[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#862901: release-notes: further update to perl @INC change

Package: release-notes
Severity: normal


Further to #859129, please consider this additional patch which refers
to a possible workaround for local issues, and freshly-minted upstream
documentation for developers on the topic.

Index: en/issues.dbk
--- en/issues.dbk   (revision 11492)
+++ en/issues.dbk   (working copy)
@@ -710,6 +710,25 @@
           <literal>require()</literal>, <literal>do()</literal> etc., where the
           arguments are files in the current directory.
+        <!-- the link below is temporary; this would ideally point to
+             perldoc.perl.org once 5.26.0 is released since that is more
+             stable -->
+        <para>
+          All perl programs and module shipped by Debian should have been
+          fixed to address any incompatibilities caused by the above; please
+          file bugs if this is not the case. As the change has now been made
+          in perl 5.26.0, third-party software should also start to be fixed.
+          Information about how to fix this issue for developers is provided
+          in the <ulink url="https://perl5.git.perl.org/perl.git/blob_plain/HEAD:/pod/perldelta.pod";>perl 5.26 release notes</ulink> (see the SECURITY section).
+        </para>
+        <para>
+          If needed you can temporarily reinstate <literal>.</literal> in
+          <literal>@INC</literal> globally by commenting out the line in
+          <filename>/etc/perl/sitecustomize.pl</filename> but you should
+          only do this with a understanding of the potential risks. This
+          workaround will be removed in &debian; &nextrelease;. You can
+          also set the <literal>PERL_USE_UNSAFE_INC</literal> environment
+          variable in a specific context which will have the same effect.               </para>

Reply to: