1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From 9c50d8a810833abd3915702d4025ed3e4ff188b5 Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Tue, 5 Jul 2016 15:47:40 +0200
Subject: Look for sitecustomize.pl in /etc/perl rather than sitelib on Debian
systems
Debian uses this sitecustomize.pl as a transition mechanism for removing
the current working directory (".") from @INC by default while leaving
the local administrator a temporary means of re-adding it back.
This mechanism is expected to be removed after one Debian stable release.
Patch-Name: debian/CVE-2016-1238/sitecustomize-in-etc.diff
---
perl.c | 5 +++++
pod/perlrun.pod | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/perl.c b/perl.c
index 26aeb91b3e..fefc3aa5bf 100644
--- a/perl.c
+++ b/perl.c
@@ -2085,7 +2085,12 @@ S_parse_body(pTHX_ char **env, XSINIT_t xsinit)
}
# else
/* SITELIB_EXP is a function call on Win32. */
+#ifdef DEBIAN
+ /* temporary transition mechanism for dropping "." from @INC */
+ const char *const raw_sitelib = "/etc/perl";
+#else
const char *const raw_sitelib = SITELIB_EXP;
+#endif
if (raw_sitelib) {
/* process .../.. if PERL_RELOCATABLE_INC is defined */
SV *sitelib_sv = mayberelocate(raw_sitelib, strlen(raw_sitelib),
diff --git a/pod/perlrun.pod b/pod/perlrun.pod
index acf270221d..f43cfe9931 100644
--- a/pod/perlrun.pod
+++ b/pod/perlrun.pod
@@ -489,6 +489,11 @@ blocks will be likewise executed very late.
To determine at runtime if this capability has been compiled in your
perl, you can check the value of C<$Config{usesitecustomize}>.
+Note: on Debian based systems, the system perl currently uses
+C</etc/perl/sitecustomize.pl> rather than C<$Config{sitelib}/sitecustomize.pl>.
+This may change in the future and is only provided as a temporary transition
+mechanism for removing the current working directory from C<@INC>.
+
=item B<-F>I<pattern>
X<-F>
|
