[libmodule-build-perl] 03/04: commit git-debcherry exported new patch to d/patches

gregor herrmann gregoa at debian.org
Mon Jul 25 19:04:55 UTC 2016 

This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch master
in repository libmodule-build-perl.

commit 50fe5e61bc63cb57c95302de4c75e3f39e50d239
Author: gregor herrmann <gregoa at debian.org>
Date:   Mon Jul 25 20:59:57 2016 +0200

    commit git-debcherry exported new patch to d/patches
    
    Gbp-Dch: Ignore
---
 ...004-Make-Module-Build-set-PERL_UNSAFE_INC.patch | 26 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 27 insertions(+)

diff --git a/debian/patches/0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch b/debian/patches/0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch
new file mode 100644
index 0000000..55ad224
--- /dev/null
+++ b/debian/patches/0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch
@@ -0,0 +1,26 @@
+From: Niko Tyni <ntyni at debian.org>
+Date: Fri, 8 Jul 2016 15:55:37 +0200
+Subject: [PATCH] Make Module::Build set PERL_UNSAFE_INC.
+
+Cf. CVE-2016-1238
+
+Author: Todd Rinaldo <toddr at cpan.org>
+Origin: https://gist.githubusercontent.com/toddr/d77d8d5fa9caa8f96b7758a126caa4dc/raw/3b1a327efdd9a6babf5eed8fb9c241a6d4909be6/fix.patch
+Bug: https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69
+---
+
+ lib/Module/Build/Base.pm | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/Module/Build/Base.pm b/lib/Module/Build/Base.pm
+--- a/lib/Module/Build/Base.pm
++++ b/lib/Module/Build/Base.pm
+@@ -1860,6 +1860,8 @@ BEGIN {
+     (
+ $quoted_INC
+     );
++  push \@INC, "." unless grep { \$_ eq "." } \@INC; # Force my process to include . in \@INC.
++  \$ENV{"PERL_USE_UNSAFE_INC"} = 1; # Force all child processes to include . in \@INC.
+ }
+ 
+ close(*DATA) unless eof(*DATA); # ensure no open handles to this script
diff --git a/debian/patches/series b/debian/patches/series
index ff0208f..96d13ee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 man-ext
 0001-Allow-loading-from-system-path-when-running-under-au.patch
 0003-Preprocess-file-lists-generated-by-rscan_dir-to-sort.patch
+0004-Make-Module-Build-set-PERL_UNSAFE_INC.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libmodule-build-perl.git

More information about the Pkg-perl-cvs-commits mailing list