Skip Menu |
 

This queue is for tickets about the Module-Build CPAN distribution.

Report information
The Basics
Id: 119788
Status: rejected
Priority: 0/
Queue: Module-Build

People
Owner: Nobody in particular
Requestors: leonerd-cpan [...] leonerd.org.uk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 0.4220
Fixed in: (no value)



Subject: M::B 0.4220 seems to interfere with "." in @INC
Under perl 5.24 we no longer have "." in @INC. I have several unit tests unprepared for this change, which therefore ought to fail on perl 5.24. When I build with Module::Build version 0.4218 that is indeed what happens: $ perlmodversion Module::Build 0.4218 $ ./Build test ... t/90ex_bencode.t .......... Can't locate examples/parse-bencode.pl in @INC (@INC contains: /home/leo/src/perl/Parser-MGC/blib/lib /home/leo/src/perl/Parser-MGC/blib/arch /home/leo/lib/perl5/x86_64-linux-gnu-thread-multi /home/leo/lib/perl5 /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.24.1 /usr/local/share/perl/5.24.1 /usr/lib/x86_64-linux-gnu/perl5/5.24 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.24 /usr/share/perl/5.24 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at t/90ex_bencode.t line 8. t/90ex_bencode.t .......... Dubious, test returned 2 (wstat 512, 0x200) However, on upgrading to 0.4220 erroneously passes this test, causing a false-positive PASS on local testing which then fails for CPAN smokers, upstream users, etc.. depending on their exact version of M::B. -- Paul Evans
Download (untitled) / with headers
text/plain 817b
Ah. I should perhaps add that actually, a plain 5.24 doesn't (yet) remove ".", but that behaviour seems to be from my debian config file: $ cat /etc/perl/sitecustomize.pl # This script is only provided as a transition mechanism for # removing the current working directory from the library search path # while leaving a temporary way to override this locally. # # If you really need "." to be on @INC globally, you can comment # this away for now. However, please note that this facility # is expected to be removed after the Debian stretch release, # at which point any code in this file will not have any effect. # # Please see CVE-2016-1238 for background information on the risks # of having "." on @INC. pop @INC if $INC[-1] eq '.' and !$ENV{PERL_USE_UNSAFE_INC}; -- Paul Evans
Download (untitled) / with headers
text/plain 449b
On 2017-01-10 09:00:38, PEVANS wrote: Show quoted text
> However, on upgrading to 0.4220 erroneously passes this test, causing a false-positive PASS on local testing which then fails for CPAN smokers, upstream users, etc.. depending on their exact version of M::B.
Curious.. I don't see any commits for 0.42_19 or 0.4220 pertaining to dot-in-INC, so it doesn't appear to be an intentional change. We should try to bisect this to identify what commit is to blame.
Download (untitled) / with headers
text/plain 717b
On 2017-01-10 12:07:04, ETHER wrote: Show quoted text
> On 2017-01-10 09:00:38, PEVANS wrote:
> > However, on upgrading to 0.4220 erroneously passes this test, causing > > a false-positive PASS on local testing which then fails for CPAN > > smokers, upstream users, etc.. depending on their exact version of > > M::B.
> > Curious.. I don't see any commits for 0.42_19 or 0.4220 pertaining to > dot-in-INC, so it doesn't appear to be an intentional change. > > We should try to bisect this to identify what commit is to blame.
I see from reading #p5p that the incorrectly-passing Module::Build was installed from debian (which patched the source to use PERL_USE_UNSAFE_INC), not cpan, so the fault is not here in our code. closing.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.