From f89ba93840393ade739b3a682eb9d0b3b858020f Mon Sep 17 00:00:00 2001 From: Todd Rinaldo <toddr@cpan.org> Date: Thu, 31 Mar 2016 17:04:42 -0500 Subject: Add PERL_USE_UNSAFE_INC support to EU::MM for fortify_inc support. This change allows the majority of Perl modules that cannot build/test/install without . in INC to be able to do so, while maintaining a safer perl under normal use. (Backported by Debian 5.20 by Niko Tyni <ntyni@debian.org>) Bug: https://rt.perl.org/Public/Bug/Display.html?id=127810 Patch-Name: debian/CVE-2016-1238/eumm-without-dot.diff --- cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm | 4 ++-- cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm index 6328e26..1cd920a 100644 --- a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm +++ b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm @@ -3462,7 +3462,7 @@ PERL_DL_NONLAZY set for tests. sub test_via_harness { my($self, $perl, $tests) = @_; - return $self->SUPER::test_via_harness("PERL_DL_NONLAZY=1 $perl", $tests); + return $self->SUPER::test_via_harness("PERL_DL_NONLAZY=1 PERL_USE_UNSAFE_INC=1 $perl", $tests); } =item test_via_script (override) @@ -3473,7 +3473,7 @@ Again, the PERL_DL_NONLAZY thing. sub test_via_script { my($self, $perl, $script) = @_; - return $self->SUPER::test_via_script("PERL_DL_NONLAZY=1 $perl", $script); + return $self->SUPER::test_via_script("PERL_DL_NONLAZY=1 PERL_USE_UNSAFE_INC=1 $perl", $script); } diff --git a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm index d5a1dd7..79c2ea2 100644 --- a/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm +++ b/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm @@ -5,6 +5,11 @@ use strict; BEGIN {require 5.006;} +# Assure anything called from Makefile.PL is allowed to have . in @INC. +BEGIN { + $ENV{PERL_USE_UNSAFE_INC} = 1; +} + require Exporter; use ExtUtils::MakeMaker::Config; use ExtUtils::MakeMaker::version; # ensure we always have our fake version.pm