File: eumm-without-dot.diff

package info (click to toggle)
perl 5.20.2-3+deb8u11
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 102,964 kB
  • sloc: perl: 555,553; ansic: 214,041; sh: 38,121; pascal: 8,783; cpp: 3,895; makefile: 2,393; xml: 2,325; yacc: 1,741
file content (56 lines) | stat: -rw-r--r-- 2,141 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
From f89ba93840393ade739b3a682eb9d0b3b858020f Mon Sep 17 00:00:00 2001
From: Todd Rinaldo <toddr@cpan.org>
Date: Thu, 31 Mar 2016 17:04:42 -0500
Subject: Add PERL_USE_UNSAFE_INC support to EU::MM for fortify_inc support.

This change allows the majority of Perl modules that cannot build/test/install
without . in INC to be able to do so, while maintaining a safer perl under
normal use.

(Backported by Debian 5.20 by Niko Tyni <ntyni@debian.org>)

Bug: https://rt.perl.org/Public/Bug/Display.html?id=127810
Patch-Name: debian/CVE-2016-1238/eumm-without-dot.diff
---
 cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm   | 4 ++--
 cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
index 6328e26f51..1cd920a29f 100644
--- a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
+++ b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm
@@ -3462,7 +3462,7 @@ PERL_DL_NONLAZY set for tests.
 
 sub test_via_harness {
     my($self, $perl, $tests) = @_;
-    return $self->SUPER::test_via_harness("PERL_DL_NONLAZY=1 $perl", $tests);
+    return $self->SUPER::test_via_harness("PERL_DL_NONLAZY=1 PERL_USE_UNSAFE_INC=1 $perl", $tests);
 }
 
 =item test_via_script (override)
@@ -3473,7 +3473,7 @@ Again, the PERL_DL_NONLAZY thing.
 
 sub test_via_script {
     my($self, $perl, $script) = @_;
-    return $self->SUPER::test_via_script("PERL_DL_NONLAZY=1 $perl", $script);
+    return $self->SUPER::test_via_script("PERL_DL_NONLAZY=1 PERL_USE_UNSAFE_INC=1 $perl", $script);
 }
 
 
diff --git a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm
index fabb0215a9..e0f88d22ef 100644
--- a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm
+++ b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm
@@ -5,6 +5,11 @@ use strict;
 
 BEGIN {require 5.006;}
 
+# Assure anything called from Makefile.PL is allowed to have . in @INC.
+BEGIN {
+    $ENV{PERL_USE_UNSAFE_INC} = 1;
+}
+
 require Exporter;
 use ExtUtils::MakeMaker::Config;
 use Carp;