This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d64af35)
Update Module-Load to CPAN version 0.22
authorChris 'BinGOs' Williams <chris@bingosnet.co.uk>
Wed, 5 Oct 2011 08:55:23 +0000 (09:55 +0100)
committerChris 'BinGOs' Williams <chris@bingosnet.co.uk>
Wed, 5 Oct 2011 11:12:59 +0000 (12:12 +0100)
  [DELTA]

  Changes for 0.22    Tue Oct  4 21:44:32 2011
  ============================================
  * Resolve possible security problem [http://goo.gl/YzHRU]
    where a '::' prefixed module can 'jump' out of @INC

Porting/Maintainers.pl patch | blob | blame | history
cpan/Module-Load/lib/Module/Load.pm patch | blob | blame | history
cpan/Module-Load/t/01_Module-Load.t patch | blob | blame | history
pod/perldelta.pod patch | blob | blame | history

diff --git a/Porting/Maintainers.pl b/Porting/Maintainers.pl
index 9589d1b..633f5d7 100755 (executable)
--- a/Porting/Maintainers.pl
+++ b/Porting/Maintainers.pl
@@ -1267,7 +1267,7 @@ use File::Glob qw(:case);
     'Module::Load' =>
        {
        'MAINTAINER'    => 'kane',
-       'DISTRIBUTION'  => 'BINGOS/Module-Load-0.20.tar.gz',
+       'DISTRIBUTION'  => 'BINGOS/Module-Load-0.22.tar.gz',
        'FILES'         => q[cpan/Module-Load],
        'UPSTREAM'      => 'cpan',
        },
diff --git a/cpan/Module-Load/lib/Module/Load.pm b/cpan/Module-Load/lib/Module/Load.pm
index 7087b5e..3a83c38 100644 (file)
--- a/cpan/Module-Load/lib/Module/Load.pm
+++ b/cpan/Module-Load/lib/Module/Load.pm
@@ -1,6 +1,6 @@
 package Module::Load;
 
-$VERSION = '0.20';
+$VERSION = '0.22';
 
 use strict;
 use File::Spec ();
@@ -49,6 +49,8 @@ sub _to_file{
 
     ## trailing blanks ignored by default. [rt #69886]
     my @parts = split /::/, $_, -1;
+    ## make sure that we can't hop out of @INC
+    shift @parts if @parts && !$parts[0];
 
     ### because of [perl #19213], see caveats ###
     my $file = $^O eq 'MSWin32'
diff --git a/cpan/Module-Load/t/01_Module-Load.t b/cpan/Module-Load/t/01_Module-Load.t
index 0aaed74..228b31d 100644 (file)
--- a/cpan/Module-Load/t/01_Module-Load.t
+++ b/cpan/Module-Load/t/01_Module-Load.t
@@ -17,6 +17,7 @@ use Test::More 'no_plan';
 {   my @Map = (
         # module               flag diagnostic
         [q|Must::Be::Loaded|,   1,  'module'],
+        [q|::Must::Be::Loaded|, 1,  'module'],
         [q|LoadMe.pl|,          0,  'file'  ],
         [q|LoadIt|,             1,  'ambiguous module'  ],
         [q|ToBeLoaded|,         0,  'ambiguous file'    ],
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 10d9fec..0271444 100644 (file)
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -112,11 +112,18 @@ L<ExtUtils::MakeMaker> has been upgraded from version 6.59 to version 6.61_01.
 
 =item *
 
-L<Unicode::Collate> has been upgraded from version 0.78 to version 0.79.
+L<ExtUtils::ParseXS> has been upgraded from version 3.04_04 to version 3.05.
 
 =item *
 
-L<ExtUtils::ParseXS> has been upgraded from version 3.04_04 to version 3.05.
+L<Module::Load> has been upgraded from version 0.20 to version 0.22.
+
+Resolve possible security problem [http://goo.gl/YzHRU] where a '::' prefixed
+module can 'jump' out of @INC
+
+=item *
+
+L<Unicode::Collate> has been upgraded from version 0.78 to version 0.79.
 
 =back
 
Unnamed repository; edit this file 'description' to name the repository.