Your message dated Mon, 05 Sep 2016 05:00:03 +0000 with message-id <e1bgm0p-0004tc...@franck.debian.org> and subject line Bug#835181: fixed in libintl-perl 1.26-2 has caused the Debian Bug report #835181, regarding libintl-perl: FTBFS with '.' removed from perl's @INC to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 835181: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835181 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libintl-perl Version: 1.26-1 Severity: important User: debian-p...@lists.debian.org Usertags: perl-cwd-inc-removal Tags: patch Thanks for uploading 1.26-1 to remove the dynamic module loading vulnerability from libint-perl! Unfortunately, the next stage of addressing this set of vulnerabilities, by removing '.' from @INC by default, necessitates another patch. This package FTBFS when '.' is removed from @INC, as seen at [1]. Here is a patch: diff -urN libintl-perl-1.26.orig/Makefile.PL libintl-perl-1.26/Makefile.PL --- libintl-perl-1.26.orig/Makefile.PL 2016-05-16 20:31:26.000000000 +0100 +++ libintl-perl-1.26/Makefile.PL 2016-08-23 12:25:52.271805442 +0100 @@ -199,7 +199,7 @@ my $fragment = $self->SUPER::tools_other (@_); $fragment =~ s/^MOD_INSTALL\s*=\s*(.*?)-MExtUtils::Install - /MOD_INSTALL =$1-MMyInstall/msx; + /MOD_INSTALL =$1-I. -MMyInstall/msx; return $fragment; } This change is being made for security reasons; for more background, see #588017 and [2]. This bug will become RC when the perl package change removing '.' from @INC by default is uploaded to unstable, expected in a week or two. Thanks, Dominic. [1] <http://perl.debian.net/rebuild-logs/experimental/libintl-perl_1.26-1/libintl-perl_1.26-1_amd64-2016-08-23T11%3A14%3A26Z.build> [2] <https://lists.debian.org/debian-release/2016/07/msg00456.html>
--- End Message ---
--- Begin Message ---Source: libintl-perl Source-Version: 1.26-2 We believe that the bug you reported is fixed in the latest version of libintl-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 835...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Eisentraut <pet...@debian.org> (supplier of updated libintl-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 05 Sep 2016 02:27:29 +0000 Source: libintl-perl Binary: libintl-perl libintl-xs-perl Architecture: source all amd64 Version: 1.26-2 Distribution: unstable Urgency: medium Maintainer: Peter Eisentraut <pet...@debian.org> Changed-By: Peter Eisentraut <pet...@debian.org> Description: libintl-perl - Uniforum message translations system compatible i18n library libintl-xs-perl - Uniforum message translations system compatible i18n library Closes: 835181 Changes: libintl-perl (1.26-2) unstable; urgency=medium . * Add patch to handle removal of '.' from @INC (closes: #835181) Checksums-Sha1: 1983a8164c4f2bde34cdf02138370cd4e8c40f49 1838 libintl-perl_1.26-2.dsc 247e6360e5ef983d26def33dcf18d2259efd40bf 3944 libintl-perl_1.26-2.debian.tar.xz dea5acb1fd6b1507093cdf66ce4cf7d321cea2a5 755650 libintl-perl_1.26-2_all.deb 02ad02019672bc46e9dbc49744655d2e5775dcf6 34658 libintl-xs-perl-dbgsym_1.26-2_amd64.deb 26b1d0e83eda1e4cc73303f8b60918dc934e1eb4 39472 libintl-xs-perl_1.26-2_amd64.deb Checksums-Sha256: 0d989ce6ffa8344a116c88aa26763c1fe830338c4a1dab0b64b5938f22a69823 1838 libintl-perl_1.26-2.dsc 5dceffcc5f4f685fbe4401ca412dc1cc631a3a33965ba570c4f391e9b1bcbf91 3944 libintl-perl_1.26-2.debian.tar.xz aac326a21ece2e69824666f992dbae4d7162d56798c93bcc700f8594dd9dd1f4 755650 libintl-perl_1.26-2_all.deb b4484c3c23ceab37080a99d2f5c9e0ec463359690c4a77eb6f903e973ec0dda8 34658 libintl-xs-perl-dbgsym_1.26-2_amd64.deb a30cace8ec9fb603166e33915ed217feb313944e3002009f331b49820eec52ae 39472 libintl-xs-perl_1.26-2_amd64.deb Files: 314d23d46b5ff58b7db55d3914d4bf3d 1838 perl optional libintl-perl_1.26-2.dsc ac3950977aafa32f88fc16f6318ad38c 3944 perl optional libintl-perl_1.26-2.debian.tar.xz be513fca436a796cf71e16b1cc394640 755650 perl optional libintl-perl_1.26-2_all.deb 7edb629b0d9eed6583bccefe1e82fbb2 34658 debug extra libintl-xs-perl-dbgsym_1.26-2_amd64.deb 5c90a6f958b779e10c9c3fe8da6802be 39472 perl optional libintl-xs-perl_1.26-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXzNiTAAoJENHL8TuqPbtJOQgP+gJXDLJo7ocN2pU5nJUHZNAA GaI5hts6nl9LrdqRvMjfJnWn2kslGgfL8KWmfk4jsZk46GtuU1/v6ExcR05z+oeq 7qoj8jSmPiaNlY1WaL6ZTAXwBI5q6kU04Ge2glKOaB4LeSxV1cOsg+17D7g/5wAM MRA9xL8NPO2bz3vk+k/3j9cokfhnLvadTv+YookMVq/IHB8AahkdrpwcMuYtm575 7/5jjFBwI0p5VAHEP9ehGzdfnx21+p2snH8cIEMN9jTHClJKXUKjpVr/O5zfpHwh zaIDig8XSVO90VzUKOuGrU524hLXuQd+GXnKKj+PmxNum0dqogcH4Ke6cB4zOUXw A5I/JR4eqgGSdTXCMbaSMr5qzkfeep+zUTKn2y9E7znJB2b9tN77ET2hvesxcFff pldWzN1Lqq4l+xAtPuNS479vjH5zEVszdvZjWyhIUjgodl+xm/Ze3THOF8eh0JG4 G11+Pe44oUe9NFMZna4UP2gvB1qtgZ+vW6rSl2hrdTo5ULtr2n1eJxoOh9ouJCLM /0dOF+fmm6jXfzzCmzI3bTCYRHpH7uzegueS+GMXeDhFXMRQ9DVah1S8X7dZNYdS RB+SMMoTiKDf/do8199HaJszVou186A068rJ3BsFhFeIpwBfPtSCOychuxFghyUt lvpuCc1j7gg+hStqvAdo =8D1h -----END PGP SIGNATURE-----
--- End Message ---
