Bug #115808 for List-MoreUtils: Tries to load code from cwd

Sat Jul 02 11:10:28 2016 CARNIL [...] cpan.org - Ticket created

From:	CARNIL [...] cpan.org
Subject:	liblist-moreutils-perl: tries to load code from cwd

We have the following bug reported to the Debian package of List-MoreUtils (https://bugs.debian.org/829138): This is idependent on perl including . in @INC as demonstrated by the bugreporter: ------8<-----------8<-----------8<-----------8<-----------8<----- List::MoreUtils tries to load code from a subdirectory of the current working directory. This could lead to execution of arbitrary code if cwd is untrusted. Proof of concept: $ mkdir -p '(eval 1)/auto/List/MoreUtils/' $ gcc -Wall -fPIC -shared moo.c -o '(eval 1)/auto/List/MoreUtils/MoreUtils.so' $ perl -e 'no lib "."; use List::MoreUtils' (__) (oo) /------\/ / | || * /\---/\ ~~ ~~ ..."Have you mooed today?"... Segmentation fault ------8<-----------8<-----------8<-----------8<-----------8<----- Where moo.c to have a testcase looks like: ----cut---------cut---------cut---------cut---------cut---------cut----- void __attribute__((constructor)) moo() { system("apt-get moo"); kill(0, SIGSEGV); } ----cut---------cut---------cut---------cut---------cut---------cut----- Regards, Salvatore

Sat Jul 02 11:37:05 2016 CARNIL [...] cpan.org - Subject changed from 'liblist-moreutils-perl: tries to load code from cwd' to 'Tries to load code from cwd'

Sat Jul 02 16:26:45 2016 ether [...] cpan.org - Cc ETHER added

Sat Jul 02 20:07:57 2016 AVENJ [...] cpan.org - Cc AVENJ added

Sat Jul 02 20:42:51 2016 REHSACK [...] cpan.org - Correspondence added

Please read "perldoc lib". It has nothing to do with Cwd but with insane use of lib. Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

Sat Jul 02 20:42:52 2016 The RT System itself - Status changed from 'new' to 'open'

Sat Jul 02 20:42:52 2016 REHSACK [...] cpan.org - Status changed from 'open' to 'rejected'

Sat Jul 02 20:55:14 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

On Sat Jul 02 20:42:51 2016, REHSACK wrote: Show quoted text

> Please read "perldoc lib". It has nothing to do with Cwd but with > insane use of lib. > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

Even if I don’t use lib or touch @INC, I can reproduce the problem. That doesn’t mean it’s a List::MoreUtils bug, though. It may be in XSLoader.

Sat Jul 02 21:05:17 2016 REHSACK [...] cpan.org - Correspondence added

On Sat Jul 02 20:55:14 2016, SPROUT wrote: Show quoted text

> On Sat Jul 02 20:42:51 2016, REHSACK wrote:

> > Please read "perldoc lib". It has nothing to do with Cwd but with > > insane use of lib. > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

> > Even if I don’t use lib or touch @INC, I can reproduce the problem.

Show me! Doesn't sound reasonable. Check your PERL5LIB. Show quoted text

> That doesn’t mean it’s a List::MoreUtils bug, though. It may be in > XSLoader.

You can try knocking on their door. It might be possible, even unlikely.

Sat Jul 02 21:43:29 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

On Sat Jul 02 21:05:17 2016, REHSACK wrote: Show quoted text

> On Sat Jul 02 20:55:14 2016, SPROUT wrote:

> > On Sat Jul 02 20:42:51 2016, REHSACK wrote:

> > > Please read "perldoc lib". It has nothing to do with Cwd but with > > > insane use of lib. > > > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

> > > > Even if I don’t use lib or touch @INC, I can reproduce the problem.

> > Show me! Doesn't sound reasonable. Check your PERL5LIB.

I’m reproducing this under the CPAN shell (with ‘look List::MoreUtils’) after testing several modules, so PERL5LIB is huge: /Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/arch:/Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/lib:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/arch:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/lib:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/arch:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/lib:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/arch:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/lib:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/arch:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/lib:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/arch:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/lib:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/arch:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/lib:/Users/sprout/.cpan/build/Test-Requires-0.10-hoE7fE/blib/arch:/Users/sprout/.cpan/build/Test-Requires-0.10-hoE7fE/blib/lib:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/arch:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/lib:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/arch:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/lib:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/arch:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/lib:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/arch:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/lib:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/arch:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/lib:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/arch:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/lib:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/arch:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/lib:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/arch:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/lib:/Users/sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/arch:/Users/sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/lib:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/arch:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/lib:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/arch:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/lib:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/arch:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/lib:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/arch:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/lib:/Users/sprout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/arch:/Users/sprout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/lib:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/arch:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/lib:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/arch:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/lib:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/arch:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/lib:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/arch:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/lib:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/arch:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/lib:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/arch:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/lib:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/arch:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/lib:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/blib/arch:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/blib/lib:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/arch:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/lib:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/arch:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/lib:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/arch:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/lib:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/arch:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/lib:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/arch:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/lib:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/arch:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/lib:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/arch:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/lib:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/arch:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/lib:/Users/sprout/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/arch:/Users/sprout/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/lib:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/arch:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/lib:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/arch:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/lib:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/arch:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/lib:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/arch:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/lib:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/arch:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/lib:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/arch:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/lib:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/arch:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/lib:/Users/sprout/.cpan/build/HTML-Tagset-3.20-9h1_zh/blib/arch:/Users/sprout/.cpan/build/HTML-Tagset-3.20-9h1_zh/blib/lib:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/arch:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/lib:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/arch:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/lib:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/arch:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/lib:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/arch:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/lib:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/arch:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/lib:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/arch:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/lib:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/arch:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/lib:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/arch:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/lib But that does not explain why a directory called ‘(eval 1)’ is checked before anything else. So there clearly is a bug somewhere. But where? That is the question.

Sat Jul 02 21:54:14 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

On Sat Jul 02 21:05:17 2016, REHSACK wrote: Show quoted text

> On Sat Jul 02 20:55:14 2016, SPROUT wrote:

> > On Sat Jul 02 20:42:51 2016, REHSACK wrote:

> > > Please read "perldoc lib". It has nothing to do with Cwd but with > > > insane use of lib. > > > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

> > > > Even if I don’t use lib or touch @INC, I can reproduce the problem.

> > Show me! Doesn't sound reasonable. Check your PERL5LIB. >

> > That doesn’t mean it’s a List::MoreUtils bug, though. It may be in > > XSLoader.

> > You can try knocking on their door. It might be possible, even unlikely.

The bug does seem to be in XSLoader. To reproduce on a Mac (as I am using): I have a file called moo.c, as in the original report, but it contains: $ cat moo.c void __attribute__((constructor)) moo() { system("echo whooooooo"); //kill(0, SIGSEGV); } (I commented out the kill, since SIGSEGV does not work without the correct header loaded, and my C knowledge is not so good.) $ gcc -Wall -fPIC -shared moo.c -o '(eval 1)/auto/List/MoreUtils/MoreUtils.bundle' (Mac uses .bundle, not .so.) $ perl -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' whooooooo $ perl -v |grep version This is perl 5, version 12, subversion 4 (v5.12.4) built for darwin-thread-multi-2level $ perl5.24.0 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' whooooooo $ perl5.25.2 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' whooooooo It appears to be the string eval that is causing it. If you are using string eval to avoid loading XSLoader.pm unnecessarily, you can use require instead of use and avoid the whole eval. Now why XSLoader looks at the file name of the caller I cannot say. Maybe it is designed to work that way. The documentation is certainly silent on the matter, and it does seem like a security hole. So this may not be a bug in List::MoreUtils per se (I still need to find out), but you can at least plug the security whole by avoiding the eval.

Sun Jul 03 01:23:52 2016 carnil [...] debian.org - Correspondence added

CC:	CARNIL [...] cpan.org, AVENJ [...] cpan.org, "ether [...] cpan.org Niko Tyni" <ntyni [...] debian.org>
Subject:	Re: [rt.cpan.org #115808] Tries to load code from cwd
Date:	Sun, 3 Jul 2016 07:23:39 +0200
To:	Father Chrysostomos via RT <bug-List-MoreUtils [...] rt.cpan.org>
From:	Salvatore Bonaccorso <carnil [...] debian.org>

Hi, On Sat, Jul 02, 2016 at 09:54:15PM -0400, Father Chrysostomos via RT wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=115808 > > > On Sat Jul 02 21:05:17 2016, REHSACK wrote:

> > On Sat Jul 02 20:55:14 2016, SPROUT wrote:

> > > On Sat Jul 02 20:42:51 2016, REHSACK wrote:

> > > > Please read "perldoc lib". It has nothing to do with Cwd but with > > > > insane use of lib. > > > > > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

> > > > > > Even if I don’t use lib or touch @INC, I can reproduce the problem.

> > > > Show me! Doesn't sound reasonable. Check your PERL5LIB. > >

> > > That doesn’t mean it’s a List::MoreUtils bug, though. It may be in > > > XSLoader.

> > > > You can try knocking on their door. It might be possible, even unlikely.

> > The bug does seem to be in XSLoader. To reproduce on a Mac (as I am using): > > I have a file called moo.c, as in the original report, but it contains: > > $ cat moo.c > void __attribute__((constructor)) moo() { > system("echo whooooooo"); > //kill(0, SIGSEGV); > } > > (I commented out the kill, since SIGSEGV does not work without the correct header loaded, and my C knowledge is not so good.) > > $ gcc -Wall -fPIC -shared moo.c -o '(eval 1)/auto/List/MoreUtils/MoreUtils.bundle' > > (Mac uses .bundle, not .so.) > > > $ perl -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' > whooooooo > $ perl -v |grep version > This is perl 5, version 12, subversion 4 (v5.12.4) built for darwin-thread-multi-2level > $ perl5.24.0 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' > whooooooo > $ perl5.25.2 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' > whooooooo > > It appears to be the string eval that is causing it. If you are > using string eval to avoid loading XSLoader.pm unnecessarily, you > can use require instead of use and avoid the whole eval. > > Now why XSLoader looks at the file name of the caller I cannot say. > Maybe it is designed to work that way. The documentation is > certainly silent on the matter, and it does seem like a security > hole. So this may not be a bug in List::MoreUtils per se (I still > need to find out), but you can at least plug the security whole by > avoiding the eval.

I'm adding Niko to the loop, since we loked at the issue further yersrday (and concluded as well that's not List::MoreUtils but XSLoader actually). Salvatore

Sun Jul 03 06:16:58 2016 rehsack [...] gmail.com - Correspondence added

Subject:	Re: [rt.cpan.org #115808] Tries to load code from cwd
Date:	Sun, 3 Jul 2016 12:16:43 +0200
To:	bug-List-MoreUtils [...] rt.cpan.org
From:	Jens Rehsack <rehsack [...] gmail.com>

Show quoted text

> Am 03.07.2016 um 03:43 schrieb Father Chrysostomos via RT <bug-List-MoreUtils@rt.cpan.org>: > > Queue: List-MoreUtils > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=115808 > > > On Sat Jul 02 21:05:17 2016, REHSACK wrote:

>> On Sat Jul 02 20:55:14 2016, SPROUT wrote:

>>> On Sat Jul 02 20:42:51 2016, REHSACK wrote:

>>>> Please read "perldoc lib". It has nothing to do with Cwd but with >>>> insane use of lib. >>>> >>>> Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".

>>> >>> Even if I don’t use lib or touch @INC, I can reproduce the problem.

>> >> Show me! Doesn't sound reasonable. Check your PERL5LIB.

> > I’m reproducing this under the CPAN shell (with ‘look List::MoreUtils’) after testing several modules, so PERL5LIB is huge: > > /Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/arch:/Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/lib:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/arch:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/lib:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/arch:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/lib:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/arch:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/lib:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/arch:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/lib:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/arch:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/lib:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/arch:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/lib:/Users/sprout/.cpan/build/Test-Requires-0.10-hoE7fE/blib/arch:/Users/sprout/.cpan/build/Test-Requires-0.10-ho > E7fE/blib/lib:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/arch:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/lib:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/arch:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/lib:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/arch:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/lib:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/arch:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/lib:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/arch:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/lib:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/arch:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/lib:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/arch:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/lib:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/arch:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/lib:/Users/ > sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/arch:/Users/sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/lib:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/arch:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/lib:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/arch:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/lib:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/arch:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/lib:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/arch:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/lib:/Users/sprout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/arch:/Users/sp > rout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/lib:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/arch:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/lib:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/arch:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/lib:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/arch:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/lib:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/arch:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/lib:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/arch:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/lib:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/arch:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/lib:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/arch:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/lib:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/blib/arch:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/bl > ib/lib:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/arch:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/lib:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/arch:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/lib:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/arch:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/lib:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/arch:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/lib:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/arch:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/lib:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/arch:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/lib:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/arch:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/lib:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/arch:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/lib:/Users/sprou > t/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/arch:/Users/sprout/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/lib:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/arch:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/lib:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/arch:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/lib:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/arch:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/lib:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/arch:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/lib:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/arch:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/lib:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/arch:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/lib:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/arch:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/lib:/Users/sprout/.cpan/build/HTML-Tagset-3.20-9h1_zh/blib/arch:/Users/sprout/.cpan/build/HTML-Tagset > -3.20-9h1_zh/blib/lib:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/arch:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/lib:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/arch:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/lib:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/arch:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/lib:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/arch:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/lib:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/arch:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/lib:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/arch:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/lib:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/arch:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/lib:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/arch:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/lib > > But that does not explain why a directory called ‘(eval 1)’ is checked before anything else. So there clearly is a bug somewhere. But where? That is the question.

When you want to reproduce this and point a clear bug, reduce to the max. The question, why XSLoader fails might be a to long @INC - you can easily provoke by using a for loop in your shell. You should also do a $ perl -MData::Dumper -lE 'print Dumper \@INC' which shows that nothing is prepending '.' to your include path. When you got an accepted issue in XSLoader which is not in DynaLoader, please update this ticket to allow me verifying whether DynaLoader is doing the job, too. Cheers -- Jens Rehsack - rehsack@gmail.com

Download signature.asc
application/pgp-signature 842b

Message body not shown because it is not plain text.

Sun Jul 03 09:36:37 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote: Show quoted text

> When you got an accepted issue in XSLoader which is not in DynaLoader, > please update this ticket to allow me verifying whether DynaLoader is > doing the job, too.

I’ve found the bug in XSLoader and am working on a patch for it. I have written a unit test that fails in the perl core with only three entries in @INC, so I know the long @INC is unrelated. DynaLoader is not affected, because it does search @INC, whereas XSLoader tries to take shortcuts based on (caller)[1]. The patch, a work in progress, is attached here, if you want to see it.

Subject:

open_24udpsS1.txt

From 014d8912d3969aa3286cad4fe79ee5d596668309 Mon Sep 17 00:00:00 2001 From: Father Chrysostomos <sprout@cpan.org> Date: Sat, 2 Jul 2016 22:56:51 -0700 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20let=20XSLoader=20load=20relative=20?= =?UTF-8?q?paths?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [rt.cpan.org #115808] The logic in XSLoader for determining the library goes like this: my $c = () = split(/::/,$caller,-1); $modlibname =~ s,[\\/][^\\/]+$,, while $c--; # Q&D basename my $file = "$modlibname/auto/$modpname/$modfname.bundle"; (That last line varies by platform.) $caller is the calling package. $modlibname is the calling file. It removes as many path segments from $modlibname as there are segments in $caller. So if you have List/MoreUtils/XS.pm calling XSLoader from the List::MoreUtils package, the $modlibname will end up containing the path in @INC where XS.pm was found, following by "/List". Usually the fallback to Dynaloader::bootstrap_inherit, which does an @INC search, makes things Just Work. But List/MoreUtils/XS.pm actually calls XSLoader::load from inside a string eval. That means the path ends up being "(eval 1)/auto/List/MoreUtils/MoreUtils.bundle". So if someone creates a directory named ‘(eval 1)’ with a naughty binary file in it, it will be loaded if a script using List::MoreUtils is run in the parent directory. See <https://rt.cpan.org/Ticket/Display.html?id=115808>. This commit makes XSLoader fall back to Dynaloader’s @INC search if the calling file has a relative path. diff --git a/dist/XSLoader/XSLoader_pm.PL b/dist/XSLoader/XSLoader_pm.PL index 8a8852e..046ae0e 100644 --- a/dist/XSLoader/XSLoader_pm.PL +++ b/dist/XSLoader/XSLoader_pm.PL @@ -91,6 +91,8 @@ print OUT <<'EOT'; my $modpname = join('/',@modparts); my $c = () = split(/::/,$caller,-1); $modlibname =~ s,[\\/][^\\/]+$,, while $c--; # Q&D basename + # Avoid relative paths + goto \&XSLoader::bootstrap_inherit unless $modlibname =~ m|^[\\/]|; EOT my $dl_dlext = quotemeta($Config::Config{'dlext'}); diff --git a/dist/XSLoader/t/XSLoader.t b/dist/XSLoader/t/XSLoader.t index 2ff11fe..9fd0586 100644 --- a/dist/XSLoader/t/XSLoader.t +++ b/dist/XSLoader/t/XSLoader.t @@ -33,7 +33,7 @@ my %modules = ( 'Time::HiRes'=> q| ::can_ok( 'Time::HiRes' => 'usleep' ) |, # 5.7.3 ); -plan tests => keys(%modules) * 3 + 9; +plan tests => keys(%modules) * 3 + 10; # Try to load the module use_ok( 'XSLoader' ); @@ -114,6 +114,8 @@ SKIP: { skip "Cannot find $peek_file", 1 unless $module_path; + skip "Cannot test with relative path", 1 + unless $module_path =~ m|^[\\/]|; # [perl #122455] # die instead of falling back to DynaLoader @@ -125,3 +127,28 @@ XSLoader::load("Devel::Peek"); EOS or ::diag $@; } + +SKIP: { + skip "File::Path not available", 1 + unless eval { require File::Path }; + my $name = "phooo$$"; + File::Path::make_path("$name/auto/Foo/Bar"); + open my $fh, + ">$name/auto/Foo/Bar/Bar." . quotemeta($Config::Config{'dlext'}); + close $fh; + my $fell_back; + local *XSLoader::bootstrap_inherit = sub { + $fell_back++; + # Break out of the calling subs + goto the_test; + }; + eval <<END; +#line 1 $name +package Foo::Bar; +XSLoader::load("Foo::Bar"); +END + the_test: + ok $fell_back, + 'XSLoader will not load relative paths based on (caller)[1]'; + File::Path::remove_tree($name); +}

Sun Jul 03 13:43:20 2016 ether [...] cpan.org - Correspondence added

Why does List::MoreUtils call XSLoader from inside a stringy eval? That seems unnecessary and also results in all the other errors discussed here.

Sun Jul 03 14:20:04 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

RT-Send-CC:

sebastien [...] aperghis.net

On Sun Jul 03 09:36:37 2016, SPROUT wrote: Show quoted text

> On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:

> > When you got an accepted issue in XSLoader which is not in > > DynaLoader, > > please update this ticket to allow me verifying whether DynaLoader is > > doing the job, too.

> > I’ve found the bug in XSLoader and am working on a patch for it. I > have written a unit test that fails in the perl core with only three > entries in @INC, so I know the long @INC is unrelated. DynaLoader is > not affected, because it does search @INC, whereas XSLoader tries to > take shortcuts based on (caller)[1].

The bug is now fixed in the perl core: http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable that we get a new release soon. As for List::MoreUtils, I think one of three things should happen: 1) Depend on XSLoader 0.22. 2) Avoid the string eval. 3) Use a #line directive. Item #1 would require waiting for a new CPAN release of XSLoader. Item #3 requires a smaller change to the code than #2, so I have attached a patch. Even if List::MoreUtils is not at fault, I think this patch is helpful, as it makes it easier to trace any errors or warnings that originate from the string eval.

Subject:

Patch for List-MoreUtils.txt

diff -rup List-MoreUtils-0.415-sba79Z-orig/lib/List/MoreUtils/XS.pm List-MoreUtils-0.415-sba79Z/lib/List/MoreUtils/XS.pm --- List-MoreUtils-0.415-sba79Z-orig/lib/List/MoreUtils/XS.pm 2016-05-01 09:47:00.000000000 -0700 +++ List-MoreUtils-0.415-sba79Z/lib/List/MoreUtils/XS.pm 2016-07-03 11:02:41.000000000 -0700 @@ -13,6 +13,7 @@ BEGIN # Load the XS at compile-time so that redefinition warnings will be # thrown correctly if the XS versions of part or indexes loaded my $ldr = <<EOLDR; +#line ${\(__LINE__+1 . " " . __FILE__)} package List::MoreUtils; # PERL_DL_NONLAZY must be false, or any errors in loading will just

Mon Jul 04 08:01:21 2016 sebastien [...] aperghis.net - Correspondence added

Subject:	Re: [rt.cpan.org #115808] Tries to load code from cwd
Date:	Mon, 4 Jul 2016 14:01:07 +0200 (CEST)
To:	bug-List-MoreUtils [...] rt.cpan.org
From:	Sébastien Aperghis-Tramoni <sebastien [...] aperghis.net>

Father Chrysostomos wrote via RT: Show quoted text

> On Sun Jul 03 09:36:37 2016, SPROUT wrote:

> > On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:

> > > When you got an accepted issue in XSLoader which is not in > > > DynaLoader, > > > please update this ticket to allow me verifying whether > > > DynaLoader is > > > doing the job, too.

> > > > I’ve found the bug in XSLoader and am working on a patch for it. I > > have written a unit test that fails in the perl core with only > > three > > entries in @INC, so I know the long @INC is unrelated. DynaLoader > > is > > not affected, because it does search @INC, whereas XSLoader tries > > to > > take shortcuts based on (caller)[1].

Noted. I'll make a release tonight. -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.

Mon Jul 04 11:00:19 2016 REHSACK [...] cpan.org - Correspondence added

RT-Send-CC:

sebastien [...] aperghis.net, ntyni [...] debian.org, carnil [...] debian.org

On Sun Jul 03 14:20:04 2016, SPROUT wrote: Show quoted text

> On Sun Jul 03 09:36:37 2016, SPROUT wrote:

> > [...] > > I’ve found the bug in XSLoader and am working on a patch for it. I > > have written a unit test that fails in the perl core with only three > > entries in @INC, so I know the long @INC is unrelated. DynaLoader is > > not affected, because it does search @INC, whereas XSLoader tries to > > take shortcuts based on (caller)[1].

> > The bug is now fixed in the perl core: > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable > that we get a new release soon. > > As for List::MoreUtils, I think one of three things should happen: > > 1) Depend on XSLoader 0.22. > 2) Avoid the string eval. > 3) Use a #line directive. > > Item #1 would require waiting for a new CPAN release of XSLoader. > Item #3 requires a smaller change to the code than #2, so I have > attached a patch. Even if List::MoreUtils is not at fault, I think > this patch is helpful, as it makes it easier to trace any errors or > warnings that originate from the string eval.

I think I rely on the first two ones: 1) Requiring a version of XSLoader without such a bug seems reasonable regardless avoiding the string eval. 2) the string eval is a relic from early 0.4xx versions of List::MoreUtils playing with different strategys to fix the broken API The line hint seems to be valuable for a lot of other use cases, either. Thanks for it.

Mon Jul 04 11:52:35 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

RT-Send-CC:

sebastien [...] aperghis.net

On Mon Jul 04 08:01:21 2016, sebastien@aperghis.net wrote: Show quoted text

> Father Chrysostomos wrote via RT: >

> > On Sun Jul 03 09:36:37 2016, SPROUT wrote:

> > > On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:

> > > > When you got an accepted issue in XSLoader which is not in > > > > DynaLoader, > > > > please update this ticket to allow me verifying whether > > > > DynaLoader is > > > > doing the job, too.

> > > > > > I’ve found the bug in XSLoader and am working on a patch for it. I > > > have written a unit test that fails in the perl core with only > > > three > > > entries in @INC, so I know the long @INC is unrelated. DynaLoader > > > is > > > not affected, because it does search @INC, whereas XSLoader tries > > > to > > > take shortcuts based on (caller)[1].

> > > > The bug is now fixed in the perl core: > > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > > > A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable > > that we get a new release soon.

> > Noted. I'll make a release tonight.

Thank you. Could you wait, though, until I correct bleadperl to take Windows drive letters into account? I have a patch which I hope to apply in the next few hours.

Mon Jul 04 16:31:08 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

RT-Send-CC:

sebastien [...] aperghis.net

On Mon Jul 04 11:52:35 2016, SPROUT wrote: Show quoted text

> On Mon Jul 04 08:01:21 2016, sebastien@aperghis.net wrote:

> > Father Chrysostomos wrote via RT: > >

> > > On Sun Jul 03 09:36:37 2016, SPROUT wrote:

> > > > On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:

> > > > > When you got an accepted issue in XSLoader which is not in > > > > > DynaLoader, > > > > > please update this ticket to allow me verifying whether > > > > > DynaLoader is > > > > > doing the job, too.

> > > > > > > > I’ve found the bug in XSLoader and am working on a patch for it. > > > > I > > > > have written a unit test that fails in the perl core with only > > > > three > > > > entries in @INC, so I know the long @INC is unrelated. > > > > DynaLoader > > > > is > > > > not affected, because it does search @INC, whereas XSLoader tries > > > > to > > > > take shortcuts based on (caller)[1].

> > > > > > The bug is now fixed in the perl core: > > > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > > > > > A am cc’ing the CPAN maintainer of XSLoader, since it seems > > > advisable > > > that we get a new release soon.

> > > > Noted. I'll make a release tonight.

> > Thank you. Could you wait, though, until I correct bleadperl to take > Windows drive letters into account? I have a patch which I hope to > apply in the next few hours.

As of v5.25.2-95-ga651dcd, bleadperl takes drive letters into account.

Tue Jul 05 15:01:08 2016 sebastien [...] aperghis.net - Correspondence added

Subject:	Re: [rt.cpan.org #115808] Tries to load code from cwd
Date:	Tue, 5 Jul 2016 21:00:53 +0200 (CEST)
To:	bug-List-MoreUtils [...] rt.cpan.org
From:	Sébastien Aperghis-Tramoni <sebastien [...] aperghis.net>

Father Chrysostomos wrote via RT: Show quoted text

> As of v5.25.2-95-ga651dcd, bleadperl takes drive letters into > account.

Just uploaded on the CPAN. I took the liberty to fix the following nit in the documentation: --- sources/XSLoader_pm.PL 2016-07-05 19:58:22.000000000 +0200 +++ blead/dist/XSLoader/XSLoader_pm.PL 2016-07-05 19:55:36.000000000 +0200 @@ -255,7 +255,7 @@ =head1 VERSION -Version 0.22 +Version 0.17 =head1 SYNOPSIS and patch the tests so they pass on Perl 5.8 and 5.10: --- sources/t/XSLoader.t 2016-07-05 20:36:50.000000000 +0200 +++ blead/dist/XSLoader/t/XSLoader.t 2016-07-05 19:55:36.000000000 +0200 @@ -130,7 +130,7 @@ skip "File::Path not available", 1 unless eval { require File::Path }; my $name = "phooo$$"; - File::Path::mkpath("$name/auto/Foo/Bar"); + File::Path::make_path("$name/auto/Foo/Bar"); open my $fh, ">$name/auto/Foo/Bar/Bar.$Config::Config{'dlext'}"; close $fh; @@ -148,5 +148,5 @@ the_test: ok $fell_back, 'XSLoader will not load relative paths based on (caller)[1]'; - File::Path::rmtree($name); + File::Path::remove_tree($name); } -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.

Tue Jul 05 20:59:17 2016 $_ = 'spro^^*%*^6ut# [...] &$%*c>#!^!#&!pan.org'; y/a-z.@//cd; print - Correspondence added

RT-Send-CC:

sebastien [...] aperghis.net

On Tue Jul 05 15:01:08 2016, sebastien@aperghis.net wrote: Show quoted text

> Father Chrysostomos wrote via RT: >

> > As of v5.25.2-95-ga651dcd, bleadperl takes drive letters into > > account.

> > Just uploaded on the CPAN. I took the liberty to fix the following > nit in the documentation: > > --- sources/XSLoader_pm.PL 2016-07-05 19:58:22.000000000 +0200 > +++ blead/dist/XSLoader/XSLoader_pm.PL 2016-07-05 19:55:36.000000000 +0200 > @@ -255,7 +255,7 @@

Thank you. I have applied your changes to blead in commit ae635bbffa.

Wed Jul 27 09:26:50 2016 dom [...] cpan.org - Status changed from 'rejected' to 'open'

Wed Jul 27 09:59:07 2016 REHSACK [...] cpan.org - Correspondence added

Not a problem of List::MoreUtils but fixed XSLoader is now prerequiste. So - we can call it kind-of solved ;)

Wed Jul 27 09:59:08 2016 REHSACK [...] cpan.org - Status changed from 'open' to 'resolved'

Wed Jul 27 09:59:09 2016 REHSACK [...] cpan.org - Fixed in 0.416 added