[debhelper-devel] Bug#833781: debhelper: please invoke perl build processes with -I. [CVE-2016-1238]

Dominic Hargreaves dom at earth.li
Mon Aug 8 15:42:29 UTC 2016 

Package: debhelper
Version: 9.20160709
Severity: serious
Justification: https://lists.debian.org/debian-release/2016/07/msg00476.html
User: debian-perl at lists.debian.org
Usertags: perl-cwd-inc-removal

As per the referenced thread, we are going to remove '.' from @INC,
the perl module search path, by default, shortly. Please can you apply
something like the attached patches (which were uploaded as a security
update 9.20150101+deb8u2) at your earliest convenience? This will fix
a substantial number of FTBFS bugs resulting from such a change.

The attachments are from my local git repository which I used to 
prepare the jessie-security update, to import into the official repo
should you wish. This should make merging/cherry-picking easier.

Thanks,
Dominic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Invoke-Makefile.PL-and-Build.PL-with-perl-I.-as-part.patch
Type: text/x-diff
Size: 2150 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20160808/be719dda/attachment-0004.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Export-PERL_USE_UNSAFE_INC-to-fix-a-further-set-of-p.patch
Type: text/x-diff
Size: 1500 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20160808/be719dda/attachment-0005.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-releasing-package-debhelper-version-9.20150101-deb8u.patch
Type: text/x-diff
Size: 1071 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20160808/be719dda/attachment-0006.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Re-upload-to-security-master.patch
Type: text/x-diff
Size: 714 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20160808/be719dda/attachment-0007.patch>

More information about the debhelper-devel mailing list