Skip Menu |

This queue is for tickets about the IO-Compress CPAN distribution.

Report information
The Basics
Id: 120084
Status: resolved
Priority: 0/
Queue: IO-Compress
People
Owner: Nobody in particular
Requestors: TODDR [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 2.017
Fixed in: 2.072

History Show all quoted text
  Fri Feb 03 13:09:55 2017 TODDR [...] cpan.org - Ticket created
Subject: Need Fix for Makefile.PL depending on . in @INC
As a result of CVE-2016-1238, In 5.26 it will be a build option to make a perl without . in @INC. This requires the script writer to be explicit if they want to load modules from relative paths. For more info you can also see https://rt.perl.org/Ticket/Display.html?id=130467 and https://rt.perl.org/Ticket/Display.html?id=127810 for core perl discussions. My doc is here http://blogs.perl.org/users/todd_rinaldo/2016/11/how-removing-from-inc-is-about-to-break-cpan.html Currently this is the error: Can't locate private/MakeUtil.pm in @INC (you may need to install the private::MakeUtil module) (@INC contains: /home/smoker/perl5/lib/perl5/5.25.9/x86_64-linux /home/smoker/perl5/lib/perl5/5.25.9 /home/smoker/perl5/lib/perl5/x86_64-linux /home/smoker/perl5/lib/perl5 /perl/5.25.9/lib/site_perl/5.25.9/x86_64-linux /perl/5.25.9/lib/site_perl/5.25.9 /perl/5.25.9/lib/5.25.9/x86_64-linux /perl/5.25.9/lib/5.25.9) at Makefile.PL line 8. BEGIN failed--compilation aborted at Makefile.PL line 8.
  Fri Feb 03 13:11:06 2017 TODDR [...] cpan.org - Correspondence added
This is the fix.
Subject: IO-Uncompress-Base.patch
diff --git a/Makefile.PL b/Makefile.PL index 341e4b7..ddb6808 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -5,7 +5,7 @@ require 5.006 ; $::VERSION = '2.070' ; -use private::MakeUtil; +require './private/MakeUtil.pm'; use ExtUtils::MakeMaker 5.16 ; UpDowngrade(getPerlFiles('MANIFEST'))
  Sat Feb 04 13:22:13 2017 pmqs [...] cpan.org - Correspondence added
Thanks Todd, this issue will apply to a number of my modules. I assume this is equivalent? use lib '.'; use private::MakeUtil; Your blog entry suggests that it is, but haven't been following this thread, so want to be sure there aren't any other implications. cheers Paul
  Sat Feb 04 13:22:13 2017 The RT System itself - Status changed from 'new' to 'open'
  Sat Feb 04 16:17:53 2017 TODDR [...] cpan.org - Correspondence added
If you do use lib '.' Then you are putting that path at the front of the search path which may not always be ideal. In your case if all of your modules are the same, you only need the relative have for that one file. If you prefer to add that path back to @INC, then my recommendation would be to instead do: BEGIN { push @INC, '.' } In any case, any of the three solutions we have discussed will achieve the goal. Hope that helps! Todd
  Sun Feb 05 06:26:02 2017 pmqs [...] cpan.org - Correspondence added
Thanks Todd
  Sun Feb 12 11:03:32 2017 pmqs [...] cpan.org - Status changed from 'open' to 'patched'
  Fri Mar 10 19:07:02 2017 pmqs [...] cpan.org - Status changed from 'patched' to 'resolved'
  Fri Mar 10 19:07:02 2017 pmqs [...] cpan.org - Fixed in 2.072 added