rpms/perl
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix taint mode documentation regarding @INC

Browse Source
This commit is contained in:
Petr Písař 2019-11-12 16:38:03 +01:00
parent cd3b6fccc2
commit ae6efa261e
3 changed files with 86 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
perl-5.31.5-Be-clearer-about-taint-s-effect-on-INC.patch Normal file
View File

@ -0,0 +1,32 @@
From a1c1fa25b1b25efb11cc8f987e007d4dd20056bc Mon Sep 17 00:00:00 2001
From: Dave Cross <dave@dave.org.uk>
Date: Wed, 23 Oct 2019 12:50:01 +0100
Subject: [PATCH] Be clearer about taint's effect on @INC.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pod/perlsec.pod | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 0682674143..a631981ba5 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -269,8 +269,9 @@ problem will be reported:
Insecure dependency in require while running with -T switch
On versions of Perl before 5.26, activating taint mode will also remove
-the current directory (".") from C<@INC>. Since version 5.26, the
-current directory isn't included in C<@INC>.
+the current directory (".") from the default value of C<@INC>. Since
+version 5.26, the current directory isn't included in C<@INC> by
+default.
=head2 Cleaning Up Your Path
--
2.21.0

45
perl-5.31.5-Fix-taint-mode-INC-documentation.patch Normal file
View File

@ -0,0 +1,45 @@
From f73351928dfa1d1d564d3f7b8e63c5281ed835ee Mon Sep 17 00:00:00 2001
From: Dave Cross <dave@dave.org.uk>
Date: Tue, 22 Oct 2019 14:24:13 +0100
Subject: [PATCH] Fix taint mode @INC documentation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Explain that -T no longer removes '.' from @INC because, since
5.26, '.' isn't in @INC to start with.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pod/perlsec.pod | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index b210445685..0682674143 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -245,8 +245,8 @@ Unix-like environments that support #! and setuid or setgid scripts.)
=head2 Taint mode and @INC
-When the taint mode (C<-T>) is in effect, the "." directory is removed
-from C<@INC>, and the environment variables C<PERL5LIB> and C<PERLLIB>
+When the taint mode (C<-T>) is in effect, the environment variables
+C<PERL5LIB> and C<PERLLIB>
are ignored by Perl. You can still adjust C<@INC> from outside the
program by using the C<-I> command line option as explained in
L<perlrun>. The two environment variables are ignored because
@@ -268,6 +268,10 @@ problem will be reported:
Insecure dependency in require while running with -T switch
+On versions of Perl before 5.26, activating taint mode will also remove
+the current directory (".") from C<@INC>. Since version 5.26, the
+current directory isn't included in C<@INC>.
+
=head2 Cleaning Up Your Path
For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to
--
2.21.0

9
perl.spec
View File

@ -268,6 +268,10 @@ Patch63: perl-5.30.1-perl-125557-correctly-handle-overload-for-bin-oct-fl
# in upstream after 5.31.4 # in upstream after 5.31.4
Patch64: perl-5.31.4-Handle-undefined-values-correctly.patch Patch64: perl-5.31.4-Handle-undefined-values-correctly.patch
# Fix taint mode documentation regarding @INC, in upstream after 5.31.5
Patch65: perl-5.31.5-Fix-taint-mode-INC-documentation.patch
Patch66: perl-5.31.5-Be-clearer-about-taint-s-effect-on-INC.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2853,6 +2857,8 @@ rm -rf .git # Perl tests examine a git repository
%patch62 -p1 %patch62 -p1
%patch63 -p1 %patch63 -p1
%patch64 -p1 %patch64 -p1
%patch65 -p1
%patch66 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -2912,6 +2918,8 @@ perl -x patchlevel.h \
'Fedora Patch62: Fix a detection for futimes (RT#134432)' \ 'Fedora Patch62: Fix a detection for futimes (RT#134432)' \
'Fedora Patch63: Fix overloading for binary and octal floats (RT#125557)' \ 'Fedora Patch63: Fix overloading for binary and octal floats (RT#125557)' \
'Fedora Patch64: Fix handling undefined array members in Dumpvalue (RT#134441)' \ 'Fedora Patch64: Fix handling undefined array members in Dumpvalue (RT#134441)' \
'Fedora Patch65: Fix taint mode documentation regarding @INC' \
'Fedora Patch66: Fix taint mode documentation regarding @INC' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5160,6 +5168,7 @@ popd
* Tue Nov 12 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.1-448 * Tue Nov 12 2019 Petr Pisar <ppisar@redhat.com> - 4:5.30.1-448
- Fix overloading for binary and octal floats (RT#125557) - Fix overloading for binary and octal floats (RT#125557)
- Fix handling undefined array members in Dumpvalue (RT#134441) - Fix handling undefined array members in Dumpvalue (RT#134441)
- Fix taint mode documentation regarding @INC
* Mon Nov 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.1-447 * Mon Nov 11 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4:5.30.1-447
- 5.30.1 bump (see <https://metacpan.org/pod/release/SHAY/perl-5.30.1/pod/perldelta.pod> - 5.30.1 bump (see <https://metacpan.org/pod/release/SHAY/perl-5.30.1/pod/perldelta.pod>