Re: a few broken Perl packages

To: "Johnny C. Lam" <jlam%NetBSD.org@localhost>
Subject: Re: a few broken Perl packages
From: coypu%sdf.org@localhost
Date: Fri, 18 Aug 2017 11:31:41 +0000

On Thu, Aug 17, 2017 at 04:39:17PM +0000, Johnny C. Lam wrote:
> I was looking over the most recent Joyent bulk build results and it
> seems the following Perl packages are broken due to the change in
> Perl that removed "." from @INC.  Can someone who understands Perl
> take a look at the following six packages and fix them before the
> next pkgsrc quarterly branch?
> 
> 	chat/inspircd [1]
> 	chat/inspircd12 [2]
> 	devel/p5-PPI-PowerToys [3]
> 	sysutils/p5-Monitoring-Plugin [4]
> 	textproc/p5-Text-Xslate [5]
> 	www/SpeedyCGI [6]
> 
> [1] https://goo.gl/BeSWwQ
> [2] https://goo.gl/mJdMYk
> [3] https://goo.gl/K7WDEX
> [4] https://goo.gl/aRdYAd
> [5] https://goo.gl/TF6cmj
> [6] https://goo.gl/TqQSyH

I've made a mass commit to about 100 packages to set an environment
MAKE_ENV+=PERL_USE_UNSAFE_INC=1. it's a temporary hack they have.
looks like I have missed a few.

It's a subtle security issue that INC includes cwd (if it is setuid
root etc.) so they have done it, but there's loooots of perl.

python still does the unsaf einclude btw.

Follow-Ups:
- Re: a few broken Perl packages
  - From: Johnny C. Lam

References:
- a few broken Perl packages
  - From: Johnny C. Lam

Prev by Date: daily pkgsrc CVS update output
Next by Date: clamav build failure, pcre, pcre2, foo-config considered harmful
Previous by Thread: a few broken Perl packages
Next by Thread: Re: a few broken Perl packages
Indexes:

Home | Main Index | Thread Index | Old Index