This is an automated email from the git hooks/post-receive script. gregoa pushed a commit to branch master in repository libmodule-build-perl.
commit 50fe5e61bc63cb57c95302de4c75e3f39e50d239 Author: gregor herrmann <gre...@debian.org> Date: Mon Jul 25 20:59:57 2016 +0200 commit git-debcherry exported new patch to d/patches Gbp-Dch: Ignore --- ...004-Make-Module-Build-set-PERL_UNSAFE_INC.patch | 26 ++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 27 insertions(+) diff --git a/debian/patches/0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch b/debian/patches/0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch new file mode 100644 index 0000000..55ad224 --- /dev/null +++ b/debian/patches/0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch @@ -0,0 +1,26 @@ +From: Niko Tyni <nt...@debian.org> +Date: Fri, 8 Jul 2016 15:55:37 +0200 +Subject: [PATCH] Make Module::Build set PERL_UNSAFE_INC. + +Cf. CVE-2016-1238 + +Author: Todd Rinaldo <to...@cpan.org> +Origin: https://gist.githubusercontent.com/toddr/d77d8d5fa9caa8f96b7758a126caa4dc/raw/3b1a327efdd9a6babf5eed8fb9c241a6d4909be6/fix.patch +Bug: https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69 +--- + + lib/Module/Build/Base.pm | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/Module/Build/Base.pm b/lib/Module/Build/Base.pm +--- a/lib/Module/Build/Base.pm ++++ b/lib/Module/Build/Base.pm +@@ -1860,6 +1860,8 @@ BEGIN { + ( + $quoted_INC + ); ++ push \@INC, "." unless grep { \$_ eq "." } \@INC; # Force my process to include . in \@INC. ++ \$ENV{"PERL_USE_UNSAFE_INC"} = 1; # Force all child processes to include . in \@INC. + } + + close(*DATA) unless eof(*DATA); # ensure no open handles to this script diff --git a/debian/patches/series b/debian/patches/series index ff0208f..96d13ee 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ man-ext 0001-Allow-loading-from-system-path-when-running-under-au.patch 0003-Preprocess-file-lists-generated-by-rscan_dir-to-sort.patch +0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libmodule-build-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits