This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository libmodule-build-perl.
commit 5ea59a4959a60007d4e43822d4f96d0523d9d5fc
Author: Niko Tyni <nt...@debian.org>
Date: Fri Jul 8 15:55:37 2016 +0200
Make Module::Build set PERL_UNSAFE_INC.
Cf. CVE-2016-1238
Notes:
Author: Todd Rinaldo <to...@cpan.org>
Origin:
https://gist.githubusercontent.com/toddr/d77d8d5fa9caa8f96b7758a126caa4dc/raw/3b1a327efdd9a6babf5eed8fb9c241a6d4909be6/fix.patch
Bug: https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69
---
lib/Module/Build/Base.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/Module/Build/Base.pm b/lib/Module/Build/Base.pm
index e7298d5..69e1ace 100644
--- a/lib/Module/Build/Base.pm
+++ b/lib/Module/Build/Base.pm
@@ -1860,6 +1860,8 @@ BEGIN {
(
$quoted_INC
);
+ push \@INC, "." unless grep { \$_ eq "." } \@INC; # Force my process to
include . in \@INC.
+ \$ENV{"PERL_USE_UNSAFE_INC"} = 1; # Force all child processes to include .
in \@INC.
}
close(*DATA) unless eof(*DATA); # ensure no open handles to this script
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-perl/packages/libmodule-build-perl.git
_______________________________________________
Pkg-perl-cvs-commits mailing list
Pkg-perl-cvs-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
