In perl.git, the branch maint-5.24 has been updated <http://perl5.git.perl.org/perl.git/commitdiff/6f8c4dbd9de2aacccbd6a2bd284a77c31fb55d75?hp=b2fc4154c58e95ac1c52c7b82c476629b6c9c877>
- Log ----------------------------------------------------------------- commit 6f8c4dbd9de2aacccbd6a2bd284a77c31fb55d75 Author: Steve Hay <[email protected]> Date: Fri Dec 30 17:23:33 2016 +0000 perldelta - Remove section on base.pm; a fix is now expected for 5.24.2 M pod/perldelta.pod commit 109300f56cc1cf85818e17b16e397f9aaab0576f Author: Steve Hay <[email protected]> Date: Fri Dec 30 17:05:31 2016 +0000 corelist-perldelta.pl update to account for reverted base.pm changes M pod/perldelta.pod commit f2251faf738c9655e525ae26d1eb840841a50e8d Author: Steve Hay <[email protected]> Date: Fri Dec 30 17:00:55 2016 +0000 corelist.pl update to account for reverted base.pm changes M dist/Module-CoreList/lib/Module/CoreList.pm commit bb1b7d19d95913aa93c70b933210864439c4e3a2 Author: Steve Hay <[email protected]> Date: Fri Dec 30 16:01:01 2016 +0000 Revert base.pm part of "(perl #127834) update CUSTOMIZED entries" This reverts the base.pm part of commit 7c3b0dfedc689b14211a4f0445d788c7d829256c. It also reverts the later commits 864470e44daa6deaeb9457a408563146daffffca, 30222baf8c8b4c9785e63829370d1220e1d1a09f and 91fdb36ec4a24fb3d43cb8f7467d836fe2c894da, which updated customized.dat for various base.pm changes that have since been reverted. base.pm is now as it was in perl-5.24.0, which was not actually in sync with base-2.23 but had no customized.dat entry since files in dist/ are not generally listed anyway. M Porting/Maintainers.pl M t/porting/customized.dat commit 59c666f29d9be4a827fbf4157e8132f516f6b847 Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:08:29 2016 +0000 Revert base.pm part of "dist/: remove . from @INC when loading optional modules" This reverts the base.pm part of commit c2eec52175ce715aa9ee7ccb46bc3b6661ba8746. M dist/base/lib/base.pm commit ad509d71da2a888bfcb88da609e345e219ad22bf Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:06:21 2016 +0000 Revert base.pm part of "dist/: bump $VERSION as needed" This reverts the base.pm part of commit 420d0f46a0e26de0c764259c7584efa63532fe0b. M dist/base/lib/base.pm commit 8346ef5ad4c08f3951c91ae0e3c6c497266a210d Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:04:45 2016 +0000 Revert "[perl #128769] Improve base.pm @INC '.' handling" This reverts commit ccbde4774902e879db48b4b02c8d802e66c3547a. M MANIFEST M dist/base/lib/base.pm D dist/base/t/incdot.t commit 6b240a73ed208c54d681b72638511a9d6b157e22 Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:04:29 2016 +0000 Revert "[perl #128769] base.pm: Localize @INC unconditionally" This reverts commit 86fb43615de97f2306bc6d45c9d2f8e64a8ab889. M dist/base/lib/base.pm commit 20d07da648dd55620749a956a7c11d4599808fb5 Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:04:14 2016 +0000 Revert "[perl #128769] Improve base.pm @INC . message" This reverts commit af7067bc21e7265a4d0571e7336105a419dbba68. M dist/base/lib/base.pm M dist/base/t/incdot.t commit 4646ca66dc8804670e4a022a00016bcfb31bd61e Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:03:59 2016 +0000 Revert "try to minimise fallout of base @INC fiddling" This reverts commit 1ee1950eb0df6c3c2b26f7262094604222ebbdac. M dist/base/lib/base.pm M dist/base/t/incdot.t D dist/base/t/incmodified-vs-incdot.t D dist/base/t/lib/BaseIncDoubleExtender.pm D dist/base/t/lib/BaseIncExtender.pm commit 7e006c36f0495257bdf8703041926cc1983c33be Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:03:32 2016 +0000 Revert "MANIFEST typo" This reverts commit b9a61d80c009283a88b15e961446ae9e218bdf1c. M MANIFEST commit 137bd41c09d6cd972096f16adf110b50376f52bd Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:03:13 2016 +0000 Revert "Update MANIFEST for previous commit" This reverts commit 4eea7ae1645b051a5fdeb465ead214a6db640028. M MANIFEST commit 920e2185601f76e9c0f01f02c2ccacbc0c9638db Author: Steve Hay <[email protected]> Date: Fri Dec 30 15:02:49 2016 +0000 Revert "revert base.pm incdot test change and fix properly" This reverts commit b6bff9ec019a98880c6310e7132439eccd24b72b. M dist/base/lib/base.pm M dist/base/t/incdot.t ----------------------------------------------------------------------- Summary of changes: MANIFEST | 4 --- Porting/Maintainers.pl | 4 --- dist/Module-CoreList/lib/Module/CoreList.pm | 5 ++-- dist/base/lib/base.pm | 34 ++++------------------- dist/base/t/incdot.t | 19 ------------- dist/base/t/incmodified-vs-incdot.t | 27 ------------------ dist/base/t/lib/BaseIncDoubleExtender.pm | 9 ------ dist/base/t/lib/BaseIncExtender.pm | 7 ----- pod/perldelta.pod | 43 +++-------------------------- t/porting/customized.dat | 1 - 10 files changed, 11 insertions(+), 142 deletions(-) delete mode 100644 dist/base/t/incdot.t delete mode 100644 dist/base/t/incmodified-vs-incdot.t delete mode 100644 dist/base/t/lib/BaseIncDoubleExtender.pm delete mode 100644 dist/base/t/lib/BaseIncExtender.pm diff --git a/MANIFEST b/MANIFEST index 893abbf31e..e4331f166a 100644 --- a/MANIFEST +++ b/MANIFEST @@ -3007,11 +3007,7 @@ dist/base/t/fields-5_6_0.t See if fields work dist/base/t/fields-5_8_0.t See if fields work dist/base/t/fields-base.t See if fields work dist/base/t/fields.t See if fields work -dist/base/t/incdot.t Test how base.pm handles '.' in @INC -dist/base/t/incmodified-vs-incdot.t Test base.pm's @INC fiddling dist/base/t/isa.t See if base's behaviour doesn't change -dist/base/t/lib/BaseIncDoubleExtender.pm Test module for base.pm -dist/base/t/lib/BaseIncExtender.pm Test module for base.pm dist/base/t/lib/Broken.pm Test module for base.pm dist/base/t/lib/Dummy.pm Test module for base.pm dist/base/t/lib/HasSigDie.pm Module for testing base.pm diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl index bf47b400b5..b924e1017e 100755 --- a/Porting/Maintainers.pl +++ b/Porting/Maintainers.pl @@ -189,10 +189,6 @@ use File::Glob qw(:case); 'base' => { 'DISTRIBUTION' => 'RJBS/base-2.23.tar.gz', 'FILES' => q[dist/base], - 'CUSTOMIZED' => [ - # https://rt.perl.org/Ticket/Display.html?id=127834 - qw( lib/base.pm ) - ], }, 'bignum' => { diff --git a/dist/Module-CoreList/lib/Module/CoreList.pm b/dist/Module-CoreList/lib/Module/CoreList.pm index 7f505f084d..7a672fb3a7 100644 --- a/dist/Module-CoreList/lib/Module/CoreList.pm +++ b/dist/Module-CoreList/lib/Module/CoreList.pm @@ -13683,7 +13683,6 @@ for my $version ( sort { $a <=> $b } keys %released ) { 'Test' => '1.28_01', 'Test::Harness' => '3.36_01', 'XSLoader' => '0.22', - 'base' => '2.23_01', 'bigint' => '0.42_01', 'bignum' => '0.42_01', 'bigrat' => '0.42_01', @@ -14408,7 +14407,7 @@ for my $version (sort { $a <=> $b } keys %delta) { } }, 5.024001 => { - delta_from => 5.024, + delta_from => 5.024000, changed => { }, removed => { @@ -15204,7 +15203,7 @@ for my $version (sort { $a <=> $b } keys %deprecated) { 'Text::Tabs' => undef, 'Text::Wrap' => undef, 'Tie::RefHash' => undef, - 'Time::Local' => 'http://rt.cpan.org/Public/Dist/Display.html?Name=Time-Local', + 'Time::Local' => 'https://github.com/houseabsolute/Time-Local/issues', 'Time::Piece' => undef, 'Time::Seconds' => undef, 'Unicode::Collate' => undef, diff --git a/dist/base/lib/base.pm b/dist/base/lib/base.pm index 40c1ffde9a..6fee6008fc 100644 --- a/dist/base/lib/base.pm +++ b/dist/base/lib/base.pm @@ -3,15 +3,9 @@ package base; use strict 'vars'; use vars qw($VERSION); -$VERSION = '2.23_01'; +$VERSION = '2.23'; $VERSION =~ tr/_//d; -# simplest way to avoid indexing of the package: no package statement -sub base::__inc_scope_guard::DESTROY { - my $noop = $_[0][0]; - ref $_ and $_ == $noop and $_ = '.' for @INC; -} - # constant.pm is slow sub SUCCESS () { 1 } @@ -97,17 +91,13 @@ sub import { next if grep $_->isa($base), ($inheritor, @bases); - # Following blocks help isolate $SIG{__DIE__} and @INC changes + # Following blocks help isolate $SIG{__DIE__} changes { my $sigdie; { local $SIG{__DIE__}; my $fn = _module_to_filename($base); - my $dotty = $INC[-1] eq '.' && ( $INC[-1] = sub {()} ); - eval { - my $redotty = $dotty && bless [ $dotty ], 'base::__inc_scope_guard'; - require $fn - }; + eval { require $fn }; # Only ignore "Can't locate" errors from our eval require. # Other fatal errors (syntax etc) must be reported. # @@ -120,26 +110,12 @@ sub import { || $@ =~ /Compilation failed in require at .* line [0-9]+(?:, <[^>]*> (?:line|chunk) [0-9]+)?\.\n\z/; unless (%{"$base\::"}) { require Carp; - my @inc = $dotty ? @INC[0..$#INC-1] : @INC; local $" = " "; - my $e = <<ERROR; + Carp::croak(<<ERROR); Base class package "$base" is empty. (Perhaps you need to 'use' the module which defines that package first, - or make that module available in \@INC (\@INC contains: @inc). + or make that module available in \@INC (\@INC contains: @INC). ERROR - if ($dotty && -e $fn) { - $e .= <<ERROS; - The file $fn does exist in the current directory. But note - that base.pm, when loading a module, now ignores the current working - directory if it is the last entry in \@INC. If your software worked on - previous versions of Perl, the best solution is to use FindBin to - detect the path properly and to add that path to \@INC. As a last - resort, you can re-enable looking in the current working directory by - adding "use lib '.'" to your code. -ERROS - } - $e =~ s/\n\z/)\n/; - Carp::croak($e); } $sigdie = $SIG{__DIE__} || undef; } diff --git a/dist/base/t/incdot.t b/dist/base/t/incdot.t deleted file mode 100644 index 1619492250..0000000000 --- a/dist/base/t/incdot.t +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/perl -w - -use strict; - -use base (); - -use Test::More tests => 2; - -if ($INC[-1] ne '.') { push @INC, '.' } - -my $inc = quotemeta "@INC[0..$#INC-1]"; - -eval { 'base'->import("foo") }; -like $@, qr/\@INC contains: $inc\).\)/, - 'Error does not list final dot in @INC (or mention use lib)'; -eval { 'base'->import('t::lib::Dummy') }; -like $@, qr<\@INC contains: $inc\).\n(?x: - ) The file t/lib/Dummy\.pm does exist in the current direct>, - 'special cur dir message for existing files in . that are ignored'; diff --git a/dist/base/t/incmodified-vs-incdot.t b/dist/base/t/incmodified-vs-incdot.t deleted file mode 100644 index a5288e861f..0000000000 --- a/dist/base/t/incmodified-vs-incdot.t +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use Test::More tests => 10; # one test is in each BaseInc* itself - -use lib 't/lib'; - -# make it look like an older perl -BEGIN { push @INC, '.' if $INC[-1] ne '.' } - -use base 'BaseIncExtender'; - -BEGIN { - is $INC[0], 't/lib/blahblah', 'modules loaded by base can prepend entries to @INC'; - is $INC[1], 't/lib', 'previously prepended additional @INC entry remains'; - is $INC[-1], '.', 'dot still at end @INC after using base'; -} - -use base 'BaseIncDoubleExtender'; - -BEGIN { - is $INC[0], 't/lib/blahdeblah', 'modules loaded by base can prepend entries to @INC'; - is $INC[1], 't/lib/blahblah', 'previously prepended additional @INC entry remains'; - is $INC[2], 't/lib', 'previously prepended additional @INC entry remains'; - is $INC[-2], '.', 'dot still at previous end of @INC after using base'; - is $INC[-1], 't/lib/on-end', 'modules loaded by base can append entries to @INC'; -} diff --git a/dist/base/t/lib/BaseIncDoubleExtender.pm b/dist/base/t/lib/BaseIncDoubleExtender.pm deleted file mode 100644 index 455c5de513..0000000000 --- a/dist/base/t/lib/BaseIncDoubleExtender.pm +++ /dev/null @@ -1,9 +0,0 @@ -package BaseIncDoubleExtender; - -BEGIN { ::ok( $INC[-1] ne '.', 'no trailing dot in @INC during module load from base' ) } - -use lib 't/lib/blahdeblah'; - -push @INC, 't/lib/on-end'; - -1; diff --git a/dist/base/t/lib/BaseIncExtender.pm b/dist/base/t/lib/BaseIncExtender.pm deleted file mode 100644 index 3b693adc06..0000000000 --- a/dist/base/t/lib/BaseIncExtender.pm +++ /dev/null @@ -1,7 +0,0 @@ -package BaseIncExtender; - -BEGIN { ::ok( $INC[-1] ne '.', 'no trailing dot in @INC during module load from base' ) } - -use lib 't/lib/blahblah'; - -1; diff --git a/pod/perldelta.pod b/pod/perldelta.pod index e58f03dcee..9cf513d297 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -43,41 +43,10 @@ This prevents an attacker injecting an optional module into a process run by another user where the current directory is writable by the attacker, e.g. the F</tmp> directory. -In most cases this removal should not cause problems, the exception being -L<base>. - -L<base> treats every module name supplied as optional. If you have -applications that use L<base> to load non-optional modules from the current -directory you will need to modify your code or environment. - -If your code always trusts the contents of the current directory, the simplest -change is adding F<"."> to C<PERL5LIB>: - - # for Bourne shell and similar - set PERL5LIB=. - export PERL5LIB - -If you do B<not> trust the current directory this will open your code up to -attacks on any module load, not just optional modules. You may want to add the -absolute path of your application's module directory to C<PERL5LIB> instead. - -Alternatively, you can change your code, either to add the directory with your -binary to C<@INC>: - - use FindBin; - use lib $FindBin::Bin; - -or switch to L<parent>, which requires an explicit parameter for optional -modules: - - use parent 'Nonoptional::Module'; - -though this will have the same problem if the current directory is removed from -C<@INC> in Perl 5.26. - -Also, since L<base> now localizes C<@INC> when loading modules, changes to -C<@INC> in the loaded module will be discarded when C<@INC> is restored to its -previous value. +In most cases this removal should not cause problems, but difficulties were +encountered with L<base>, which treats every module name supplied as optional. +These difficulties have not yet been resolved, so for this release there are no +changes to L<base>. We hope to have a fix for L<base> in Perl 5.24.2. To protect your own code from this attack, either remove the default F<"."> entry from C<@INC> at the start of your script, so: @@ -123,10 +92,6 @@ L<Archive::Tar> has been upgraded from version 2.04 to 2.04_01. =item * -L<base> has been upgraded from version 2.23 to 2.23_01. - -=item * - L<bignum> has been upgraded from version 0.42 to 0.42_01. =item * diff --git a/t/porting/customized.dat b/t/porting/customized.dat index 6b6bbbd29b..defeae1127 100644 --- a/t/porting/customized.dat +++ b/t/porting/customized.dat @@ -159,7 +159,6 @@ Test::Harness cpan/Test-Harness/lib/TAP/Parser/YAMLish/Reader.pm 76771092dd2b87a Test::Harness cpan/Test-Harness/lib/TAP/Parser/YAMLish/Writer.pm bf1fbfff9720330886651f183959a5db56daeea0 Test::Harness cpan/Test-Harness/lib/Test/Harness.pm da2d76ba673372da129060c9d0adb8cf0d91f9f7 autodie cpan/autodie/t/mkdir.t 9e70d2282a3cc7d76a78bf8144fccba20fb37dac -base dist/base/lib/base.pm 8db115a702f759526b031f90cc572d97086978a6 bignum cpan/bignum/lib/bigint.pm 56330354995409dab5073ea92d749f8727e265db bignum cpan/bignum/lib/bignum.pm e999973f78e6be12282c11bb6328246b31a9576b bignum cpan/bignum/lib/bigrat.pm 7fccc9df30e43dbbae6e5ea91b26c8046545c9a9 -- Perl5 Master Repository
