ca14ffd858d3892118cd76f2e1e80c767d64. M MANIFEST M dist/base/lib/base.pm D dist/base/t/incdot.t commit 4e0180d0aee62e4f727d557f1190810bc1126190 Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:51:25 2016 +0000 Revert "[perl #128769] base.pm: Localize @INC unconditionally" This reverts commit cdffa5b319d1b55b87e0e4a32787c1da448d68a3. M dist/base/lib/base.pm commit f28f33d13cfd976835e96be0f51c8952822309b7 Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:51:20 2016 +0000 Revert "[perl #128769] Improve base.pm @INC . message" This reverts commit 6bcd39a65fd349de4dea14c3ff0ab91203000105. M dist/base/lib/base.pm M dist/base/t/incdot.t commit e28961db8c9539b25a01ac91a2255ca7da9f7abf Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:51:15 2016 +0000 Revert "try to minimise fallout of base @INC fiddling" This reverts commit 5d8239256e461c077b28d825d18f71242fe53d44. M dist/base/lib/base.pm M dist/base/t/incdot.t D dist/base/t/incmodified-vs-incdot.t D dist/base/t/lib/BaseIncDoubleExtender.pm D dist/base/t/lib/BaseIncExtender.pm commit 9ecc5e9b1832c6fa319505037cc313232ebead35 Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:51:05 2016 +0000 Revert "MANIFEST typo" This reverts commit 9189fdaf3f6c98cc9f7e7c18041630ce66d906bb. M MANIFEST commit 8b2acdc9801b270d39e83b5ef38347dffac88b47 Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:50:51 2016 +0000 Revert "Update MANIFEST for previous commit" This reverts commit 6ee385e514e057ac876a4fbea6bcfebeb5ad7efa. M MANIFEST commit 37aa3ff35c0e560b5be43acb458043c14c302e4b Author: Steve Hay <[email protected]> Date: Fri Dec 30 14:50:38 2016 +0000 Revert "revert base.pm incdot test change and fix properly" This reverts commit 560e9eed36e28cd67ee5166736bd048f2e6d7a08. M dist/base/lib/base.pm M dist/base/t/incdot.t ----------------------------------------------------------------------- Summary of changes: MANIFEST | 4 --- Porting/Maintainers.pl | 4 --- dist/Module-CoreList/lib/Module/CoreList.pm | 3 +- dist/base/lib/base.pm | 34 ++++------------------- dist/base/t/incdot.t | 19 ------------- dist/base/t/incmodified-vs-incdot.t | 27 ------------------ dist/base/t/lib/BaseIncDoubleExtender.pm | 9 ------ dist/base/t/lib/BaseIncExtender.pm | 7 ----- pod/perldelta.pod | 43 +++-------------------------- t/porting/customized.dat | 1 - 10 files changed, 10 insertions(+), 141 deletions(-) delete mode 100644 dist/base/t/incdot.t delete mode 100644 dist/base/t/incmodified-vs-incdot.t delete mode 100644 dist/base/t/lib/BaseIncDoubleExtender.pm delete mode 100644 dist/base/t/lib/BaseIncExtender.pm diff --git a/MANIFEST b/MANIFEST index 05a0065f47..a8d68546f8 100644 --- a/MANIFEST +++ b/MANIFEST @@ -2892,11 +2892,7 @@ dist/base/t/fields-5_6_0.t See if fields work dist/base/t/fields-5_8_0.t See if fields work dist/base/t/fields-base.t See if fields work dist/base/t/fields.t See if fields work -dist/base/t/incdot.t Test how base.pm handles '.' in @INC -dist/base/t/incmodified-vs-incdot.t Test base.pm's @INC fiddling dist/base/t/isa.t See if base's behaviour doesn't change -dist/base/t/lib/BaseIncDoubleExtender.pm Test module for base.pm -dist/base/t/lib/BaseIncExtender.pm Test module for base.pm dist/base/t/lib/Broken.pm Test module for base.pm dist/base/t/lib/Dummy.pm Test module for base.pm dist/base/t/lib/HasSigDie.pm Module for testing base.pm diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index d66e120bf0..a9ed05b40e 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -186,10 +186,6 @@ use File::Glob qw(:case); 'base' => { 'DISTRIBUTION' => 'RGARCIA/base-2.18.tar.gz', 'FILES' => q[dist/base], - 'CUSTOMIZED' => [ - # https://rt.perl.org/Ticket/Display.html?id=127834 - qw( lib/base.pm ) - ], }, 'bignum' => { diff --git a/dist/Module-CoreList/lib/Module/CoreList.pm b/dist/Module-CoreList/lib/Module/CoreList.pm index a1b6d52b9e..ca20a1a40b 100644 --- a/dist/Module-CoreList/lib/Module/CoreList.pm +++ b/dist/Module-CoreList/lib/Module/CoreList.pm @@ -13681,7 +13681,6 @@ for my $version ( sort { $a <=> $b } keys %released ) { 'Test' => '1.26_01', 'Test::Harness' => '3.35_01', 'XSLoader' => '0.20_01', - 'base' => '2.22_01', 'bigint' => '0.39_01', 'bignum' => '0.39_01', 'bigrat' => '0.39_01', @@ -15191,7 +15190,7 @@ for my $version (sort { $a <=> $b } keys %deprecated) { 'Text::Wrap' => undef, 'Tie::RefHash' => undef, 'Time::HiRes' => undef, - 'Time::Local' => 'http://rt.cpan.org/Public/Dist/Display.html?Name=Time-Local', + 'Time::Local' => 'https://github.com/houseabsolute/Time-Local/issues', 'Time::Piece' => undef, 'Time::Seconds' => undef, 'Unicode::Collate' => undef, diff --git a/dist/base/lib/base.pm b/dist/base/lib/base.pm index 1b318b6854..5d1378786d 100644 --- a/dist/base/lib/base.pm +++ b/dist/base/lib/base.pm @@ -2,15 +2,9 @@ package base; use strict 'vars'; use vars qw($VERSION); -$VERSION = '2.22_01'; +$VERSION = '2.22'; $VERSION = eval $VERSION; -# simplest way to avoid indexing of the package: no package statement -sub base::__inc_scope_guard::DESTROY { - my $noop = $_[0][0]; - ref $_ and $_ == $noop and $_ = '.' for @INC; -} - # constant.pm is slow sub SUCCESS () { 1 } @@ -96,17 +90,13 @@ sub import { next if grep $_->isa($base), ($inheritor, @bases); - # Following blocks help isolate $SIG{__DIE__} and @INC changes + # Following blocks help isolate $SIG{__DIE__} changes { my $sigdie; { local $SIG{__DIE__}; my $fn = _module_to_filename($base); - my $dotty = $INC[-1] eq '.' && ( $INC[-1] = sub {()} ); - eval { - my $redotty = $dotty && bless [ $dotty ], 'base::__inc_scope_guard'; - require $fn - }; + eval { require $fn }; # Only ignore "Can't locate" errors from our eval require. # Other fatal errors (syntax etc) must be reported. # @@ -119,26 +109,12 @@ sub import { || $@ =~ /Compilation failed in require at .* line [0-9]+(?:, <[^>]*> (?:line|chunk) [0-9]+)?\.\n\z/; unless (%{"$base\::"}) { require Carp; - my @inc = $dotty ? @INC[0..$#INC-1] : @INC; local $" = " "; - my $e = <<ERROR; + Carp::croak(<<ERROR); Base class package "$base" is empty. (Perhaps you need to 'use' the module which defines that package first, - or make that module available in \@INC (\@INC contains: @inc). + or make that module available in \@INC (\@INC contains: @INC). ERROR - if ($dotty && -e $fn) { - $e .= <<ERROS; - The file $fn does exist in the current directory. But note - that base.pm, when loading a module, now ignores the current working - directory if it is the last entry in \@INC. If your software worked on - previous versions of Perl, the best solution is to use FindBin to - detect the path properly and to add that path to \@INC. As a last - resort, you can re-enable looking in the current working directory by - adding "use lib '.'" to your code. -ERROS - } - $e =~ s/\n\z/)\n/; - Carp::croak($e); } $sigdie = $SIG{__DIE__} || undef; } diff --git a/dist/base/t/incdot.t b/dist/base/t/incdot.t deleted file mode 100644 index 1619492250..0000000000 --- a/dist/base/t/incdot.t +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/perl -w - -use strict; - -use base (); - -use Test::More tests => 2; - -if ($INC[-1] ne '.') { push @INC, '.' } - -my $inc = quotemeta "@INC[0..$#INC-1]"; - -eval { 'base'->import("foo") }; -like $@, qr/\@INC contains: $inc\).\)/, - 'Error does not list final dot in @INC (or mention use lib)'; -eval { 'base'->import('t::lib::Dummy') }; -like $@, qr<\@INC contains: $inc\).\n(?x: - ) The file t/lib/Dummy\.pm does exist in the current direct>, - 'special cur dir message for existing files in . that are ignored'; diff --git a/dist/base/t/incmodified-vs-incdot.t b/dist/base/t/incmodified-vs-incdot.t deleted file mode 100644 index a5288e861f..0000000000 --- a/dist/base/t/incmodified-vs-incdot.t +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Test::More tests => 10; # one test is in each BaseInc* itself - -use lib 't/lib'; - -# make it look like an older perl -BEGIN { push @INC, '.' if $INC[-1] ne '.' } - -use base 'BaseIncExtender'; - -BEGIN { - is $INC[0], 't/lib/blahblah', 'modules loaded by base can prepend entries to @INC'; - is $INC[1], 't/lib', 'previously prepended additional @INC entry remains'; - is $INC[-1], '.', 'dot still at end @INC after using base'; -} - -use base 'BaseIncDoubleExtender'; - -BEGIN { - is $INC[0], 't/lib/blahdeblah', 'modules loaded by base can prepend entries to @INC'; - is $INC[1], 't/lib/blahblah', 'previously prepended additional @INC entry remains'; - is $INC[2], 't/lib', 'previously prepended additional @INC entry remains'; - is $INC[-2], '.', 'dot still at previous end of @INC after using base'; - is $INC[-1], 't/lib/on-end', 'modules loaded by base can append entries to @INC'; -} diff --git a/dist/base/t/lib/BaseIncDoubleExtender.pm b/dist/base/t/lib/BaseIncDoubleExtender.pm deleted file mode 100644 index 455c5de513..0000000000 --- a/dist/base/t/lib/BaseIncDoubleExtender.pm +++ /dev/null @@ -1,9 +0,0 @@ -package BaseIncDoubleExtender; - -BEGIN { ::ok( $INC[-1] ne '.', 'no trailing dot in @INC during module load from base' ) } - -use lib 't/lib/blahdeblah'; - -push @INC, 't/lib/on-end'; - -1; diff --git a/dist/base/t/lib/BaseIncExtender.pm b/dist/base/t/lib/BaseIncExtender.pm deleted file mode 100644 index 3b693adc06..0000000000 --- a/dist/base/t/lib/BaseIncExtender.pm +++ /dev/null @@ -1,7 +0,0 @@ -package BaseIncExtender; - -BEGIN { ::ok( $INC[-1] ne '.', 'no trailing dot in @INC during module load from base' ) } - -use lib 't/lib/blahblah'; - -1; diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 5ecfe06ebb..18d218530a 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -43,41 +43,10 @@ This prevents an attacker injecting an optional module into a process run by another user where the current directory is writable by the attacker, e.g. the F</tmp> directory. -In most cases this removal should not cause problems, the exception being -L<base>. - -L<base> treats every module name supplied as optional. If you have -applications that use L<base> to load non-optional modules from the current -directory you will need to modify your code or environment. - -If your code always trusts the contents of the current directory, the simplest -change is adding F<"."> to C<PERL5LIB>: - - # for Bourne shell and similar - set PERL5LIB=. - export PERL5LIB - -If you do B<not> trust the current directory this will open your code up to -attacks on any module load, not just optional modules. You may want to add the -absolute path of your application's module directory to C<PERL5LIB> instead. - -Alternatively, you can change your code, either to add the directory with your -binary to C<@INC>: - - use FindBin; - use lib $FindBin::Bin; - -or switch to L<parent>, which requires an explicit parameter for optional -modules: - - use parent 'Nonoptional::Module'; - -though this will have the same problem if the current directory is removed from -C<@INC> in Perl 5.26. - -Also, since L<base> now localizes C<@INC> when loading modules, changes to -C<@INC> in the loaded module will be discarded when C<@INC> is restored to its -previous value. +In most cases this removal should not cause problems, but difficulties were +encountered with L<base>, which treats every module name supplied as optional. +These difficulties have not yet been resolved, so for this release there are no +changes to L<base>. We hope to have a fix for L<base> in Perl 5.22.4. To protect your own code from this attack, either remove the default F<"."> entry from C<@INC> at the start of your script, so: @@ -123,10 +92,6 @@ L<Archive::Tar> has been upgraded from version 2.04 to 2.04_01. =item * -L<base> has been upgraded from version 2.22 to 2.22_01. - -=item * - L<bignum> has been upgraded from version 0.39 to 0.39_01. =item * diff --git a/t/porting/customized.dat b/t/porting/customized.dat index 4dbe3b20f7..cee286a5b4 100644 --- a/t/porting/customized.dat +++ b/t/porting/customized.dat @@ -150,7 +150,6 @@ Win32API::File cpan/Win32API-File/Makefile.PL 605d0aee31aebe84a99408f9ab5f644db5 Win32API::File cpan/Win32API-File/t/file.t 124e64aa77e755235eb297644a87fac5388d3d78 Win32API::File cpan/Win32API-File/t/tie.t 712ea7edd0cc805ce1c0b8172c01b03dd19b583d Win32API::File cpan/Win32API-File/typemap 24bff088babeadac0873e8df390d1666d9d9db4a -base dist/base/lib/base.pm 9a826b3e75c5efada34381718a05ee0aceb594a3 libnet cpan/libnet/lib/Net/Cmd.pm 4a9f6e4501549a2d7a04fbf5f9e27ab0c00976f2 libnet cpan/libnet/lib/Net/Config.pm dfa96dcd5a459f9f39e5ca513cefc82b8178520f libnet cpan/libnet/lib/Net/Domain.pm 090c8c06e210102dcf25e6820c6b43b5464ec49a -- Perl5 Master Repository
