Commit d2496990 authored by Niko Tyni's avatar Niko Tyni

Update description of base-pm-amends-pt2.diff

parents 90cfe707 12a52157
# see git-dpm(1) from git-dpm package
275e5dec730be629875c79a8e1a8b3f50392f565
275e5dec730be629875c79a8e1a8b3f50392f565
12a52157658e56796eb1ede38a2715f62242490f
12a52157658e56796eb1ede38a2715f62242490f
708ce0747a55640ef1136be276185cc1a5a82564
708ce0747a55640ef1136be276185cc1a5a82564
perl_5.20.2.orig.tar.bz2
......
From 275e5dec730be629875c79a8e1a8b3f50392f565 Mon Sep 17 00:00:00 2001
From 12a52157658e56796eb1ede38a2715f62242490f Mon Sep 17 00:00:00 2001
From: Aristotle Pagaltzis <pagaltzis@gmx.de>
Date: Mon, 13 Feb 2017 01:28:14 +0100
Subject: wip
Subject: Limit dotless-INC effect on base.pm with guard:
[latest version of base.pm no-dot-in-inc fix,
backported to Debian 5.20 by Niko Tyni]
This introduces a more refined and accurate solution for removing
'.' from @INC while reducing the false positives.
Origin: upstream, http://perl5.git.perl.org/perl.git/commit/2d156e07f936ea4f8ce46dee5ade17fe19dbbf29
The following explanation is roughly what is avaiable in the code
comments. If you stumble upon this and feel like the commit message
or the comments are not helpful enough, please introduce another
commit that adds more explanation or improve the code comments
(or both).
Using
if ($INC[-1] eq '.' && %{"$base\::"})
We decide that:
The package already exists => this an optional load
And: there is a dot at the end of @INC => we want to hide it
However: we only want to hide it during our *own* require()
(i.e. without affecting nested require()s).
So we add a hook to @INC whose job is to hide the dot, but which
first checks checks the callstack depth, because within nested
require()s the callstack is deeper.
Since CORE::GLOBAL::require makes it unknowable in advance what
the exact relevant callstack depth will be, we have to record it
inside a hook. So we put another hook just for that at the front
of @INC, where it's guaranteed to run -- immediately.
The dot-hiding hook does its job by sitting directly in front of
the dot and removing itself from @INC when reached. This causes
the dot to move up one index in @INC, causing the loop inside
pp_require() to skip it.
Loaded coded may disturb this precise arrangement, but that's OK
because the hook is inert by that time. It is only active during
the top-level require(), when @INC is in our control. The only
possible gotcha is if other hooks already in @INC modify @INC in
some way during that initial require().
Note that this jiggery hookery works just fine recursively: if
a module loaded via base.pm uses base.pm itself, there will be
one pair of hooks in @INC per base::import call frame, but the
pairs from different nestings do not interfere with each other.
(cherry picked from commit 571931bfa1120564fe207965f9ec2ea0f8bbbb8a)
[This is a forward-port, with improved commit message by Sawyer X
<xsawyerx@cpan.org>, of the commit that was cherry-picked into
maint-5.22 and maint-5.24 as commits a93da9a38c and 1afa289000
respectively.]
(cherry picked from commit fa71f6670dda393818d17f2f3bd2bee165347849)
[ backported to Debian 5.20 by Niko Tyni, patch description from
http://perl5.git.perl.org/perl.git/commit/2d156e07f936ea4f8ce46dee5ade17fe19dbbf29
]
Origin: backport, http://perl5.git.perl.org/perl.git/commit/1afa2890005f3acdb5794bc9ec34dfd0a7e54c28
Patch-Name: debian/CVE-2016-1238/base-pm-amends-pt2.diff
---
MANIFEST | 1 +
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment