diff -Nru libmodule-load-conditional-perl-0.64/CHANGES libmodule-load-conditional-perl-0.68/CHANGES --- libmodule-load-conditional-perl-0.64/CHANGES 2015-01-17 13:34:30.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/CHANGES 2016-07-29 07:02:03.000000000 +0000 @@ -1,3 +1,11 @@ +0.68 Fri Jul 29 08:01:12 BST 2016 + +* Fix unconditional @INC localisation + +0.66 Wed Jul 27 08:22:53 BST 2016 + +* Add FORCE_SAFE_INC option to fix CVE-2016-1238 + 0.64 Sat Jan 17 13:33:57 GMT 2015 * Resolve an edge-case with DEPRECATED diff -Nru libmodule-load-conditional-perl-0.64/debian/changelog libmodule-load-conditional-perl-0.68/debian/changelog --- libmodule-load-conditional-perl-0.64/debian/changelog 2015-06-13 15:22:28.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/debian/changelog 2016-07-29 23:08:20.000000000 +0000 @@ -1,3 +1,22 @@ +libmodule-load-conditional-perl (0.68-1) unstable; urgency=medium + + * Team upload. + + [ Salvatore Bonaccorso ] + * debian/control: Use HTTPS transport protocol for Vcs-Git URI + + [ gregor herrmann ] + * debian/copyright: change Copyright-Format 1.0 URL to HTTPS. + + [ Nick Morrott ] + * Imported Upstream version 0.68 + * Add debian/upstream/metadata + * Update upstream contact details + * Bump debhelper compatibility to version 9 + * Bump Standards-Version to 3.9.8 (no changes) + + -- Nick Morrott Fri, 29 Jul 2016 14:50:51 +0100 + libmodule-load-conditional-perl (0.64-1) unstable; urgency=medium [ Salvatore Bonaccorso ] diff -Nru libmodule-load-conditional-perl-0.64/debian/compat libmodule-load-conditional-perl-0.68/debian/compat --- libmodule-load-conditional-perl-0.64/debian/compat 2012-08-09 12:38:16.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/debian/compat 2016-07-29 23:08:20.000000000 +0000 @@ -1 +1 @@ -8 +9 diff -Nru libmodule-load-conditional-perl-0.64/debian/control libmodule-load-conditional-perl-0.68/debian/control --- libmodule-load-conditional-perl-0.64/debian/control 2015-06-13 15:22:06.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/debian/control 2016-07-29 23:08:20.000000000 +0000 @@ -9,12 +9,12 @@ Daniel Kahn Gillmor Section: perl Priority: optional -Build-Depends: debhelper (>= 8) +Build-Depends: debhelper (>= 9) # Module::Load 0.28 -> perl 5.19.8 Build-Depends-Indep: perl (>= 5.19.8) -Standards-Version: 3.9.6 +Standards-Version: 3.9.8 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-perl/packages/libmodule-load-conditional-perl.git -Vcs-Git: git://anonscm.debian.org/pkg-perl/packages/libmodule-load-conditional-perl.git +Vcs-Git: https://anonscm.debian.org/git/pkg-perl/packages/libmodule-load-conditional-perl.git Homepage: https://metacpan.org/release/Module-Load-Conditional Testsuite: autopkgtest-pkg-perl diff -Nru libmodule-load-conditional-perl-0.64/debian/copyright libmodule-load-conditional-perl-0.68/debian/copyright --- libmodule-load-conditional-perl-0.64/debian/copyright 2014-04-11 20:21:27.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/debian/copyright 2016-07-29 23:08:20.000000000 +0000 @@ -1,6 +1,6 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Module-Load-Conditional -Upstream-Contact: Jos Boumans +Upstream-Contact: Chris Williams Source: https://metacpan.org/release/Module-Load-Conditional Files: * diff -Nru libmodule-load-conditional-perl-0.64/debian/upstream/metadata libmodule-load-conditional-perl-0.68/debian/upstream/metadata --- libmodule-load-conditional-perl-0.64/debian/upstream/metadata 1970-01-01 00:00:00.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/debian/upstream/metadata 2016-07-29 23:08:20.000000000 +0000 @@ -0,0 +1,7 @@ +--- +Archive: CPAN +Bug-Database: https://rt.cpan.org/Public/Dist/Display.html?Name=Module-Load-Conditional +Contact: Chris Williams +Name: Module-Load-Conditional +Repository: https://github.com/jib/module-load-conditional.git +Repository-Browse: https://github.com/jib/module-load-conditional diff -Nru libmodule-load-conditional-perl-0.64/lib/Module/Load/Conditional.pm libmodule-load-conditional-perl-0.68/lib/Module/Load/Conditional.pm --- libmodule-load-conditional-perl-0.64/lib/Module/Load/Conditional.pm 2015-01-17 13:33:40.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/lib/Module/Load/Conditional.pm 2016-07-29 07:01:00.000000000 +0000 @@ -19,14 +19,15 @@ BEGIN { use vars qw[ $VERSION @ISA $VERBOSE $CACHE @EXPORT_OK $DEPRECATED - $FIND_VERSION $ERROR $CHECK_INC_HASH]; + $FIND_VERSION $ERROR $CHECK_INC_HASH $FORCE_SAFE_INC ]; use Exporter; @ISA = qw[Exporter]; - $VERSION = '0.64'; + $VERSION = '0.68'; $VERBOSE = 0; $DEPRECATED = 0; $FIND_VERSION = 1; $CHECK_INC_HASH = 0; + $FORCE_SAFE_INC = 0; @EXPORT_OK = qw[check_install can_load requires]; } @@ -201,6 +202,8 @@ ### so scan the dirs unless( $filename ) { + local @INC = @INC[0..$#INC-1] if $FORCE_SAFE_INC && $INC[-1] eq '.'; + DIR: for my $dir ( @INC ) { my $fh; @@ -307,6 +310,7 @@ } if ( $DEPRECATED and "$]" >= 5.011 ) { + local @INC = @INC[0..$#INC-1] if $FORCE_SAFE_INC && $INC[-1] eq '.'; require Module::CoreList; require Config; @@ -444,6 +448,8 @@ if ( $CACHE->{$mod}->{uptodate} ) { + local @INC = @INC[0..$#INC-1] if $FORCE_SAFE_INC && $INC[-1] eq '.'; + if ( $args->{autoload} ) { my $who = (caller())[0]; eval { autoload_remote $who, $mod }; @@ -509,6 +515,8 @@ return undef; } + local @INC = @INC[0..$#INC-1] if $FORCE_SAFE_INC && $INC[-1] eq '.'; + my $lib = join " ", map { qq["-I$_"] } @INC; my $oneliner = 'print(join(qq[\n],map{qq[BONG=$_]}keys(%INC)),qq[\n])'; my $cmd = join '', qq["$^X" $lib -M$who -e], QUOTE, $oneliner, QUOTE; @@ -562,6 +570,12 @@ The default is 0; +=head2 $Module::Load::Conditional::FORCE_SAFE_INC + +This controls whether C sanitises C<@INC> +by removing "C<.>". The current default setting is C<0>, but this +may change in a future release. + =head2 $Module::Load::Conditional::CACHE This holds the cache of the C function. If you explicitly diff -Nru libmodule-load-conditional-perl-0.64/META.json libmodule-load-conditional-perl-0.68/META.json --- libmodule-load-conditional-perl-0.64/META.json 2015-01-17 13:35:20.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/META.json 2016-07-29 07:05:19.000000000 +0000 @@ -4,7 +4,7 @@ "Jos Boumans " ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 7.04, CPAN::Meta::Converter version 2.143240", + "generated_by" : "ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 2.150005", "license" : [ "perl_5" ], @@ -47,5 +47,6 @@ "url" : "https://github.com/jib/module-load-conditional" } }, - "version" : "0.64" + "version" : "0.68", + "x_serialization_backend" : "JSON::PP version 2.27400" } diff -Nru libmodule-load-conditional-perl-0.64/META.yml libmodule-load-conditional-perl-0.68/META.yml --- libmodule-load-conditional-perl-0.64/META.yml 2015-01-17 13:35:20.000000000 +0000 +++ libmodule-load-conditional-perl-0.68/META.yml 2016-07-29 07:05:19.000000000 +0000 @@ -7,7 +7,7 @@ configure_requires: ExtUtils::MakeMaker: '0' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 7.04, CPAN::Meta::Converter version 2.143240' +generated_by: 'ExtUtils::MakeMaker version 7.18, CPAN::Meta::Converter version 2.150005' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -26,4 +26,5 @@ version: '0.69' resources: repository: https://github.com/jib/module-load-conditional -version: '0.64' +version: '0.68' +x_serialization_backend: 'CPAN::Meta::YAML version 0.018'