Skip Menu |
 
rt.cpan.org will be shut down on March 1st, 2021.

This queue is for tickets about the List-MoreUtils CPAN distribution.

Report information
The Basics
Id: 115808
Status: resolved
Priority: 0/
Queue: List-MoreUtils

People
Owner: Nobody in particular
Requestors: CARNIL [...] cpan.org
Cc: AVENJ [...] cpan.org
ether [...] cpan.org
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 0.416



MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
From: CARNIL [...] cpan.org
Subject: liblist-moreutils-perl: tries to load code from cwd
X-RT-Interface: REST
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Length: 1152
Download (untitled) / with headers
text/plain 1.1k
We have the following bug reported to the Debian package of List-MoreUtils (https://bugs.debian.org/829138): This is idependent on perl including . in @INC as demonstrated by the bugreporter: ------8<-----------8<-----------8<-----------8<-----------8<----- List::MoreUtils tries to load code from a subdirectory of the current working directory. This could lead to execution of arbitrary code if cwd is untrusted. Proof of concept: $ mkdir -p '(eval 1)/auto/List/MoreUtils/' $ gcc -Wall -fPIC -shared moo.c -o '(eval 1)/auto/List/MoreUtils/MoreUtils.so' $ perl -e 'no lib "."; use List::MoreUtils' (__) (oo) /------\/ / | || * /\---/\ ~~ ~~ ..."Have you mooed today?"... Segmentation fault ------8<-----------8<-----------8<-----------8<-----------8<----- Where moo.c to have a testcase looks like: ----cut---------cut---------cut---------cut---------cut---------cut----- void __attribute__((constructor)) moo() { system("apt-get moo"); kill(0, SIGSEGV); } ----cut---------cut---------cut---------cut---------cut---------cut----- Regards, Salvatore
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-1115-1467506571-488.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 135
Download (untitled) / with headers
text/plain 135b
Please read "perldoc lib". It has nothing to do with Cwd but with insane use of lib. Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-1115-1467506571-488.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-1115-1467506571-488.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-4435-1467507314-34.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 341
Download (untitled) / with headers
text/plain 341b
On Sat Jul 02 20:42:51 2016, REHSACK wrote: Show quoted text
> Please read "perldoc lib". It has nothing to do with Cwd but with > insane use of lib. > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
Even if I don’t use lib or touch @INC, I can reproduce the problem. That doesn’t mean it’s a List::MoreUtils bug, though. It may be in XSLoader.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-4435-1467507314-34.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-1115-1467506571-488.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-31553-1467507917-1496.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 532
Download (untitled) / with headers
text/plain 532b
On Sat Jul 02 20:55:14 2016, SPROUT wrote: Show quoted text
> On Sat Jul 02 20:42:51 2016, REHSACK wrote:
> > Please read "perldoc lib". It has nothing to do with Cwd but with > > insane use of lib. > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
> > Even if I don’t use lib or touch @INC, I can reproduce the problem.
Show me! Doesn't sound reasonable. Check your PERL5LIB. Show quoted text
> That doesn’t mean it’s a List::MoreUtils bug, though. It may be in > XSLoader.
You can try knocking on their door. It might be possible, even unlikely.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-31553-1467507917-1496.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-1115-1467506571-488.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-1115-1467510209-837.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 7635
Download (untitled) / with headers
text/plain 7.4k
On Sat Jul 02 21:05:17 2016, REHSACK wrote: Show quoted text
> On Sat Jul 02 20:55:14 2016, SPROUT wrote:
> > On Sat Jul 02 20:42:51 2016, REHSACK wrote:
> > > Please read "perldoc lib". It has nothing to do with Cwd but with > > > insane use of lib. > > > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
> > > > Even if I don’t use lib or touch @INC, I can reproduce the problem.
> > Show me! Doesn't sound reasonable. Check your PERL5LIB.
I’m reproducing this under the CPAN shell (with ‘look List::MoreUtils’) after testing several modules, so PERL5LIB is huge: /Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/arch:/Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/lib:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/arch:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/lib:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/arch:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/lib:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/arch:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/lib:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/arch:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/lib:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/arch:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/lib:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/arch:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/lib:/Users/sprout/.cpan/build/Test-Requires-0.10-hoE7fE/blib/arch:/Users/sprout/.cpan/build/Test-Requires-0.10-hoE7fE/blib/lib:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/arch:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/lib:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/arch:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/lib:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/arch:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/lib:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/arch:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/lib:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/arch:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/lib:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/arch:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/lib:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/arch:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/lib:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/arch:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/lib:/Users/sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/arch:/Users/sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/lib:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/arch:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/lib:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/arch:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/lib:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/arch:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/lib:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/arch:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/lib:/Users/sprout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/arch:/Users/sprout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/lib:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/arch:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/lib:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/arch:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/lib:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/arch:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/lib:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/arch:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/lib:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/arch:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/lib:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/arch:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/lib:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/arch:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/lib:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/blib/arch:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/blib/lib:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/arch:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/lib:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/arch:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/lib:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/arch:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/lib:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/arch:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/lib:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/arch:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/lib:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/arch:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/lib:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/arch:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/lib:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/arch:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/lib:/Users/sprout/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/arch:/Users/sprout/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/lib:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/arch:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/lib:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/arch:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/lib:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/arch:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/lib:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/arch:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/lib:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/arch:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/lib:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/arch:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/lib:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/arch:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/lib:/Users/sprout/.cpan/build/HTML-Tagset-3.20-9h1_zh/blib/arch:/Users/sprout/.cpan/build/HTML-Tagset-3.20-9h1_zh/blib/lib:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/arch:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/lib:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/arch:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/lib:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/arch:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/lib:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/arch:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/lib:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/arch:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/lib:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/arch:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/lib:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/arch:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/lib:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/arch:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/lib But that does not explain why a directory called ‘(eval 1)’ is checked before anything else. So there clearly is a bug somewhere. But where? That is the question.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-31553-1467507917-1496.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-1115-1467506571-488.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-29932-1467510854-1966.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 2132
On Sat Jul 02 21:05:17 2016, REHSACK wrote: Show quoted text
> On Sat Jul 02 20:55:14 2016, SPROUT wrote:
> > On Sat Jul 02 20:42:51 2016, REHSACK wrote:
> > > Please read "perldoc lib". It has nothing to do with Cwd but with > > > insane use of lib. > > > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
> > > > Even if I don’t use lib or touch @INC, I can reproduce the problem.
> > Show me! Doesn't sound reasonable. Check your PERL5LIB. >
> > That doesn’t mean it’s a List::MoreUtils bug, though. It may be in > > XSLoader.
> > You can try knocking on their door. It might be possible, even unlikely.
The bug does seem to be in XSLoader. To reproduce on a Mac (as I am using): I have a file called moo.c, as in the original report, but it contains: $ cat moo.c void __attribute__((constructor)) moo() { system("echo whooooooo"); //kill(0, SIGSEGV); } (I commented out the kill, since SIGSEGV does not work without the correct header loaded, and my C knowledge is not so good.) $ gcc -Wall -fPIC -shared moo.c -o '(eval 1)/auto/List/MoreUtils/MoreUtils.bundle' (Mac uses .bundle, not .so.) $ perl -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' whooooooo $ perl -v |grep version This is perl 5, version 12, subversion 4 (v5.12.4) built for darwin-thread-multi-2level $ perl5.24.0 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' whooooooo $ perl5.25.2 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' whooooooo It appears to be the string eval that is causing it. If you are using string eval to avoid loading XSLoader.pm unnecessarily, you can use require instead of use and avoid the whole eval. Now why XSLoader looks at the file name of the caller I cannot say. Maybe it is designed to work that way. The documentation is certainly silent on the matter, and it does seem like a security hole. So this may not be a bug in List::MoreUtils per se (I still need to find out), but you can at least plug the security whole by avoiding the eval.
CC: CARNIL [...] cpan.org, AVENJ [...] cpan.org, "ether [...] cpan.org Niko Tyni" <ntyni [...] debian.org>
MIME-Version: 1.0
X-Spam-Flag: NO
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
content-type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -6.599
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id DCE872401A5 for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Sun, 3 Jul 2016 01:23:51 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73QpfFK55ATc for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Sun, 3 Jul 2016 01:23:49 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 9EE0D2400B9 for <bug-List-MoreUtils [...] rt.cpan.org>; Sun, 3 Jul 2016 01:23:49 -0400 (EDT)
Received: (qmail 21596 invoked by alias); 3 Jul 2016 05:23:48 -0000
Received: from mail-wm0-f49.google.com (HELO mail-wm0-f49.google.com) (74.125.82.49) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Sat, 02 Jul 2016 22:23:40 -0700
Received: by mail-wm0-f49.google.com with SMTP id a66so76056461wme.0 for <bug-List-MoreUtils [...] rt.cpan.org>; Sat, 02 Jul 2016 22:23:41 -0700 (PDT)
Received: from eldamar ([137.158.22.204]) by smtp.gmail.com with ESMTPSA id u145sm975681wmu.4.2016.07.02.22.23.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 02 Jul 2016 22:23:34 -0700 (PDT)
Delivered-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #115808] Tries to load code from cwd
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=AUq34YBKfM8NdfbnjfkSP9S367lInU4PSeVSvgqEce8=; b=ZH+bPqpWkPDpUTllvPOIvnuHM3b2dIyzWKQ01OObZZ/DbmiSe4UzAhZfz/t09Z5Txt XCjIGuxNi5uq65SU+TjP18nU2fu4BqpWvt0JUZTEIFLju00WK0UsnZWB0JRZQv5k+7Ic 7GgbJ+yTT4+EtiwgNAWCo5dLT1A0pRWtrfEEMKWNkEWslesZTsbgn7H7ppO0fcZYURN2 zDBLGN6TjjcbDAHKUzc2IgWFBIyKwdx/m4Wo7KsRd+9wE3CEUmoLAAlcQeiLKftDtHP+ Q5xBynWkRaBx8GkExt1cFX6utbGZVUqOYMgvMCvgTvQsEqcOhbKL4yIajoYHn96Z+U3q tx/g==
X-Spam-Check-BY: la.mx.develooper.com
X-Google-Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=AUq34YBKfM8NdfbnjfkSP9S367lInU4PSeVSvgqEce8=; b=hpBzzZ+fpSg7FrxswuYEHhEPMxKU1gvwMayaGTORoi0L6lSfEEpDvfIujcT0jEP7+9 wtthhChtK/l8B+5XlD7Je/bxCv239njMzSv/K0ovVU8k0y9ij5x0DTi98g2ARYC+wnS6 CyDz7Tz02PKT8Q+Jqw05s8dMsw6ZZkgin5PsITGT2cplbAsmQlul2EjpKgTcdBHM2Jhm hTUB9OLEmZwJpu31j5vpa6X2IuWFVOoJUfxPT6sRz/GL8cq53ZUFXMWWXXZPV1mvhY7G GpdycTth232S2kXVqk2pPxjXGofhHViDuShs1wtyloTDGtmI2HgKsR8Kp+acD4uRxBYx Y7TQ==
Date: Sun, 3 Jul 2016 07:23:39 +0200
X-Spam-Level:
To: Father Chrysostomos via RT <bug-List-MoreUtils [...] rt.cpan.org>
Content-Transfer-Encoding: 8bit
X-GM-Message-State: ALyK8tKbAgphdPleClMr2G03/8BhDG0M92DS7mZa6gLsCfO7bHxDS5xrIf0LkingmLYE/w==
In-Reply-To: <rt-4.0.18-29932-1467510854-486.115808-6-0 [...] rt.cpan.org>
X-Spam-Status: No, score=-6.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, FROM_OUR_RT=-4, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Content-Disposition: inline
X-RT-Interface: API
References: <RT-Ticket-115808 [...] rt.cpan.org> <rt-4.0.18-1115-1467506571-488.115808-6-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-6-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-6-0 [...] rt.cpan.org> <rt-4.0.18-29932-1467510854-486.115808-6-0 [...] rt.cpan.org>
Message-ID: <20160703052339.GA17250 [...] eldamar.local>
X-Received: by 10.28.29.211 with SMTP id d202mr5167636wmd.22.1467523417211; Sat, 02 Jul 2016 22:23:37 -0700 (PDT)
User-Agent: Mutt/1.6.0 (2016-04-01)
Return-Path: <salvatore.bonaccorso [...] gmail.com>
X-RT-Mail-Extension: list-moreutils
X-Original-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
Sender: Salvatore Bonaccorso <salvatore.bonaccorso [...] gmail.com>
From: Salvatore Bonaccorso <carnil [...] debian.org>
RT-Message-ID: <rt-4.0.18-18981-1467523432-108.115808-0-0 [...] rt.cpan.org>
Content-Length: 2541
Download (untitled) / with headers
text/plain 2.4k
Hi, On Sat, Jul 02, 2016 at 09:54:15PM -0400, Father Chrysostomos via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=115808 > > > On Sat Jul 02 21:05:17 2016, REHSACK wrote:
> > On Sat Jul 02 20:55:14 2016, SPROUT wrote:
> > > On Sat Jul 02 20:42:51 2016, REHSACK wrote:
> > > > Please read "perldoc lib". It has nothing to do with Cwd but with > > > > insane use of lib. > > > > > > > > Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
> > > > > > Even if I don’t use lib or touch @INC, I can reproduce the problem.
> > > > Show me! Doesn't sound reasonable. Check your PERL5LIB. > >
> > > That doesn’t mean it’s a List::MoreUtils bug, though. It may be in > > > XSLoader.
> > > > You can try knocking on their door. It might be possible, even unlikely.
> > The bug does seem to be in XSLoader. To reproduce on a Mac (as I am using): > > I have a file called moo.c, as in the original report, but it contains: > > $ cat moo.c > void __attribute__((constructor)) moo() { > system("echo whooooooo"); > //kill(0, SIGSEGV); > } > > (I commented out the kill, since SIGSEGV does not work without the correct header loaded, and my C knowledge is not so good.) > > $ gcc -Wall -fPIC -shared moo.c -o '(eval 1)/auto/List/MoreUtils/MoreUtils.bundle' > > (Mac uses .bundle, not .so.) > > > $ perl -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' > whooooooo > $ perl -v |grep version > This is perl 5, version 12, subversion 4 (v5.12.4) built for darwin-thread-multi-2level > $ perl5.24.0 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' > whooooooo > $ perl5.25.2 -e 'eval q| package List::MoreUtils; use XSLoader (); XSLoader::load("List::MoreUtils", "0.415") |' > whooooooo > > It appears to be the string eval that is causing it. If you are > using string eval to avoid loading XSLoader.pm unnecessarily, you > can use require instead of use and avoid the whole eval. > > Now why XSLoader looks at the file name of the caller I cannot say. > Maybe it is designed to work that way. The documentation is > certainly silent on the matter, and it does seem like a security > hole. So this may not be a bug in List::MoreUtils per se (I still > need to find out), but you can at least plug the security whole by > avoiding the eval.
I'm adding Niko to the loop, since we loked at the issue further yersrday (and concluded as well that's not List::MoreUtils but XSLoader actually). Salvatore
MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Spam-Status: No, score=-5.77 tagged_above=-99.9 required=10 tests=[AWL=0.929, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_OUR_RT=-4, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
In-Reply-To: <rt-4.0.18-1115-1467510209-1265.115808-5-0 [...] rt.cpan.org>
X-Mailer: Apple Mail (2.3124)
X-PGP-Agent: GPGMail 2.6b2
X-Spam-Flag: NO
X-RT-Interface: API
References: <RT-Ticket-115808 [...] rt.cpan.org> <rt-4.0.18-1115-1467506571-488.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-1115-1467510209-1265.115808-5-0 [...] rt.cpan.org>
X-Virus-Checked: Checked
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Received: by 10.28.109.198 with SMTP id b67mr6097374wmi.53.1467541007194; Sun, 03 Jul 2016 03:16:47 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_4ADC3B68-8941-4FFD-8BC5-446DEDB7BDFC"; micalg="pgp-sha512"; protocol="application/pgp-signature"
Message-ID: <524C1C1E-76D1-4231-A552-CB346AA3289D [...] gmail.com>
X-Spam-Score: -5.77
Authentication-Results: hipster.bestpractical.com (amavisd-new); dkim=pass header.i= [...] gmail.com
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id E5CDA240208 for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Sun, 3 Jul 2016 06:16:57 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KaRUR3zXKHPk for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Sun, 3 Jul 2016 06:16:55 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 3BBAF2401A5 for <bug-List-MoreUtils [...] rt.cpan.org>; Sun, 3 Jul 2016 06:16:55 -0400 (EDT)
Received: (qmail 31810 invoked by alias); 3 Jul 2016 10:16:55 -0000
Received: from mail-wm0-f48.google.com (HELO mail-wm0-f48.google.com) (74.125.82.48) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Sun, 03 Jul 2016 03:16:52 -0700
Received: by mail-wm0-f48.google.com with SMTP id z126so10695902wme.0 for <bug-List-MoreUtils [...] rt.cpan.org>; Sun, 03 Jul 2016 03:16:51 -0700 (PDT)
Received: from [192.168.2.112] (p578b540c.dip0.t-ipconnect.de. [87.139.84.12]) by smtp.gmail.com with ESMTPSA id bb4sm2959584wjb.32.2016.07.03.03.16.45 for <bug-List-MoreUtils [...] rt.cpan.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 03 Jul 2016 03:16:45 -0700 (PDT)
Delivered-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #115808] Tries to load code from cwd
Return-Path: <rehsack [...] gmail.com>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:message-id:references:to; bh=DD3jXjD3cNvkg5HEUIFsmvIref5EIdspKM/iy3ZRJfg=; b=jNLa6Xocx0l8m+HjP9A83HHQDmtn6O7qw0HePzI4i5xr+29mkYggWUhH7WIPEySsu7 efjUgthVnpBHs0cjV+X4ApRuKOtyJFVKenkHPc7VV7tnYr03EMVTcAzaST4UBMm26qVH LLBhdva4YeQ0T0ldVG206Vo3ufwNS1/MjRVeHMsy+AiGnDcIquqPWedGAYXHN/V+F/Vn WNmX88eMPfOTnRsT1EfTmzSxoUs/iY0AmtEf1V88cvfrbuuUrkpt39fZ9Hc0OP+UqTWp WPxKLz/SzCJTKwORiPLUDztmFr9eVsf8m/kUFwPv3RFFtXmnxrSw1KAJHQDHGFTe7kdi uKOA==
X-Spam-Check-BY: la.mx.develooper.com
X-Original-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
X-RT-Mail-Extension: list-moreutils
X-Google-Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :message-id:references:to; bh=DD3jXjD3cNvkg5HEUIFsmvIref5EIdspKM/iy3ZRJfg=; b=JA1Tbvbloo+usHc6WEHiM3n+cLpryBq77Ah4ZwDHRbHbjFJx8kS8Cd+JjLxBGZwb1e WRenZxGfKPed1aMeMhBYnHgICfDn18wWGqgSYhnqHYTZ9f8sKlkH+ASFT9TGv8Z1aWMk Zu+gSlYNW5cWj/UAx2qnL8b4BK2aJk83nHzgJxxD88KbQAW+E8i5WdAAkIeQjei7zeKQ TVVe7FaSHMdZ/T7og/euDphKQV3EU4eAOSkzR7L3J17NlRwJasI4tEtKQoE0D6Awq7fU cx5Ky/jWCN0EXPcmtnFVO1/+GTFHX9/Ye51y0KlUCIF1O4DQZ5QkifAXjKIMLHRBXvG6 mS8w==
Date: Sun, 3 Jul 2016 12:16:43 +0200
X-Spam-Level:
To: bug-List-MoreUtils [...] rt.cpan.org
X-GM-Message-State: ALyK8tJiCWZzwKyptC/lk5g+RUhfPTRhtAWLwqvcGhBB6wCopjZAp4x+7CLz9kxbNhIoXg==
From: Jens Rehsack <rehsack [...] gmail.com>
RT-Message-ID: <rt-4.0.18-1773-1467541018-368.115808-0-0 [...] rt.cpan.org>
Content-Length: 0
content-type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Content-Length: 8400
Download (untitled) / with headers
text/plain 8.2k
Show quoted text
> Am 03.07.2016 um 03:43 schrieb Father Chrysostomos via RT <bug-List-MoreUtils@rt.cpan.org>: > > Queue: List-MoreUtils > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=115808 > > > On Sat Jul 02 21:05:17 2016, REHSACK wrote:
>> On Sat Jul 02 20:55:14 2016, SPROUT wrote:
>>> On Sat Jul 02 20:42:51 2016, REHSACK wrote:
>>>> Please read "perldoc lib". It has nothing to do with Cwd but with >>>> insane use of lib. >>>> >>>> Imagine "LD_LIBRARY_PATH=.:LD_LIBRARY_PATH ...".
>>> >>> Even if I don’t use lib or touch @INC, I can reproduce the problem.
>> >> Show me! Doesn't sound reasonable. Check your PERL5LIB.
> > I’m reproducing this under the CPAN shell (with ‘look List::MoreUtils’) after testing several modules, so PERL5LIB is huge: > > /Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/arch:/Users/sprout/.cpan/build/List-MoreUtils-0.415-CTkZjK/blib/lib:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/arch:/Users/sprout/.cpan/build/Exporter-Tiny-0.042-kdbuNG/blib/lib:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/arch:/Users/sprout/.cpan/build/Tie-SecureHash-1.10-pERDdy/blib/lib:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/arch:/Users/sprout/.cpan/build/Sub-Attributes-0.02-AD9F0P/blib/lib:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/arch:/Users/sprout/.cpan/build/Devel-DebugHooks-0.02-4LFCO4/blib/lib:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/arch:/Users/sprout/.cpan/build/Data-Dump-1.23-ULwHY5/blib/lib:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/arch:/Users/sprout/.cpan/build/Data-Section-Simple-0.07-dTupfF/blib/lib:/Users/sprout/.cpan/build/Test-Requires-0.10-hoE7fE/blib/arch:/Users/sprout/.cpan/build/Test-Requires-0.10-ho > E7fE/blib/lib:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/arch:/Users/sprout/.cpan/build/Test-Differences-0.64-5doKuc/blib/lib:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/arch:/Users/sprout/.cpan/build/Text-Diff-1.44-48i5w6/blib/lib:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/arch:/Users/sprout/.cpan/build/Algorithm-Diff-1.1903-cVmSPL/blib/lib:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/arch:/Users/sprout/.cpan/build/Guard-1.023-mQqrS7/blib/lib:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/arch:/Users/sprout/.cpan/build/Test-Output-1.03-ok9_8N/blib/lib:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/arch:/Users/sprout/.cpan/build/Capture-Tiny-0.42-5FXy22/blib/lib:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/arch:/Users/sprout/.cpan/build/Sub-Exporter-0.987-ZQUXJy/blib/lib:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/arch:/Users/sprout/.cpan/build/Data-OptList-0.110-bl41NG/blib/lib:/Users/ > sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/arch:/Users/sprout/.cpan/build/Sub-Install-0.928-mdDVbc/blib/lib:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/arch:/Users/sprout/.cpan/build/Params-Util-1.07-w809Vf/blib/lib:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/arch:/Users/sprout/.cpan/build/XML-DOM-Lite-0.15-U3W4E9/blib/lib:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/arch:/Users/sprout/.cpan/build/constant-lexical-2.0002-xTYIno/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-Plugin-JavaScript-0.009-odgHnt/blib/lib:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/arch:/Users/sprout/.cpan/build/Hash-Util-FieldHash-Compat-0.11-asgN0B/blib/lib:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/arch:/Users/sprout/.cpan/build/WWW-Scripter-0.031-yo7Ha2/blib/lib:/Users/sprout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/arch:/Users/sp > rout/.cpan/build/WWW-Mechanize-1.75-MZRJyX/blib/lib:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/arch:/Users/sprout/.cpan/build/HTML-Form-6.03-RX58s6/blib/lib:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/arch:/Users/sprout/.cpan/build/HTTP-Server-Simple-0.51-XvOJSq/blib/lib:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/arch:/Users/sprout/.cpan/build/CGI-4.31-gdLCPv/blib/lib:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/arch:/Users/sprout/.cpan/build/Test-Deep-1.120-VHt5Z4/blib/lib:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/arch:/Users/sprout/.cpan/build/Test-Simple-1.302030-QFfUEb/blib/lib:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/arch:/Users/sprout/.cpan/build/Test-Warn-0.30-TtNnP9/blib/lib:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/arch:/Users/sprout/.cpan/build/Sub-Uplevel-0.25-dKKo0N/blib/lib:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/blib/arch:/Users/sprout/.cpan/build/HTML-Tree-5.03-OZ1Hi9/bl > ib/lib:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/arch:/Users/sprout/.cpan/build/Test-Fatal-0.014-hU9Lgh/blib/lib:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/arch:/Users/sprout/.cpan/build/Try-Tiny-0.24-1xKXA_/blib/lib:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/arch:/Users/sprout/.cpan/build/Module-Build-0.4218-7XEPDK/blib/lib:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/arch:/Users/sprout/.cpan/build/CPAN-Meta-2.150005-ncCfOU/blib/lib:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/arch:/Users/sprout/.cpan/build/libwww-perl-6.15-V9JWfm/blib/lib:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/arch:/Users/sprout/.cpan/build/WWW-RobotRules-6.02-YA6oBO/blib/lib:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/arch:/Users/sprout/.cpan/build/HTTP-Negotiate-6.01-FmYGqw/blib/lib:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/arch:/Users/sprout/.cpan/build/File-Listing-6.04-eTJjcl/blib/lib:/Users/sprou > t/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/arch:/Users/sprout/.cpan/build/Net-HTTP-6.09-qwmGZ5/blib/lib:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/arch:/Users/sprout/.cpan/build/JE-0.066-QVt71a/blib/lib:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/arch:/Users/sprout/.cpan/build/HTML-DOM-0.056-jLRcjO/blib/lib:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/arch:/Users/sprout/.cpan/build/TimeDate-2.30-c_ggkF/blib/lib:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/arch:/Users/sprout/.cpan/build/HTML-Encoding-0.61-CRo9H7/blib/lib:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/arch:/Users/sprout/.cpan/build/CSS-DOM-0.16-KR6L9O/blib/lib:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/arch:/Users/sprout/.cpan/build/Clone-0.38-9vLHRf/blib/lib:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/arch:/Users/sprout/.cpan/build/HTML-Parser-3.72-9PPLkd/blib/lib:/Users/sprout/.cpan/build/HTML-Tagset-3.20-9h1_zh/blib/arch:/Users/sprout/.cpan/build/HTML-Tagset > -3.20-9h1_zh/blib/lib:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/arch:/Users/sprout/.cpan/build/HTTP-Daemon-6.01-fiKf42/blib/lib:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/arch:/Users/sprout/.cpan/build/HTTP-Cookies-6.01-dEwKpm/blib/lib:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/arch:/Users/sprout/.cpan/build/HTTP-Message-6.11-mjjDTP/blib/lib:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/arch:/Users/sprout/.cpan/build/IO-HTML-1.001-iLv6MQ/blib/lib:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/arch:/Users/sprout/.cpan/build/Encode-Locale-1.05-snH7DD/blib/lib:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/arch:/Users/sprout/.cpan/build/HTTP-Date-6.02-GRb_o3/blib/lib:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/arch:/Users/sprout/.cpan/build/LWP-MediaTypes-6.02-SG7cyK/blib/lib:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/arch:/Users/sprout/.cpan/build/URI-1.71-PQBd3T/blib/lib > > But that does not explain why a directory called ‘(eval 1)’ is checked before anything else. So there clearly is a bug somewhere. But where? That is the question.
When you want to reproduce this and point a clear bug, reduce to the max. The question, why XSLoader fails might be a to long @INC - you can easily provoke by using a for loop in your shell. You should also do a $ perl -MData::Dumper -lE 'print Dumper \@INC' which shows that nothing is prepending '.' to your include path. When you got an accepted issue in XSLoader which is not in DynaLoader, please update this ticket to allow me verifying whether DynaLoader is doing the job, too. Cheers -- Jens Rehsack - rehsack@gmail.com
Content-Description: Message signed with OpenPGP using GPGMail
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Length: 842
Download signature.asc
application/pgp-signature 842b

Message body not shown because it is not plain text.

MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-1773-1467541018-368.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
X-RT-Interface: Web
References: <RT-Ticket-115808 [...] rt.cpan.org> <rt-4.0.18-1115-1467506571-488.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-1115-1467510209-1265.115808-5-0 [...] rt.cpan.org> <524C1C1E-76D1-4231-A552-CB346AA3289D [...] gmail.com> <rt-4.0.18-1773-1467541018-368.115808-0-0 [...] rt.cpan.org>
Content-Type: multipart/mixed; boundary="----------=_1467552997-12709-3"
Message-ID: <rt-4.0.18-12709-1467552997-1519.115808-0-0 [...] rt.cpan.org>
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 610
Download (untitled) / with headers
text/plain 610b
On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote: Show quoted text
> When you got an accepted issue in XSLoader which is not in DynaLoader, > please update this ticket to allow me verifying whether DynaLoader is > doing the job, too.
I’ve found the bug in XSLoader and am working on a patch for it. I have written a unit test that fails in the perl core with only three entries in @INC, so I know the long @INC is unrelated. DynaLoader is not affected, because it does search @INC, whereas XSLoader tries to take shortcuts based on (caller)[1]. The patch, a work in progress, is attached here, if you want to see it.
MIME-Version: 1.0
Subject: open_24udpsS1.txt
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Type: text/plain; charset="utf-8"; name="open_24udpsS1.txt"
Content-Disposition: inline; filename="open_24udpsS1.txt"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 3481
Download open_24udpsS1.txt
text/plain 3.3k
From 014d8912d3969aa3286cad4fe79ee5d596668309 Mon Sep 17 00:00:00 2001 From: Father Chrysostomos <sprout@cpan.org> Date: Sat, 2 Jul 2016 22:56:51 -0700 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20let=20XSLoader=20load=20relative=20?= =?UTF-8?q?paths?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [rt.cpan.org #115808] The logic in XSLoader for determining the library goes like this: my $c = () = split(/::/,$caller,-1); $modlibname =~ s,[\\/][^\\/]+$,, while $c--; # Q&D basename my $file = "$modlibname/auto/$modpname/$modfname.bundle"; (That last line varies by platform.) $caller is the calling package. $modlibname is the calling file. It removes as many path segments from $modlibname as there are segments in $caller. So if you have List/MoreUtils/XS.pm calling XSLoader from the List::MoreUtils package, the $modlibname will end up containing the path in @INC where XS.pm was found, following by "/List". Usually the fallback to Dynaloader::bootstrap_inherit, which does an @INC search, makes things Just Work. But List/MoreUtils/XS.pm actually calls XSLoader::load from inside a string eval. That means the path ends up being "(eval 1)/auto/List/MoreUtils/MoreUtils.bundle". So if someone creates a directory named ‘(eval 1)’ with a naughty binary file in it, it will be loaded if a script using List::MoreUtils is run in the parent directory. See <https://rt.cpan.org/Ticket/Display.html?id=115808>. This commit makes XSLoader fall back to Dynaloader’s @INC search if the calling file has a relative path. diff --git a/dist/XSLoader/XSLoader_pm.PL b/dist/XSLoader/XSLoader_pm.PL index 8a8852e..046ae0e 100644 --- a/dist/XSLoader/XSLoader_pm.PL +++ b/dist/XSLoader/XSLoader_pm.PL @@ -91,6 +91,8 @@ print OUT <<'EOT'; my $modpname = join('/',@modparts); my $c = () = split(/::/,$caller,-1); $modlibname =~ s,[\\/][^\\/]+$,, while $c--; # Q&D basename + # Avoid relative paths + goto \&XSLoader::bootstrap_inherit unless $modlibname =~ m|^[\\/]|; EOT my $dl_dlext = quotemeta($Config::Config{'dlext'}); diff --git a/dist/XSLoader/t/XSLoader.t b/dist/XSLoader/t/XSLoader.t index 2ff11fe..9fd0586 100644 --- a/dist/XSLoader/t/XSLoader.t +++ b/dist/XSLoader/t/XSLoader.t @@ -33,7 +33,7 @@ my %modules = ( 'Time::HiRes'=> q| ::can_ok( 'Time::HiRes' => 'usleep' ) |, # 5.7.3 ); -plan tests => keys(%modules) * 3 + 9; +plan tests => keys(%modules) * 3 + 10; # Try to load the module use_ok( 'XSLoader' ); @@ -114,6 +114,8 @@ SKIP: { skip "Cannot find $peek_file", 1 unless $module_path; + skip "Cannot test with relative path", 1 + unless $module_path =~ m|^[\\/]|; # [perl #122455] # die instead of falling back to DynaLoader @@ -125,3 +127,28 @@ XSLoader::load("Devel::Peek"); EOS or ::diag $@; } + +SKIP: { + skip "File::Path not available", 1 + unless eval { require File::Path }; + my $name = "phooo$$"; + File::Path::make_path("$name/auto/Foo/Bar"); + open my $fh, + ">$name/auto/Foo/Bar/Bar." . quotemeta($Config::Config{'dlext'}); + close $fh; + my $fell_back; + local *XSLoader::bootstrap_inherit = sub { + $fell_back++; + # Break out of the calling subs + goto the_test; + }; + eval <<END; +#line 1 $name +package Foo::Bar; +XSLoader::load("Foo::Bar"); +END + the_test: + ok $fell_back, + 'XSLoader will not load relative paths based on (caller)[1]'; + File::Path::remove_tree($name); +}
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-31328-1467567800-1091.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 146
Download (untitled) / with headers
text/plain 146b
Why does List::MoreUtils call XSLoader from inside a stringy eval? That seems unnecessary and also results in all the other errors discussed here.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-12709-1467552997-1519.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
X-RT-Interface: Web
References: <RT-Ticket-115808 [...] rt.cpan.org> <rt-4.0.18-1115-1467506571-488.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-1115-1467510209-1265.115808-5-0 [...] rt.cpan.org> <524C1C1E-76D1-4231-A552-CB346AA3289D [...] gmail.com> <rt-4.0.18-1773-1467541018-368.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-12709-1467552997-1519.115808-0-0 [...] rt.cpan.org>
Content-Type: multipart/mixed; boundary="----------=_1467570004-5342-6"
Message-ID: <rt-4.0.18-5342-1467570004-678.115808-0-0 [...] rt.cpan.org>
X-RT-Original-Encoding: utf-8
RT-Send-CC: sebastien [...] aperghis.net
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 0
Content-Disposition: inline
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 1269
Download (untitled) / with headers
text/plain 1.2k
On Sun Jul 03 09:36:37 2016, SPROUT wrote: Show quoted text
> On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:
> > When you got an accepted issue in XSLoader which is not in > > DynaLoader, > > please update this ticket to allow me verifying whether DynaLoader is > > doing the job, too.
> > I’ve found the bug in XSLoader and am working on a patch for it. I > have written a unit test that fails in the perl core with only three > entries in @INC, so I know the long @INC is unrelated. DynaLoader is > not affected, because it does search @INC, whereas XSLoader tries to > take shortcuts based on (caller)[1].
The bug is now fixed in the perl core: http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable that we get a new release soon. As for List::MoreUtils, I think one of three things should happen: 1) Depend on XSLoader 0.22. 2) Avoid the string eval. 3) Use a #line directive. Item #1 would require waiting for a new CPAN release of XSLoader. Item #3 requires a smaller change to the code than #2, so I have attached a patch. Even if List::MoreUtils is not at fault, I think this patch is helpful, as it makes it easier to trace any errors or warnings that originate from the string eval.
MIME-Version: 1.0
Subject: Patch for List-MoreUtils.txt
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Type: text/plain; charset="utf-8"; name="Patch for List-MoreUtils.txt"
Content-Disposition: inline; filename="Patch for List-MoreUtils.txt"
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
Content-Length: 642
diff -rup List-MoreUtils-0.415-sba79Z-orig/lib/List/MoreUtils/XS.pm List-MoreUtils-0.415-sba79Z/lib/List/MoreUtils/XS.pm --- List-MoreUtils-0.415-sba79Z-orig/lib/List/MoreUtils/XS.pm 2016-05-01 09:47:00.000000000 -0700 +++ List-MoreUtils-0.415-sba79Z/lib/List/MoreUtils/XS.pm 2016-07-03 11:02:41.000000000 -0700 @@ -13,6 +13,7 @@ BEGIN # Load the XS at compile-time so that redefinition warnings will be # thrown correctly if the XS versions of part or indexes loaded my $ldr = <<EOLDR; +#line ${\(__LINE__+1 . " " . __FILE__)} package List::MoreUtils; # PERL_DL_NONLAZY must be false, or any errors in loading will just
MIME-Version: 1.0
X-Spam-Status: No, score=-2.249 tagged_above=-99.9 required=10 tests=[AWL=0.350, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
In-Reply-To: <rt-4.0.18-5342-1467570004-329.115808-7-0 [...] rt.cpan.org>
X-Mailer: Zimbra 7.2.0-GA2598 (ZimbraWebClient - FF3.0 (Linux)/7.2.0-GA2598)
X-Spam-Flag: NO
X-RT-Interface: API
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <1167461881.817382806.1467633667747.JavaMail.root [...] spooler3-g27.priv.proxad.net>
content-type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -2.249
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 5EBA22402E7 for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Mon, 4 Jul 2016 08:01:20 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h+eYfJ46qOLT for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Mon, 4 Jul 2016 08:01:17 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 7C183240108 for <bug-List-MoreUtils [...] rt.cpan.org>; Mon, 4 Jul 2016 08:01:17 -0400 (EDT)
Received: (qmail 3021 invoked by alias); 4 Jul 2016 12:01:17 -0000
Received: from smtp2-g21.free.fr (HELO smtp2-g21.free.fr) (212.27.42.2) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Mon, 04 Jul 2016 05:01:12 -0700
Received: from spooler3-g27.priv.proxad.net (unknown [172.20.243.239]) by smtp2-g21.free.fr (Postfix) with ESMTP id E2EEF200389 for <bug-List-MoreUtils [...] rt.cpan.org>; Mon, 4 Jul 2016 11:54:12 +0200 (CEST)
Delivered-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #115808] Tries to load code from cwd
Return-Path: <maddingue [...] free.fr>
X-Spam-Check-BY: la.mx.develooper.com
X-Original-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
X-RT-Mail-Extension: list-moreutils
Date: Mon, 4 Jul 2016 14:01:07 +0200 (CEST)
X-Spam-Level:
X-Authenticated-User: maddingue [...] free.fr
X-Originating-Ip: [2a02:1758:0:4:d0e2:1595:24ce:3414]
To: bug-List-MoreUtils [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <sebastien [...] aperghis.net>
RT-Message-ID: <rt-4.0.18-633-1467633681-1607.115808-0-0 [...] rt.cpan.org>
Content-Length: 998
Download (untitled) / with headers
text/plain 998b
Father Chrysostomos wrote via RT: Show quoted text
> On Sun Jul 03 09:36:37 2016, SPROUT wrote:
> > On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:
> > > When you got an accepted issue in XSLoader which is not in > > > DynaLoader, > > > please update this ticket to allow me verifying whether > > > DynaLoader is > > > doing the job, too.
> > > > I’ve found the bug in XSLoader and am working on a patch for it. I > > have written a unit test that fails in the perl core with only > > three > > entries in @INC, so I know the long @INC is unrelated. DynaLoader > > is > > not affected, because it does search @INC, whereas XSLoader tries > > to > > take shortcuts based on (caller)[1].
> > The bug is now fixed in the perl core: > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable > that we get a new release soon.
Noted. I'll make a release tonight. -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-5342-1467570004-678.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <RT-Ticket-115808 [...] rt.cpan.org> <rt-4.0.18-1115-1467506571-488.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-4435-1467507314-34.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-31553-1467507917-1496.115808-5-0 [...] rt.cpan.org> <rt-4.0.18-1115-1467510209-1265.115808-5-0 [...] rt.cpan.org> <524C1C1E-76D1-4231-A552-CB346AA3289D [...] gmail.com> <rt-4.0.18-1773-1467541018-368.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-12709-1467552997-1519.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-5342-1467570004-678.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-15913-1467644419-185.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: sebastien [...] aperghis.net, ntyni [...] debian.org, carnil [...] debian.org
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 1499
Download (untitled) / with headers
text/plain 1.4k
On Sun Jul 03 14:20:04 2016, SPROUT wrote: Show quoted text
> On Sun Jul 03 09:36:37 2016, SPROUT wrote:
> > [...] > > I’ve found the bug in XSLoader and am working on a patch for it. I > > have written a unit test that fails in the perl core with only three > > entries in @INC, so I know the long @INC is unrelated. DynaLoader is > > not affected, because it does search @INC, whereas XSLoader tries to > > take shortcuts based on (caller)[1].
> > The bug is now fixed in the perl core: > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable > that we get a new release soon. > > As for List::MoreUtils, I think one of three things should happen: > > 1) Depend on XSLoader 0.22. > 2) Avoid the string eval. > 3) Use a #line directive. > > Item #1 would require waiting for a new CPAN release of XSLoader. > Item #3 requires a smaller change to the code than #2, so I have > attached a patch. Even if List::MoreUtils is not at fault, I think > this patch is helpful, as it makes it easier to trace any errors or > warnings that originate from the string eval.
I think I rely on the first two ones: 1) Requiring a version of XSLoader without such a bug seems reasonable regardless avoiding the string eval. 2) the string eval is a relic from early 0.4xx versions of List::MoreUtils playing with different strategys to fix the broken API The line hint seems to be valuable for a lot of other use cases, either. Thanks for it.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-633-1467633681-1607.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-5342-1467570004-329.115808-7-0 [...] rt.cpan.org> <1167461881.817382806.1467633667747.JavaMail.root [...] spooler3-g27.priv.proxad.net> <rt-4.0.18-633-1467633681-1607.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-11241-1467647555-1903.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: sebastien [...] aperghis.net
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 1212
Download (untitled) / with headers
text/plain 1.1k
On Mon Jul 04 08:01:21 2016, sebastien@aperghis.net wrote: Show quoted text
> Father Chrysostomos wrote via RT: >
> > On Sun Jul 03 09:36:37 2016, SPROUT wrote:
> > > On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:
> > > > When you got an accepted issue in XSLoader which is not in > > > > DynaLoader, > > > > please update this ticket to allow me verifying whether > > > > DynaLoader is > > > > doing the job, too.
> > > > > > I’ve found the bug in XSLoader and am working on a patch for it. I > > > have written a unit test that fails in the perl core with only > > > three > > > entries in @INC, so I know the long @INC is unrelated. DynaLoader > > > is > > > not affected, because it does search @INC, whereas XSLoader tries > > > to > > > take shortcuts based on (caller)[1].
> > > > The bug is now fixed in the perl core: > > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > > > A am cc’ing the CPAN maintainer of XSLoader, since it seems advisable > > that we get a new release soon.
> > Noted. I'll make a release tonight.
Thank you. Could you wait, though, until I correct bleadperl to take Windows drive letters into account? I have a patch which I hope to apply in the next few hours.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-11241-1467647555-1903.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-5342-1467570004-329.115808-7-0 [...] rt.cpan.org> <1167461881.817382806.1467633667747.JavaMail.root [...] spooler3-g27.priv.proxad.net> <rt-4.0.18-633-1467633681-1607.115808-0-0 [...] rt.cpan.org> <rt-4.0.18-11241-1467647555-1903.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-16319-1467664268-642.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: sebastien [...] aperghis.net
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 1402
Download (untitled) / with headers
text/plain 1.3k
On Mon Jul 04 11:52:35 2016, SPROUT wrote: Show quoted text
> On Mon Jul 04 08:01:21 2016, sebastien@aperghis.net wrote:
> > Father Chrysostomos wrote via RT: > >
> > > On Sun Jul 03 09:36:37 2016, SPROUT wrote:
> > > > On Sun Jul 03 06:16:58 2016, rehsack@gmail.com wrote:
> > > > > When you got an accepted issue in XSLoader which is not in > > > > > DynaLoader, > > > > > please update this ticket to allow me verifying whether > > > > > DynaLoader is > > > > > doing the job, too.
> > > > > > > > I’ve found the bug in XSLoader and am working on a patch for it. > > > > I > > > > have written a unit test that fails in the perl core with only > > > > three > > > > entries in @INC, so I know the long @INC is unrelated. > > > > DynaLoader > > > > is > > > > not affected, because it does search @INC, whereas XSLoader tries > > > > to > > > > take shortcuts based on (caller)[1].
> > > > > > The bug is now fixed in the perl core: > > > http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 > > > > > > A am cc’ing the CPAN maintainer of XSLoader, since it seems > > > advisable > > > that we get a new release soon.
> > > > Noted. I'll make a release tonight.
> > Thank you. Could you wait, though, until I correct bleadperl to take > Windows drive letters into account? I have a patch which I hope to > apply in the next few hours.
As of v5.25.2-95-ga651dcd, bleadperl takes drive letters into account.
MIME-Version: 1.0
X-Spam-Status: No, score=-2.599 tagged_above=-99.9 required=10 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
In-Reply-To: <rt-4.0.18-16319-1467664269-161.115808-7-0 [...] rt.cpan.org>
X-Mailer: Zimbra 7.2.0-GA2598 (ZimbraWebClient - FF3.0 (Mac)/7.2.0-GA2598)
X-Spam-Flag: NO
X-RT-Interface: API
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
Message-ID: <2092877578.822889937.1467745253919.JavaMail.root [...] spooler3-g27.priv.proxad.net>
content-type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
X-Spam-Score: -2.599
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id CF7272402E7 for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Tue, 5 Jul 2016 15:01:07 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KH0kxtz9G0QY for <cpan-bug+List-MoreUtils [...] hipster.bestpractical.com>; Tue, 5 Jul 2016 15:01:05 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id 0114B24020C for <bug-List-MoreUtils [...] rt.cpan.org>; Tue, 5 Jul 2016 15:01:04 -0400 (EDT)
Received: (qmail 5929 invoked by alias); 5 Jul 2016 19:01:04 -0000
Received: from smtp6-g21.free.fr (HELO smtp6-g21.free.fr) (212.27.42.6) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Tue, 05 Jul 2016 12:00:58 -0700
Received: from spooler3-g27.priv.proxad.net (unknown [172.20.243.239]) by smtp6-g21.free.fr (Postfix) with ESMTP id 57ABE78033D for <bug-List-MoreUtils [...] rt.cpan.org>; Tue, 5 Jul 2016 17:20:02 +0200 (CEST)
Delivered-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
Subject: Re: [rt.cpan.org #115808] Tries to load code from cwd
Return-Path: <maddingue [...] free.fr>
X-Spam-Check-BY: la.mx.develooper.com
X-Original-To: cpan-bug+List-MoreUtils [...] hipster.bestpractical.com
X-RT-Mail-Extension: list-moreutils
Date: Tue, 5 Jul 2016 21:00:53 +0200 (CEST)
X-Spam-Level:
X-Authenticated-User: maddingue [...] free.fr
X-Originating-Ip: [2a01:cb00:487:ce00:a082:a21a:503a:44b6]
To: bug-List-MoreUtils [...] rt.cpan.org
Content-Transfer-Encoding: quoted-printable
From: Sébastien Aperghis-Tramoni <sebastien [...] aperghis.net>
RT-Message-ID: <rt-4.0.18-19757-1467745268-1606.115808-0-0 [...] rt.cpan.org>
Content-Length: 1175
Download (untitled) / with headers
text/plain 1.1k
Father Chrysostomos wrote via RT: Show quoted text
> As of v5.25.2-95-ga651dcd, bleadperl takes drive letters into > account.
Just uploaded on the CPAN. I took the liberty to fix the following nit in the documentation: --- sources/XSLoader_pm.PL 2016-07-05 19:58:22.000000000 +0200 +++ blead/dist/XSLoader/XSLoader_pm.PL 2016-07-05 19:55:36.000000000 +0200 @@ -255,7 +255,7 @@ =head1 VERSION -Version 0.22 +Version 0.17 =head1 SYNOPSIS and patch the tests so they pass on Perl 5.8 and 5.10: --- sources/t/XSLoader.t 2016-07-05 20:36:50.000000000 +0200 +++ blead/dist/XSLoader/t/XSLoader.t 2016-07-05 19:55:36.000000000 +0200 @@ -130,7 +130,7 @@ skip "File::Path not available", 1 unless eval { require File::Path }; my $name = "phooo$$"; - File::Path::mkpath("$name/auto/Foo/Bar"); + File::Path::make_path("$name/auto/Foo/Bar"); open my $fh, ">$name/auto/Foo/Bar/Bar.$Config::Config{'dlext'}"; close $fh; @@ -148,5 +148,5 @@ the_test: ok $fell_back, 'XSLoader will not load relative paths based on (caller)[1]'; - File::Path::rmtree($name); + File::Path::remove_tree($name); } -- Sébastien Aperghis-Tramoni Close the world, txEn eht nepO.
MIME-Version: 1.0
In-Reply-To: <rt-4.0.18-19757-1467745268-1606.115808-0-0 [...] rt.cpan.org>
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
References: <rt-4.0.18-16319-1467664269-161.115808-7-0 [...] rt.cpan.org> <2092877578.822889937.1467745253919.JavaMail.root [...] spooler3-g27.priv.proxad.net> <rt-4.0.18-19757-1467745268-1606.115808-0-0 [...] rt.cpan.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-1982-1467766757-580.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC: sebastien [...] aperghis.net
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 515
Download (untitled) / with headers
text/plain 515b
On Tue Jul 05 15:01:08 2016, sebastien@aperghis.net wrote: Show quoted text
> Father Chrysostomos wrote via RT: >
> > As of v5.25.2-95-ga651dcd, bleadperl takes drive letters into > > account.
> > Just uploaded on the CPAN. I took the liberty to fix the following > nit in the documentation: > > --- sources/XSLoader_pm.PL 2016-07-05 19:58:22.000000000 +0200 > +++ blead/dist/XSLoader/XSLoader_pm.PL 2016-07-05 19:55:36.000000000 +0200 > @@ -255,7 +255,7 @@
Thank you. I have applied your changes to blead in commit ae635bbffa.
MIME-Version: 1.0
X-Mailer: MIME-tools 5.504 (Entity 5.504)
Content-Disposition: inline
X-RT-Interface: Web
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.0.18-1870-1469627947-1595.115808-0-0 [...] rt.cpan.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 109
Download (untitled) / with headers
text/plain 109b
Not a problem of List::MoreUtils but fixed XSLoader is now prerequiste. So - we can call it kind-of solved ;)


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.