What on earth happened with Perl?

[Kenneth F. Cunningham]

Looks like it is a security issue, and has been back ported into at least some perl 5.24 versions.


<https://metacpan.org/pod/perl5260delta#Removal-of-the-current-directory-%28%22.%22%29-from-@INC>


<https://nvd.nist.gov/vuln/detail/CVE-2016-1238>

<https://stackoverflow.com/questions/46549671/doesnt-perl-include-current-directory-in-inc-by-default>


You can override this on your own system by setting an environment variable, amongst other methods.

<https://metacpan.org/pod/perl5260delta#Removal-of-the-current-directory-%28%22.%22%29-from-@INC>

Hope this helps at least a bit,

Ken




On 2018-03-11, at 5:52 PM, Dave Horsfall wrote:

> As the subject sez...
> 
> After being bitten by Perl 5.26 apparently being surreptitiously installed last week and breaking modules[*] in the process (@INC no longer includes "."), my regular Monday "port upgrade outdated" seemed to deactivate Perl 5.24 (and refusing to break some dependencies) and installed 5.26, which I thought it already did...
> 
> Before I post logs etc, could I please have a short summary as to what the hell is happening?  I can't be the only one being done over like this...
> 
> I note that FreeBSD is still conservatively staying with 5.24, and my Penguin box seems to be araldited onto 5.20, so why the rush for 5.26 that is known to be backwards-incompatible?
> 
> [*]
> At least mine still works after "-I." whilst I'm developing it...
> 
> -- 
> Dave Horsfall DTM (VK2KFU)  "Those who don't understand security will suffer."
> If you are a Gmail/Yahoo/etc user please see http://www.horsfall.org/spam.html