This is an automated email from the git hooks/post-receive script. jamessan pushed a commit to branch master in repository devscripts.
commit f0e038fb35afc364d47fb9a3c8cbf63f173057da Author: James McCoy <[email protected]> Date: Sun Aug 21 21:36:17 2016 -0400 Remove . from @INC when loading modules dynamically Signed-off-by: James McCoy <[email protected]> --- debian/changelog | 4 ++++ scripts/dcontrol.pl | 1 + scripts/desktop2menu.pl | 1 + scripts/dscverify.pl | 12 +----------- scripts/grep-excuses.pl | 1 + scripts/plotchangelog.pl | 1 + scripts/rmadison.pl | 1 + scripts/uscan.pl | 1 + 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/debian/changelog b/debian/changelog index badd0f4..4121dda 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,10 @@ devscripts (2.16.7) UNRELEASED; urgency=medium [ Christoph Berg ] * origtargz: Fix unpacking of tarballs found in --path. + [ James McCoy ] + * Remove . from @INC when loading modules dynamically. [CVE-2016-1238] + (Closes: #832441) + -- Paul Wise <[email protected]> Fri, 15 Jul 2016 22:36:19 +0800 devscripts (2.16.6) unstable; urgency=medium diff --git a/scripts/dcontrol.pl b/scripts/dcontrol.pl index f154b02..309e585 100755 --- a/scripts/dcontrol.pl +++ b/scripts/dcontrol.pl @@ -24,6 +24,7 @@ use File::Basename; use Getopt::Long qw(:config gnu_getopt); BEGIN { + pop @INC if $INC[-1] eq '.'; # Load the URI::Escape and LWP::UserAgent modules safely my $progname = basename($0,'.pl'); eval { require URI::Escape; }; diff --git a/scripts/desktop2menu.pl b/scripts/desktop2menu.pl index 47261ea..f915ec2 100755 --- a/scripts/desktop2menu.pl +++ b/scripts/desktop2menu.pl @@ -64,6 +64,7 @@ use File::Basename; my $progname = basename($0); BEGIN { + pop @INC if $INC[-1] eq '.'; # Load the File::DesktopEntry module safely eval { require File::DesktopEntry; }; if ($@) { diff --git a/scripts/dscverify.pl b/scripts/dscverify.pl index 07f3a5f..cb2946f 100755 --- a/scripts/dscverify.pl +++ b/scripts/dscverify.pl @@ -26,6 +26,7 @@ use strict; use warnings; use Cwd; use Fcntl; +use Digest::MD5; use Dpkg::IPC; use File::Spec; use File::Temp; @@ -34,17 +35,6 @@ use POSIX qw(:errno_h); use Getopt::Long qw(:config gnu_getopt); use List::Util qw(first); -BEGIN { - eval { require Digest::MD5; }; - if ($@) { - my $progname = basename $0; - if ($@ =~ /^Can\'t locate Digest\/MD5\.pm/) { - die "$progname: you must have the libdigest-md5-perl package installed\nto use this script\n"; - } - die "$progname: problem loading the Digest::MD5 module:\n $@\nHave you installed the libdigest-md5-perl package?\n"; - } -} - my $progname = basename $0; my $modified_conf_msg; my $Exit = 0; diff --git a/scripts/grep-excuses.pl b/scripts/grep-excuses.pl index 7b78560..d6b234a 100755 --- a/scripts/grep-excuses.pl +++ b/scripts/grep-excuses.pl @@ -32,6 +32,7 @@ my $term_size_broken; sub have_term_size { return ($term_size_broken ? 0 : 1) if defined $term_size_broken; + pop @INC if $INC[-1] eq '.'; # Load the Term::Size module safely eval { require Term::Size; }; if ($@) { diff --git a/scripts/plotchangelog.pl b/scripts/plotchangelog.pl index 3bf642a..df45814 100755 --- a/scripts/plotchangelog.pl +++ b/scripts/plotchangelog.pl @@ -32,6 +32,7 @@ use Fcntl; use Getopt::Long qw(:config gnu_getopt); BEGIN { + pop @INC if $INC[-1] eq '.'; eval { require Date::Parse; import Date::Parse (); }; if ($@) { my $progname = basename($0); diff --git a/scripts/rmadison.pl b/scripts/rmadison.pl index bae237e..390b8d8 100755 --- a/scripts/rmadison.pl +++ b/scripts/rmadison.pl @@ -24,6 +24,7 @@ use File::Basename; use Getopt::Long qw(:config gnu_getopt); BEGIN { + pop @INC if $INC[-1] eq '.'; # Load the URI::Escape module safely eval { require URI::Escape; }; if ($@) { diff --git a/scripts/uscan.pl b/scripts/uscan.pl index 73b2d35..68187fd 100755 --- a/scripts/uscan.pl +++ b/scripts/uscan.pl @@ -1703,6 +1703,7 @@ use Text::ParseWords; use Digest::MD5; BEGIN { + pop @INC if $INC[-1] eq '.'; eval { require LWP::UserAgent; }; if ($@) { my $progname = basename($0); -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
