This repository was archived by the owner on Jun 1, 2023. It is now read-only.
This repository was archived by the owner on Jun 1, 2023. It is now read-only.
cpan #115808 XSLoader security #184
Description
sync our c code with 0.22
see https://rt.cpan.org/Ticket/Display.html?id=115808
Our code already had most of the old .pm problems already solved:
"(eval 1)" is already filtered out with cperl, just
relative #line filenames could lead to exploits with local shared libs.
make XSLoader fall back to Dynaloader’s @inc search if the calling file has a relative path that is not found in @inc
See http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee
(initial fix)
and http://perl5.git.perl.org/perl.git/commitdiff/a651dcdf6a9151150dcf0fb6b18849d3e39b0811
(Windows drive letters as abs)
One other occurance in B::Stash already fixed with 5f8a169