Skip Menu |
 

This queue is for tickets about the File-NFSLock CPAN distribution.

Report information
The Basics
Id: 120088
Status: open
Worked: 50 min
Priority: 0/
Queue: File-NFSLock

People
Owner: bbb [...] cpan.org
Requestors: TODDR [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 1.27
Fixed in: 1.28



Subject: Need support for perl without . in @INC in Makefile.PL
Download (untitled) / with headers
text/plain 531b
Your generated Makefile will not run unless . is in @INC. As a result of CVE-2016-1238, In 5.26 it will be a build option to make a perl without . in @INC. This requires the script writer to be explicit if they want to load modules from relative paths. For more info you can also see https://rt.perl.org/Ticket/Display.html?id=130467 and https://rt.perl.org/Ticket/Display.html?id=127810 for core perl discussions. My doc is here http://blogs.perl.org/users/todd_rinaldo/2016/11/how-removing-from-inc-is-about-to-break-cpan.html
Attaching a patch that should fix things.
Subject: File-NFSLock.patch
Download File-NFSLock.patch
text/x-diff 861b
From dddeafacc38952f5b565152f4ffe30747fbeb106 Mon Sep 17 00:00:00 2001 From: Nicolas Rochelemagne <rochelemagne@cpanel.net> Date: Fri, 8 Jan 2016 12:07:32 -0600 Subject: [PATCH] Add support for perl without . in @INC in Makefile.PL --- Makefile.PL | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index abc3381..5d68926 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -28,9 +28,10 @@ package MY; sub processPL { my $self = shift; my $block = $self->SUPER::processPL(@_); - # "Version:" in spec needs to match + # "Version:" in spec needs to match # "$VERSION" from VERSION_FROM - $block =~ s%(spec.PL\s*)$%$1 \$\(VERSION_FROM\)%m; + $block =~ s[(\$\(PERLRUNINST\)\s+File-NFSLock.spec.PL\b)][PERL_USE_UNSAFE_INC=1 $1]m; + $block =~ s%(spec.PL\s*)$%1 \$\(VERSION_FROM\)%m; $block; } -- 2.7.0
Download (untitled) / with headers
text/plain 417b
On Fri Feb 03 15:47:57 2017, TODDR wrote: Show quoted text
> Attaching a patch that should fix things. >
Hi Rob Brown and Paul Seamons. I would greatly appreciate you applying this patch and uploading a new version of File::NFSLock as that module is required by other modules that now won't install on Perl 5.26 or later e.g., Cache::Memory. Thanks to TODDR for supplying the patch. Thanks Martin -- Martin J. Evans Wetherby, UK
Download (untitled) / with headers
text/plain 741b
On Thu Nov 01 11:18:55 2018, MJEVANS wrote: Show quoted text
> On Fri Feb 03 15:47:57 2017, TODDR wrote:
> > Attaching a patch that should fix things. > >
> > Hi Rob Brown and Paul Seamons. > I would greatly appreciate you applying this patch and uploading a new > version of File::NFSLock as that module is required by other modules > that now won't install on Perl 5.26 or later e.g., Cache::Memory. > > Thanks to TODDR for supplying the patch. > > Thanks > > Martin
Martin, Thanks for bumping this issue. Unfortunately, the patch appears to be inappropriate, and breaks some other environments. It's also difficult for me to find a -Ddefault_inc_excludes_dot environment to test this new-fangled behavior. Give me a bit of time to continue testing.
Download (untitled) / with headers
text/plain 465b
On Fri Feb 03 15:47:57 2017, TODDR wrote: Show quoted text
> Attaching a patch that should fix things. >
Todd, Thank you for your patch. I've made some minor adjustments and pushed the solution to github: https://github.com/hookbot/File-NFSLock/commit/4a4be6b684827bfee61b259cacac8e5115431451 I haven't been able to find an environment with the newer Perl in order to test all the functionalities, but I'll just PAUSE it to CPAN anyways. So this issue is fixed in 1.28. -- Rob
Download (untitled) / with headers
text/plain 107b
Instead of adding PERL_USE_UNSAFE_INC=1 into the Makefile, why not add './' to File-NFSLock.spec.PL's path?
Download (untitled) / with headers
text/plain 204b
On Thu Nov 01 12:32:04 2018, ETHER wrote: Show quoted text
> Instead of adding PERL_USE_UNSAFE_INC=1 into the Makefile, why not add > './' to File-NFSLock.spec.PL's path?
I agree with ether. That was an old suggestion.
Subject: Re: [rt.cpan.org #120088] Need support for perl without . in @INC in Makefile.PL
Date: Thu, 1 Nov 2018 10:36:37 -0600
To: bug-File-NFSLock [...] rt.cpan.org
From: Rob Brown <bbb [...] cpan.org>
Download (untitled) / with headers
text/plain 549b
I'm still having trouble seeing what the problem is. Maybe if I just change this line 32: do "Makefile.PL"; to this: do "./Makefile.PL"; On Thu, Nov 1, 2018 at 10:34 AM Todd Rinaldo via RT < bug-File-NFSLock@rt.cpan.org> wrote: Show quoted text
> Queue: File-NFSLock > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=120088 > > > On Thu Nov 01 12:32:04 2018, ETHER wrote:
> > Instead of adding PERL_USE_UNSAFE_INC=1 into the Makefile, why not add > > './' to File-NFSLock.spec.PL's path?
> > > I agree with ether. That was an old suggestion. >
Subject: Re: [rt.cpan.org #120088] Need support for perl without . in @INC in Makefile.PL
Date: Thu, 1 Nov 2018 10:38:34 -0600
To: bug-File-NFSLock [...] rt.cpan.org
From: Rob Brown <bbb [...] cpan.org>
Download (untitled) / with headers
text/plain 748b
and change File-NFSLock.spec.PL line 21: do "$version_from"; to do "./$version_from"; On Thu, Nov 1, 2018 at 10:36 AM Rob Brown <bbb@cpan.org> wrote: Show quoted text
> I'm still having trouble seeing what the problem is. > > Maybe if I just change this line 32: > > do "Makefile.PL"; > > to this: > > do "./Makefile.PL"; > > On Thu, Nov 1, 2018 at 10:34 AM Todd Rinaldo via RT < > bug-File-NFSLock@rt.cpan.org> wrote: >
>> Queue: File-NFSLock >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=120088 > >> >> On Thu Nov 01 12:32:04 2018, ETHER wrote:
>> > Instead of adding PERL_USE_UNSAFE_INC=1 into the Makefile, why not add >> > './' to File-NFSLock.spec.PL's path?
>> >> >> I agree with ether. That was an old suggestion. >>
>
Download (untitled) / with headers
text/plain 102b
You can enable travis-ci if you want to see it on newer perls. would you like a pull request for this?
Download (untitled) / with headers
text/plain 197b
On Thu Nov 01 12:41:32 2018, TODDR wrote: Show quoted text
> You can enable travis-ci if you want to see it on newer perls. would > you like a pull request for this?
https://github.com/hookbot/File-NFSLock/pull/4
Download (untitled) / with headers
text/plain 197b
On Thu Nov 01 12:41:32 2018, TODDR wrote: Show quoted text
> You can enable travis-ci if you want to see it on newer perls. would > you like a pull request for this?
https://github.com/hookbot/File-NFSLock/pull/4
RT-Send-CC: bbb [...] cpan.org
Download (untitled) / with headers
text/plain 552b
On Thu Nov 01 12:49:28 2018, TODDR wrote: Show quoted text
> On Thu Nov 01 12:41:32 2018, TODDR wrote:
> > You can enable travis-ci if you want to see it on newer perls. would > > you like a pull request for this?
> https://github.com/hookbot/File-NFSLock/pull/4
Okay, I was able to enable Travis-CI to verify the problems. I've also patched the code to avoid using that deprecated PERL_USE_UNSAFE_INC too. And I tested the new version using Travis and it appears to be all good. Pushed fixes into File::NFSLock 1.29 so it passes with all version of Perl now. THANKS!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.