Bug #127176 for CHI-Driver-Redis: [PATCH] Use FindBin to find inc::Module::Install

Sat Sep 22 14:59:50 2018 mans0954 [...] debian.org - Ticket created

Subject:	[PATCH] Use FindBin to find inc::Module::Install
Date:	Sat, 22 Sep 2018 19:59:34 +0100
To:	bug-chi-driver-redis [...] rt.cpan.org
From:	Christopher Hoskin <mans0954 [...] debian.org>

In Debian we are currently applying the following patch to CHI-Driver-Redis. We thought you might be interested in it too. Description: Use FindBin to find inc::Module::Install . is no longer included in @INC as of Perl 5.26 due to CVE-2016-1238 Author: Christopher Hoskin <mans0954@debian.org> Last-Update: 2018-09-22 The patch is tracked in our Git repository at https://salsa.debian.org/perl-team/modules/packages/libchi-driver-redis-perl/raw/master/debian/patches/findbin.patch Thanks for considering, Christopher Hoskin, Debian Perl Group

Message body is not shown because sender requested not to inline it.

Sat Sep 22 15:05:42 2018 ether [...] cpan.org - Correspondence added

On 2018-09-22 11:59:50, mans0954@debian.org wrote: Show quoted text

> > In Debian we are currently applying the following patch to > CHI-Driver-Redis. > We thought you might be interested in it too. > > Description: Use FindBin to find inc::Module::Install > . is no longer included in @INC as of Perl 5.26 due to CVE-2016-1238

I don't think this is a good patch. FindBin does a *lot* of things behind the scenes, most of which is unnecessary. The correct minimal change to make here is to add a single line to Makefile.PL: use lib '.'; More properly, this distribution should be transitioned off of Module::Install entirely, but that's a bigger change to make.

Sat Sep 22 15:05:42 2018 The RT System itself - Status changed from 'new' to 'open'

Sat Sep 22 15:05:42 2018 ether [...] cpan.org - Taken