[debhelper-devel] [debhelper] 01/01: Invoke Makefile.PL and Build.PL with perl -I. as part of the fixes for CVE-2016-1238

Niels Thykier nthykier at moszumanska.debian.org
Sun Jul 31 18:26:28 UTC 2016


This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository debhelper.

commit f7d8a068eb3394e76409535c8ebb7ab04758ef35
Author: Dominic Hargreaves <dom at earth.li>
Date:   Thu Jul 7 16:54:15 2016 +0200

    Invoke Makefile.PL and Build.PL with perl -I. as part of the fixes for CVE-2016-1238
    
    Signed-off-by: Niels Thykier <niels at thykier.net>
---
 Debian/Debhelper/Buildsystem/perl_build.pm     | 2 +-
 Debian/Debhelper/Buildsystem/perl_makemaker.pm | 2 +-
 debian/changelog                               | 3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Debian/Debhelper/Buildsystem/perl_build.pm b/Debian/Debhelper/Buildsystem/perl_build.pm
index 39c79e2..2d3e4ef 100644
--- a/Debian/Debhelper/Buildsystem/perl_build.pm
+++ b/Debian/Debhelper/Buildsystem/perl_build.pm
@@ -49,7 +49,7 @@ sub configure {
 	if ($ENV{LDFLAGS} && ! compat(8)) {
 		push @flags, "--config", "ld=$Config{ld} $ENV{CFLAGS} $ENV{LDFLAGS}";
 	}
-	$this->do_perl("Build.PL", "--installdirs", "vendor", @flags, @_);
+	$this->do_perl("-I.", "Build.PL", "--installdirs", "vendor", @flags, @_);
 }
 
 sub build {
diff --git a/Debian/Debhelper/Buildsystem/perl_makemaker.pm b/Debian/Debhelper/Buildsystem/perl_makemaker.pm
index a98e9e9..a3a57c5 100644
--- a/Debian/Debhelper/Buildsystem/perl_makemaker.pm
+++ b/Debian/Debhelper/Buildsystem/perl_makemaker.pm
@@ -55,7 +55,7 @@ sub configure {
 		push @flags, "LD=$Config{ld} $ENV{CFLAGS} $ENV{LDFLAGS}";
 	}
 
-	$this->doit_in_sourcedir("perl", "Makefile.PL", "INSTALLDIRS=vendor",
+	$this->doit_in_sourcedir("perl", "-I.", "Makefile.PL", "INSTALLDIRS=vendor",
 		# if perl_build is not tested first, need to pass packlist
 		# option to handle fallthrough case
 		(compat(7) ? "create_packlist=0" : ()),
diff --git a/debian/changelog b/debian/changelog
index 08c52e1..dfa3ca2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,9 @@ debhelper (9.20160709+unreleased) UNRELEASED; urgency=medium
   * dh_installinit,dh_systemd_start: Apply patches from
     Peter Pentchev to make -R default in compat 10 (as
     documented, but not as implemented).
+  * perl_{build,makemaker}.pm: Apply patch from Dominic
+    Hargreaves to explicitly pass -I. to perl.  This is to
+    assist with the fix for CVE-2016-1238.  (Closes: #832436)
 
  -- Niels Thykier <niels at thykier.net>  Sat, 09 Jul 2016 11:51:46 +0000
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debhelper/debhelper.git




More information about the debhelper-devel mailing list