Security Advisories (1)

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

NAME

Porting/sync-with-cpan - Synchronize with CPAN distributions

SYNOPSIS

sh ./Configure
perl Porting/sync-with-cpan <module>

where module is the name it appears in the %Modules hash of Porting/Maintainers.pl

DESCRIPTION

Script to help out with syncing cpan distros.

Does the following:

Fetches the package list from CPAN. Finds the current version of the given package. [1]
Downloads the relevant tarball; unpacks the tarball. [1]
Clean out the old directory (git clean -dfx)
Moves the old directory out of the way, moves the new directory in place.
Restores any .gitignore file.
Removes files from @IGNORE and EXCLUDED
git add any new files.
git rm any files that are gone.
Remove the +x bit on files in t/
Remove the +x bit on files that don't have it enabled in the current dir
Restore files mentioned in CUSTOMIZED
Updates the contents of MANIFEST
Runs a make (assumes a configure has been run)
Cleans up
Runs tests for the package
Runs the porting tests

[1] If the --tarball option is given, then CPAN is not consulted. --tarball should be the path to the tarball; the version is extracted from the filename -- but can be overwritten by the --version option.

OPTIONS

--jobs N

When running make, pass a -jN option to it to enable parallel building.

Note that you can also set TEST_JOBS=N in the environment to enable parallel *testing* on top of parallel *building*.

--yes

Just continue at all places where we would normally ask for the user to hit enter or hit CTL-C, with the exception of cases related to CUSTOMIZED distributions, where this option will cause the update to exit immediately unless the --force option has also been used.

--force

Do things we normally would refuse to do.

--tarball

Use a predownloaded tarball and not one from CPAN. Example:

perl Porting/sync-with-cpan Text-Tabs+Wrap \
    --tarball /tmp/Text-Tabs+Wrap-2024.001.tar.gz \
    --yes

--version

Sync with a specific version, not the latest on CPAN.

--no-test

--nt

Do not run tests. This is helpful for bulk updates.

--help

Show help.

TODO

Optional, run a full test suite
Handle complicated FILES

This is an initial version; no attempt has been made yet to make this portable. It shells out instead of trying to find a Perl solution. In particular, it assumes git, perl, and make to be available.

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

TODO

Module Install Instructions

Keyboard Shortcuts