1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From: Niko Tyni <ntyni@debian.org>
Date: Fri, 8 Jul 2016 15:55:37 +0200
Subject: [PATCH] Make Module::Build set PERL_UNSAFE_INC.
Cf. CVE-2016-1238
Author: Todd Rinaldo <toddr@cpan.org>
Origin: https://gist.githubusercontent.com/toddr/d77d8d5fa9caa8f96b7758a126caa4dc/raw/3b1a327efdd9a6babf5eed8fb9c241a6d4909be6/fix.patch
Bug: https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69
---
lib/Module/Build/Base.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/Module/Build/Base.pm b/lib/Module/Build/Base.pm
--- a/lib/Module/Build/Base.pm
+++ b/lib/Module/Build/Base.pm
@@ -1860,6 +1860,8 @@ BEGIN {
(
$quoted_INC
);
+ push \@INC, "." unless grep { \$_ eq "." } \@INC; # Force my process to include . in \@INC.
+ \$ENV{"PERL_USE_UNSAFE_INC"} = 1; # Force all child processes to include . in \@INC.
}
close(*DATA) unless eof(*DATA); # ensure no open handles to this script
|
