Skip Menu |

This queue is for tickets about the File-Util CPAN distribution.

Report information
The Basics
Id: 132060
Status: resolved
Priority: 0/
Queue: File-Util
People
Owner: tommy [...] cpan.org
Requestors: dcantrell [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: 4.161950
Fixed in: (no value)

History Show all quoted text
  Thu Mar 05 10:44:46 2020 dcantrell [...] cpan.org - Ticket created
Subject: File::Util messes with @INC
File::Util unexpectedly adds the 'lib' directory to @INC, meaning that as soon as it is loaded perl may start loading any subsequent modules from unexpected places. This is both a source of really hard to understand bugs, but is also a serious security risk as code that uses File::Util can be tricked into loading and executing stuff that is under the control of the user.
  Thu Mar 05 11:16:55 2020 dcantrell [...] cpan.org - Correspondence added
This happens in numerous modules within the distribution: https://grep.metacpan.org/search?q=use+lib&qd=File-Util&qft=*.pm
  Thu Mar 05 11:36:20 2020 tommy [...] cpan.org - Correspondence added
It's possible that this has just not impacted anyone for whatever number of years it has been since I've run into a bug report. This distribution has just been really stable. I will look into this later today and fix the problem. Look for a new release in the coming days. Thank you for reporting this issue.
  Thu Mar 05 11:36:21 2020 The RT System itself - Status changed from 'new' to 'open'
  Thu Mar 05 11:53:20 2020 dcantrell [...] cpan.org - Correspondence added
Thanks!
  Sun Mar 08 20:54:04 2020 ace [...] tommybutler.me - Correspondence added
Subject: Re: [rt.cpan.org #132060] File::Util messes with @INC
Date: Sun, 8 Mar 2020 19:53:47 -0500
To: Unknown <bug-File-Util [...] rt.cpan.org>
From: Tommy Butler <ace [...] tommybutler.me>
Apologies and a heads-up ... I won't be able to get to this for 7 more days. Thanks for your patience. -- Tommy Butler On Thu, Mar 5, 2020 at 10:53 AM David Cantrell via RT < bug-File-Util@rt.cpan.org> wrote: Show quoted text
> Queue: File-Util > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=132060 > > > Thanks! >
  Mon Mar 30 15:27:33 2020 tommy [...] cpan.org - Correspondence added
My apologies for the delay. My family is well, but we are still struggling to keep things under control and everyone on schedule during this global health crisis. I have not forgotten about this issue and I still intend to fix it when things settle down or I can get a spare moment.
  Fri Jun 19 22:19:27 2020 tommy [...] cpan.org - Correspondence added
RT-Send-CC: dcantrell [...] cpan.org
OK, bug fixed, github updated, distro uploaded to PAUSE. Once it's live and registers back here in RT I'll mark it resolved. Thank you for the bug report, and thank you for your patience. Best of luck and please stay safe. Regards, Tommy.
  Fri Jun 19 22:19:28 2020 tommy [...] cpan.org - Status changed from 'open' to 'patched'
  Sat Jun 20 15:30:30 2020 dcantrell [...] cpan.org - Correspondence added
On Sat Jun 20 03:19:27 2020, TOMMY wrote: Show quoted text
> OK, bug fixed, github updated, distro uploaded to PAUSE. Once it's > live and registers back here in RT I'll mark it resolved. Thank you > for the bug report, and thank you for your patience. Best of luck and > please stay safe. Regards, Tommy.
Looks good, thanks!
  Sat Jun 20 15:41:26 2020 tommy [...] cpan.org - Correspondence added
Resolved. Although I see a blip on the CPAN testers matrix, it looks like it's due to a misconfiguration on the testers machine, and it was for an architecture and a version of Pearl that also had several other passes, so I'm going to call this good. Looks like we've resolved the issue and I appreciate you bringing it to my attention. Closing this one out, have a good weekend and happy Father's Day to everyone tomorrow.
  Sat Jun 20 15:41:28 2020 tommy [...] cpan.org - Status changed from 'patched' to 'resolved'
  Sat Jun 20 15:41:28 2020 tommy [...] cpan.org - Taken
  Sat Jun 20 15:42:50 2020 ace [...] tommybutler.me - Correspondence added
Subject: Re: [rt.cpan.org #132060] File::Util messes with @INC
Date: Sat, 20 Jun 2020 14:42:32 -0500
To: bug-File-Util [...] rt.cpan.org
From: Tommy Butler <ace [...] tommybutler.me>
*PERL apologies for the typo. On Sat, Jun 20, 2020, 2:41 PM Tommy Butler via RT <bug-File-Util@rt.cpan.org> wrote: Show quoted text
> Queue: File-Util > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=132060 > > > Resolved. > > Although I see a blip on the CPAN testers matrix, it looks like it's due > to a misconfiguration on the testers machine, and it was for an > architecture and a version of Pearl that also had several other passes, so > I'm going to call this good. Looks like we've resolved the issue and I > appreciate you bringing it to my attention. > > Closing this one out, have a good weekend and happy Father's Day to > everyone tomorrow. >