Skip Menu |
 

This queue is for tickets about the IO-Compress CPAN distribution.

Report information
The Basics
Id: 120084
Status: resolved
Priority: 0/
Queue: IO-Compress

People
Owner: Nobody in particular
Requestors: TODDR [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 2.017
Fixed in: 2.072



Subject: Need Fix for Makefile.PL depending on . in @INC
Download (untitled) / with headers
text/plain 994b
As a result of CVE-2016-1238, In 5.26 it will be a build option to make a perl without . in @INC. This requires the script writer to be explicit if they want to load modules from relative paths. For more info you can also see https://rt.perl.org/Ticket/Display.html?id=130467 and https://rt.perl.org/Ticket/Display.html?id=127810 for core perl discussions. My doc is here http://blogs.perl.org/users/todd_rinaldo/2016/11/how-removing-from-inc-is-about-to-break-cpan.html Currently this is the error: Can't locate private/MakeUtil.pm in @INC (you may need to install the private::MakeUtil module) (@INC contains: /home/smoker/perl5/lib/perl5/5.25.9/x86_64-linux /home/smoker/perl5/lib/perl5/5.25.9 /home/smoker/perl5/lib/perl5/x86_64-linux /home/smoker/perl5/lib/perl5 /perl/5.25.9/lib/site_perl/5.25.9/x86_64-linux /perl/5.25.9/lib/site_perl/5.25.9 /perl/5.25.9/lib/5.25.9/x86_64-linux /perl/5.25.9/lib/5.25.9) at Makefile.PL line 8. BEGIN failed--compilation aborted at Makefile.PL line 8.
This is the fix.
Subject: IO-Uncompress-Base.patch
diff --git a/Makefile.PL b/Makefile.PL index 341e4b7..ddb6808 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -5,7 +5,7 @@ require 5.006 ; $::VERSION = '2.070' ; -use private::MakeUtil; +require './private/MakeUtil.pm'; use ExtUtils::MakeMaker 5.16 ; UpDowngrade(getPerlFiles('MANIFEST'))
Download (untitled) / with headers
text/plain 281b
Thanks Todd, this issue will apply to a number of my modules. I assume this is equivalent? use lib '.'; use private::MakeUtil; Your blog entry suggests that it is, but haven't been following this thread, so want to be sure there aren't any other implications. cheers Paul
Download (untitled) / with headers
text/plain 446b
If you do use lib '.' Then you are putting that path at the front of the search path which may not always be ideal. In your case if all of your modules are the same, you only need the relative have for that one file. If you prefer to add that path back to @INC, then my recommendation would be to instead do: BEGIN { push @INC, '.' } In any case, any of the three solutions we have discussed will achieve the goal. Hope that helps! Todd
Thanks Todd


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.