Package: release.debian.org
Control: affects -1 + src:eperl
X-Debbugs-Cc: eperl@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: trixie
Severity: normal
[ Reason ]
eperl 2.2.15-1, when used with Perl 5.40,
in scenarios most likely to happen when running under CGI,
truncates the environment block to just 1 variable,
rendering it basically useless for that purpose.
[ Impact ]
Regressing to no functional eperl CGI in trixie.
[ Tests ]
This test was developed for and under trixie, see the test log under
https://bugs.debian.org/1114004#10
consisting of
echo '<? foreach my $var (keys %ENV) {print "$var = $ENV{$var}\n"; } !>' > b.phtml
env -i GATEWAY_INTERFACE=CGI/1.1 PATH_TRANSLATED="$PWD/b.phtml" eperl
I reproduce these results when building this dsc on trixie.
[ Risks ]
The change is trivial and cannot regress.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The upstream patch for this is imported.
[ Other info ]
From a surface analysis, the patch should be a no-op, but it isn't.
I haven't managed to ascertain what's /actually/ going on in libperl to
damage the environment block, just how to make it stop.
I put the package on https://mentors.debian.net/package/eperl/
If this update is approved, it will need to be uploaded by a DD.
diff -Nru eperl-2.2.15/debian/changelog eperl-2.2.15/debian/changelog
--- eperl-2.2.15/debian/changelog 2024-11-17 23:10:38.000000000 +0100
+++ eperl-2.2.15/debian/changelog 2025-09-09 20:05:41.000000000 +0200
@@ -1,3 +1,12 @@
+eperl (2.2.15-1+bpo13u1) trixie; urgency=medium
+
+ * Debian Team upload.
+ * d/p/0003: Pass environ to PERL_SYS_INIT()/perl_parse() implicitly
+ instead of explicitly to avoid the script getting
+ a truncated environment on Perl 5.40 (Closes: #1114004)
+
+ -- наб <nabijaczleweli@nabijaczleweli.xyz> Tue, 09 Sep 2025 20:05:41 +0200
+
eperl (2.2.15-1) unstable; urgency=medium
* Team upload of Debian team
diff -Nru eperl-2.2.15/debian/patches/0003-Pass-environ-to-PERL_SYS_INIT-perl_parse-implicitly-.patch eperl-2.2.15/debian/patches/0003-Pass-environ-to-PERL_SYS_INIT-perl_parse-implicitly-.patch
--- eperl-2.2.15/debian/patches/0003-Pass-environ-to-PERL_SYS_INIT-perl_parse-implicitly-.patch 1970-01-01 01:00:00.000000000 +0100
+++ eperl-2.2.15/debian/patches/0003-Pass-environ-to-PERL_SYS_INIT-perl_parse-implicitly-.patch 2025-09-09 20:05:41.000000000 +0200
@@ -0,0 +1,61 @@
+From 2b37e0ea0f5af8558e1e4de7f7b4f954ccd0aa56 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Tue, 9 Sep 2025 16:52:30 +0200
+Subject: [PATCH] Pass environ to PERL_SYS_INIT()/perl_parse() implicitly
+ instead of explicitly to avoid the script getting a truncated environment on
+ Perl 5.40
+Origin: upstream
+Bug-Debian: https://bugs.debian.org/1114004
+Applied-Upstream: 2.2.16, commit:2b37e0ea0f5af8558e1e4de7f7b4f954ccd0aa56
+
+1. echo '<? foreach my $var (keys %ENV) {print "$var = $ENV{$var}\n"; } !>' > b.phtml
+2. env -i GATEWAY_INTERFACE=CGI/1.1 PATH_TRANSLATED="$PWD/b.phtml" ./eperl
+3. env -i GATEWAY_INTERFACE=CGI/1.1 PATH_TRANSLATED="$PWD/b.phtml" ./eperl -x
+4. env -i GATEWAY_INTERFACE=CGI/1.1 PATH_TRANSLATED="$PWD/b.phtml" ./eperl ''
+
+3/4 will have the whole environment on bookworm and trixie.
+2 will have the whole environment on bookworm (libperl5.36:i386 5.36.0-7+deb12u2)
+but will only have one variable on trixie (libperl5.40:i386 5.40.1-6).
+
+The arguments have no effect on the generated code, environment,
+or libperl parameters.
+
+If you add
+ if(!argv[optind]) argv[optind]="";
+to main() after the getopt() loop,
+turning the argument sexion of the environment block
+from (2, {"./eperl", NULL}) to (2, {"./eperl", ""}),
+2 will also have the whole environment on trixie.
+
+This can be reproduced from the host process:
+inspecting environ after perl_parse() also shows a truncated environment.
+
+Fixes: https://bugs.debian.org/1114004
+---
+ eperl_perl5.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/eperl_perl5.c b/eperl_perl5.c
+index 9e66772..a46679a 100644
+--- a/eperl_perl5.c
++++ b/eperl_perl5.c
+@@ -126,14 +126,14 @@ int Perl5_Run(int myargc, char **myargv, enum runtime_mode mode, bool fCheck, bo
+
+
+ /* now allocate the Perl interpreter */
+- PERL_SYS_INIT3(&myargc, &myargv, &environ);
++ PERL_SYS_INIT(&myargc, &myargv);
+ my_perl = perl_alloc();
+ perl_construct(my_perl);
+
+ /* now parse the script!
+ NOTICE: At this point, the script gets
+ only _parsed_, not evaluated/executed! */
+- rc = perl_parse(my_perl, Perl5_XSInit, myargc, myargv, environ);
++ rc = perl_parse(my_perl, Perl5_XSInit, myargc, myargv, NULL);
+ if (rc != 0) {
+ IO_restore_stderr();
+ stdfd_thread_cu(&perlstderr, &stderr_thread);
+--
+2.39.5
+
diff -Nru eperl-2.2.15/debian/patches/series eperl-2.2.15/debian/patches/series
--- eperl-2.2.15/debian/patches/series 2024-11-17 23:10:38.000000000 +0100
+++ eperl-2.2.15/debian/patches/series 2025-09-09 20:05:41.000000000 +0200
@@ -1,2 +1,3 @@
0001-Forward-configure-prefix-to-mod-Makefile.PL-configur.patch
0002-Forward-configure-C-CPP-LD-FLAGS-to-mod-Makefile.PL-.patch
+0003-Pass-environ-to-PERL_SYS_INIT-perl_parse-implicitly-.patch
Attachment:
signature.asc
Description: PGP signature