The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting

CVE-2021-24963: Changeset 2634373 – WordPress Plugin Repository

A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.

Permalink

**2** contributors

 ![@foxcpp](https://avatars.githubusercontent.com/u/37885127?s=48&v=4)![@Gusted](https://avatars.githubusercontent.com/u/25481501?s=48&v=4)

/\*

Maddy Mail Server - Composable all-in-one email server.

Copyright © 2019-2020 Max Mazurov <fox.cpp@disroot.org>, Maddy Mail Server contributors

This program is free software: you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation, either version 3 of the License, or

(at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program. If not, see <https://www.gnu.org/licenses/>.

\*/

package shadow

import (

"errors"

"fmt"

"time"

"github.com/GehirnInc/crypt"

\_ "github.com/GehirnInc/crypt/apr1\_crypt"

\_ "github.com/GehirnInc/crypt/md5\_crypt"

\_ "github.com/GehirnInc/crypt/sha256\_crypt"

\_ "github.com/GehirnInc/crypt/sha512\_crypt"

)

const secsInDay \= 86400

func (e \*Entry) IsAccountValid() bool {

if e.AcctExpiry \== \-1 {

return true

}

nowDays := int(time.Now().Unix() / secsInDay)

return nowDays < e.AcctExpiry

}

func (e \*Entry) IsPasswordValid() bool {

if e.LastChange \== \-1 || e.MaxPassAge \== \-1 || e.InactivityPeriod \== \-1 {

return true

}

nowDays := int(time.Now().Unix() / secsInDay)

return nowDays < e.LastChange+e.MaxPassAge+e.InactivityPeriod

}

func (e \*Entry) VerifyPassword(pass string) (err error) {

// Do not permit null and locked passwords.

if e.Pass \== "" {

return errors.New("verify: null password")

}

if e.Pass\[0\] \== '!' {

return errors.New("verify: locked password")

}

// crypt.NewFromHash may panic on unknown hash function.

defer func() {

if rcvr := recover(); rcvr != nil {

err \= fmt.Errorf("%v", rcvr)

}

}()

if err := crypt.NewFromHash(e.Pass).Verify(e.Pass, \[\]byte(pass)); err != nil {

if errors.Is(err, crypt.ErrKeyMismatch) {

return ErrWrongPassword

}

return err

}

return nil

}

CVE-2021-42583: maddy/verify.go at df40dce1284cd0fd0a9e8e7894029553d653d0a5 · foxcpp/maddy

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2021-44526: ServiceDesk Plus readme | Service desk release notes | ServiceDesk Plus latest version read me notes | IT service management release notes | Service desk current version

Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php.

CVE-2021-43678: GitHub - gaoming13/wechat-php-sdk: 微信公众平台php版开发包

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

CVE-2021-44145: Apache NiFi Security Reports

The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2.

1<?php2/\*3Plugin Name: Real WYSIWYG4Plugin URI: http://windyroad.org/software/wordpress/real-wysiwyg-plugin/5Description: Turn the TinyMCE Visual Editor in to a real WYSIWYG editor.6Version: 0.0.27Author: Windy Road8Author URI: http://windyroad.org910Copyright (C)2007 Windy Road1112This program is free software; you can redistribute it and/or13modify it under the terms of the GNU General Public License14as published by the Free Software Foundation; either version 215of the License, or (at your option) any later version.1617This program is distributed in the hope that it will be useful,18but WITHOUT ANY WARRANTY; without even the implied warranty of19MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the20GNU General Public License for more details.2122You should have received a copy of the GNU General Public License23along with this program; if not, write to the Free Software24Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.This work is licensed under a Creative Commons Attribution 2.5 Australia License http://creativecommons.org/licenses/by/2.5/au/2526\*/ 2728function real\_wysiwyg\_get\_theme\_styles() {29        $styles \= array();30        $styles\[\] \= get\_stylesheet\_uri();31        $styles \= array\_merge($styles, real\_wysiwyg\_extra\_styles() );32        return apply\_filters( 'real\_wysiwyg\_style\_sheets', $styles );33}3435function real\_wysiwyg\_get\_theme\_styles\_ie() {36        $styles \= array();37        $styles \= array\_merge($styles, real\_wysiwyg\_extra\_styles\_ie() );38        return apply\_filters( 'real\_wysiwyg\_style\_sheets\_ie', $styles );39}404142function real\_wysiwyg\_init\_options() {43        $css \= real\_wysiwyg\_extra\_css();44        $style\_sheets \= real\_wysiwyg\_get\_theme\_styles();45        $style\_sheets\_ie \= real\_wysiwyg\_get\_theme\_styles\_ie();46?>47var before\_real\_wysiwyg = null;48if( initArray.init\_instance\_callback == undefined ) {49        initArray.init\_instance\_callback = "on\_mce\_init\_real\_wysiwyg";50}51else {52        before\_real\_wysiwyg = initArray.init\_instance\_callback;53        initArray.init\_instance\_callback = "on\_mce\_init\_real\_wysiwyg";54}5556function on\_mce\_init\_real\_wysiwyg(inst) {57        if( before\_real\_wysiwyg != null ) {58                tinyMCE.settings\[ 'init\_instance\_callback' \] = before\_real\_wysiwyg;59                tinyMCE.dispatchCallback(inst, 'init\_instance\_callback', 'initInstance', inst);60                tinyMCE.settings\[ 'init\_instance\_callback' \] = "on\_mce\_init\_real\_wysiwyg";61        }62                <?php63                foreach( $style\_sheets as $style ) {64                        $style \= trim( $style );65                        if( !empty( $style ) ) {66                ?>67                tinyMCE.importCSS(inst.getDoc(),68                                                  '<?php echo $style ?>');69                        70                <?php71                        }72                } ?>73                if( navigator.userAgent.indexOf('MSIE 6') != -1  ) {74                        <?php foreach( $style\_sheets\_ie as $style ) {75                        $style \= trim( $style );76                        if( !empty( $style ) ) {77                ?>78                        tinyMCE.importCSS(inst.getDoc(),79                                                          '<?php echo $style ?>');80                <?php 81                        }82                } ?>83        }84        tinyMCE.importCSS(inst.getDoc(),85                                          '../wp-content/plugins/real-wysiwyg/extra-style.css.php?style=<?php echo urlencode( $css ) ?>');86        87}8889<?php90}9192if ( !function\_exists('wp\_nonce\_field') ) {93        define('REAL\_WYSIWYG\_NONCE', \-1);94    function real\_wysiwyg\_nonce\_field() { return; }        95} 96else {97        define('REAL\_WYSIWYG\_NONCE', 'real-wysiwyg-update-key');98    function real\_wysiwyg\_nonce\_field() { return wp\_nonce\_field(REAL\_WYSIWYG\_NONCE); }99}100101102add\_action('tinymce\_before\_init', 'real\_wysiwyg\_init\_options');103104function real\_wysiwyg\_save\_options( $curr\_options ) {105        // create array106        $mfg\_options \= $curr\_options;107        $mfg\_options\[ get\_stylesheet() \] \= array();108        $mfg\_options\[ get\_stylesheet() \]\['extra\_css'\] \= stripslashes( $\_POST\['real\_wysiwyg\_extra\_css'\] );109        $mfg\_options\[ get\_stylesheet() \]\['extra\_styles'\] \= explode( "\\n", stripslashes( $\_POST\['real\_wysiwyg\_extra\_styles'\] ) );110        $mfg\_options\[ get\_stylesheet() \]\['extra\_styles\_ie'\] \= explode( "\\n", stripslashes( $\_POST\['real\_wysiwyg\_extra\_styles\_ie'\] ) );111        if( $curr\_options != $mfg\_options )112                update\_option('real\_wysiwyg\_options', $mfg\_options);113        return $mfg\_options;114}115function  real\_wysiwyg\_extra\_css() {116        $real\_wysiwyg \= get\_option('real\_wysiwyg\_options');117        $extra\_css \= "";118        if( isset( $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_css" \] )119                && !empty( $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_css" \] ) ) {120                $extra\_css \= $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_css" \];121        }122        else if( get\_stylesheet() \== 'default' ) {123                $extra\_css \= <<<REAL\_WYSIWYG\_DATA124.mceContentBody {125        line-height:1.4em;126        text-align:justify;127        font-size:75%;128        margin:2.5ex auto;129        padding: 0pt;130        width:450px;131        background:transparent url('../../themes/default/images/kubrickbg-ltr.jpg') repeat-y scroll center top;132        background-color:#e7e7e7;133}134135.mceContentBody p {136        font-size:1.05em;137        line-height:1.34em;138}139140.mceContentBody ul li:before {141        content: "\\\\00BB \\\\0020";142}143144html>body.mceContentBody ul {145        list-style-image:none;146        list-style-position:outside;147        list-style-type:none;148        margin-left:0px;149        padding:0pt 0pt 0pt 10px;150        text-indent:-10px;151}152153html>body.mceContentBody li {154        margin:7px 0pt 8px 10px;155}156157158159.mceContentBody ol {160        padding: 0 0 0 35px;161        margin: 0;162}163164.mceContentBody ol li {165        margin: 0;166        padding: 0;167}168169.mceContentBody pre {170        font-family:'Courier New',Courier,Fixed;171        font-size:85%;172        line-height:1.65em;173}174175REAL\_WYSIWYG\_DATA;176        }177        else if( get\_stylesheet() \== 'classic' ) {178                        $extra\_css \= <<<REAL\_WYSIWYG\_DATA179.mceContentBody {180        border: none;181}182REAL\_WYSIWYG\_DATA;183        }184        return apply\_filters( 'real\_wysiwyg\_extra\_css', $extra\_css );185}186187function real\_wysiwyg\_extra\_styles() {188        $real\_wysiwyg \= get\_option('real\_wysiwyg\_options');189        $extra\_styles \= array();190        if( isset( $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_styles" \] ) ) {191                $extra\_styles \= $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_styles" \];192        }193        return $extra\_styles;194}195196function real\_wysiwyg\_extra\_styles\_ie() {197        $real\_wysiwyg \= get\_option('real\_wysiwyg\_options');198        $extra\_styles\_ie \= array();199        if( isset( $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_styles\_ie" \] ) ) {200                $extra\_styles\_ie \= $real\_wysiwyg\[ get\_stylesheet() \]\[ "extra\_styles\_ie" \];201        }202        return $extra\_styles\_ie;203        204}205206function real\_wysiwyg\_options\_page() { 207        $options \= get\_option('real\_wysiwyg\_options');208        if( isset( $\_GET\[ 'activated' \] ) && $\_GET\[ 'activated' \] \== "true" ){209                ?><div class="updated"><p><strong>Options saved.</strong></p></div><?php210        }211    ?><div class="wrap" id="real\_wysiwyg-options"><?php212                ?><h2>Real WYSIWYG Options</h2><?php213                ?><form method="post" action="<?php echo $\_SERVER\['PHP\_SELF'\]."?".$\_SERVER\['QUERY\_STRING'\]; ?>"><?php214                        ?><fieldset><?php215                                ?><input type="hidden" name="action" value="real\_wysiwyg\_save\_options" /><?php216                                                                217                                ?><p><label for="real\_wysiwyg\_extra\_css" style="font-weight: bold;"><?php \_e( 'Extra CSS:', REAL\_WYSIWYG\_DOMAIN ); ?></label><br/><?php218                                ?><textarea name="real\_wysiwyg\_extra\_css" rows='15' style="width: 100%"/><?php echo real\_wysiwyg\_extra\_css(); ?></textarea><br/><?php219                                ?>Add any css here for your current them, so it will display propery within a body element with a class of <code>.mceContentBody</code>.</p><?php220221                                ?><p><label for="real\_wysiwyg\_extra\_styles" style="font-weight: bold;"><?php \_e( 'Extra StyleSheets:', REAL\_WYSIWYG\_DOMAIN ); ?></label><br/><?php222                                ?><textarea name="real\_wysiwyg\_extra\_styles" rows='15' style="width: 100%"/><?php echo implode("\\n", real\_wysiwyg\_extra\_styles() ); ?></textarea><br/><?php223                                ?>If the theme you are using has more than one stylesheet, then you may need to add it here, seperated by a new line.</p><?php224225                                ?><p><label for="real\_wysiwyg\_extra\_styles\_ie" style="font-weight: bold;"><?php \_e( 'Extra StyleSheets for IE 6:', REAL\_WYSIWYG\_DOMAIN ); ?></label><br/><?php226                                ?><textarea name="real\_wysiwyg\_extra\_styles\_ie" rows='15' style="width: 100%"/><?php echo implode("\\n", real\_wysiwyg\_extra\_styles\_ie() ); ?></textarea><br/><?php227                                ?>If the theme you are using has stylesheets just for IE 6, then add them here, seperated by a new line.</p><?php228229                                real\_wysiwyg\_nonce\_field();230                        ?></fieldset><?php231                        ?><p class="submit"><?php232                                ?><input type="submit" name="submit" value="Update Options &raquo;" /><?php233                        ?></p><?php234                ?></form><?php235        ?></div><?php236}237238239function real\_wysiwyg\_add\_admin() {240        // Add a new menu under Options:241        add\_options\_page('Real WYSIWYG', 'Real WYSIWYG', 8, basename(\_\_FILE\_\_), 'real\_wysiwyg\_options\_page');242}243244add\_action('admin\_menu', 'real\_wysiwyg\_add\_admin');             // Insert the Admin panel.245246function real\_wysiwyg\_process\_options() {247        $curr\_options \= get\_option('real\_wysiwyg\_options');248        if ( isset($\_POST\['submit'\]) 249                && isset($\_POST\['action'\]) 250                && $\_POST\['action'\] \== 'real\_wysiwyg\_save\_options' ) {251252            if ( function\_exists('current\_user\_can') && !current\_user\_can('manage\_options') )253              die(\_\_('Cheatin uh?'));254        255            check\_admin\_referer(REAL\_WYSIWYG\_NONCE);256        257                real\_wysiwyg\_save\_options( $curr\_options );258                $url \= add\_query\_arg( 'activated', 'true', $\_SERVER\[ 'HTTP\_REFERER' \] );259                wp\_redirect( $url );260        }       261}262263add\_action('init', 'real\_wysiwyg\_process\_options'); //Process the post options for the admin page.264265?>

CVE-2021-39310: real-wysiwyg.php in real-wysiwyg/tags/0.0.2 – WordPress Plugin Repository

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

1<?php2/\*3Plugin Name: H5P CSS Editor4Plugin URI: 5Description: This plugin allow you to change the style of your H5P editor to match the style of your site.6Author: Ian Howatson7Version: 1.08Text Domain: h5p-css-editor9Author URI: 10Date: 02/03/20171112Copyright 2017 Ian Howatson  (email : ian@howatson.net)1314This program is free software; you can redistribute it and/or modify15it under the terms of the GNU General Public License, version 2, as 16published by the Free Software Foundation.1718This program is distributed in the hope that it will be useful,19but WITHOUT ANY WARRANTY; without even the implied warranty of20MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the21GNU General Public License for more details.2223You should have received a copy of the GNU General Public License24along with this program; if not, write to the Free Software25Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA26\*/27function h5p\_css\_editor(&$styles, $libraries, $mode) {28        if ($mode \=== 'editor') {29                $styles\[\] \= (object) array(30                        'path' \=> plugins\_url() . '/h5p-css-editor/h5p-css-editor.css',31                        'version' \=> '?ver=0.1'32                );33        }34}35add\_action('h5p\_alter\_library\_styles', 'h5p\_css\_editor', 10, 3);36add\_action('admin\_menu', 'h5p\_css\_editor\_submenu');37function h5p\_css\_editor\_submenu() {38        add\_menu\_page('H5P CSS Editor', 'H5P CSS Editor', 'manage\_options', 'hp5-css-editor', 'h5p\_css\_editor\_callback');39        //add\_submenu\_page( 'h5p', 'H5P CSS Editor', 'H5P CSS Editor', 'manage\_options', 'custompage', 'h5p\_css\_editor\_callback');40}41function h5p\_css\_editor\_callback() {42        if(isset($\_POST\['h5p-css-file'\])) file\_put\_contents(plugin\_dir\_path(\_\_FILE\_\_).'h5p-css-editor.css', $\_POST\['h5p-css-file'\]); 43        $css\_file \= file\_get\_contents(plugin\_dir\_path(\_\_FILE\_\_).'h5p-css-editor.css');44        ?>45        <h2><?php \_e('CSS Editor', 'h5p-css-editor'); ?></h2>46        <form enctype="multipart/form-data" method="post" action="#" >47                <table class="table form-table mdocs-settings-table">48                        <tr>49                                <td>50                                        <textarea rows="75" cols="100%" name="h5p-css-file"><?php echo $css\_file; ?></textarea><br>51                                        <input style="margin:15px;" type="submit" class="button-primary" value="<?php \_e('Save Changes','memphis-documents-library') ?>" />52                                </td>53                        </tr>54                </table>55        </form>56        <?php57}58?>

CVE-2021-39318: h5p-css-editor.php in h5p-css-editor/tags/1.0 – WordPress Plugin Repository

The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.

CVE-2021-39311: llm.php in link-list-manager/tags/1.0 – WordPress Plugin Repository

The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.

*   NAME
*   SYNOPSIS
*   INCOMPATIBILITY ALERT
*   DESCRIPTION
    *   Global Variables in package CPAN::Checksums
*   PREREQUISITES
*   BUGS
*   AUTHOR
*   COPYRIGHT & LICENSE
*   SEE ALSO

**NAME**

CPAN::Checksums - Write a `CHECKSUMS` file for a directory as on CPAN

**SYNOPSIS**

      use CPAN::Checksums qw(updatedir);
      my $success = updatedir($directory, $root);

**INCOMPATIBILITY ALERT**

Since version 1.0 the generation of the attribute `shortname` is turned off by default. It was too slow and was not used as far as I know, and above all, it could fail on large directories. The shortname feature can still be turned on by setting the global variable $TRY\_SHORTNAME to a true value.

**DESCRIPTION**

$success = updatedir($dir\[, $root\])

$dir is a directory. Updatedir() writes a `CHECKSUMS` file into that directory, unless a previously written `CHECKSUMS` file is there that is still valid. Returns 2 if a new `CHECKSUMS` file has been written, 1 if a valid `CHECKSUMS` file is already there, otherwise dies.

If $root is given, the hash entry with the key `cpan_path` is relative to this root directory.

Note: since version 2.0 updatedir on empty directories behaves just the same. In older versions it silently did nothing.

**Global Variables in package CPAN::Checksums**

$IGNORE\_MATCH

If the global variable $IGNORE\_MATCH is set, then all files matching this expression will be completely ignored and will not be included in the CPAN `CHECKSUMS` files. Per default this variable is set to

        qr{(?i-xsm:readme$)}

$CAUTION

Setting the global variable $CAUTION causes updatedir() to report changes of files in the attributes `size`, `mtime`, `md5`, or `md5-ungz` to STDERR.

$TRY\_SHORTNAME

By setting the global variable $TRY\_SHORTNAME to a true value, you can tell updatedir() to include an attribute `shortname` in the resulting hash that is 8.3-compatible. Please note, that updatedir() in this case may be slow and may even fail on large directories, because it will always only try 1000 iterations to find a name that is not yet taken and then give up.

$SIGNING\_KEY

Setting the global variable $SIGNING\_KEY makes the generated `CHECKSUMS` file to be clear-signed by the command specified in $SIGNING\_PROGRAM (defaults to `gpg --clearsign --default-key` ), passing the signing key as an extra argument. The resulting `CHECKSUMS` file should look like:

        0&&<<''; # this PGP-signed message is also valid perl
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1
    
        # CHECKSUMS file written on ... by CPAN::Checksums (v...)
        $cksum = {
            ...
        };
    
        __END__
        -----BEGIN PGP SIGNATURE-----
        ...
        -----END PGP SIGNATURE-----

note that the actual data remains intact, but two extra lines are added to make it legal for both OpenPGP and perl syntax.

$MIN\_MTIME\_CHECKSUMS

If the global variable $MIN\_MTIME\_CHECKSUMS is set, then updatedir will renew signatures on checksum files that have an older mtime than the given value.

**PREREQUISITES**

DirHandle, IO::File, Digest::MD5, Digest::SHA, Compress::Bzip2, Compress::Zlib, File::Spec, Data::Dumper, Data::Compare, File::Temp

**BUGS**

If updatedir is interrupted, it may leave a temporary file lying around. These files have the File::Temp template `CHECKSUMS.XXXX` and should be harvested by a cronjob.

**AUTHOR**

Andreas Koenig, andreas.koenig@anima.de; GnuPG support by Autrijus Tang

**COPYRIGHT & LICENSE**

Copyright (c) 2002-2008 Andreas Koenig, Audrey Tang, Steve Peters.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

**SEE ALSO**

perl(1).

CVE-2020-16155: CPAN::Checksums

CPAN 2.28 allows Signature Verification Bypass.

*   NAME
*   SYNOPSIS
*   DESCRIPTION
    *   Options
    *   Examples
    *   Environment variables
*   EXIT VALUES
*   TO DO
*   BUGS
*   SEE ALSO
*   SOURCE AVAILABILITY
*   CREDITS
*   AUTHOR
*   COPYRIGHT

**NAME**

cpan - easily interact with CPAN from the command line

**SYNOPSIS**

            # with arguments and no switches, installs specified modules
            cpan module_name [ module_name ... ]
    
            # with switches, installs modules with extra behavior
            cpan [-cfFimtTw] module_name [ module_name ... ]
    
            # use local::lib
            cpan -I module_name [ module_name ... ]
    
            # one time mirror override for faster mirrors
            cpan -p ...
    
            # with just the dot, install from the distribution in the
            # current directory
            cpan .
    
            # without arguments, starts CPAN.pm shell
            cpan
    
            # without arguments, but some switches
            cpan [-ahpruvACDLOPX]

**DESCRIPTION**

This script provides a command interface (not a shell) to CPAN. At the moment it uses CPAN.pm to do the work, but it is not a one-shot command runner for CPAN.pm.

**Options**

\-a

Creates a CPAN.pm autobundle with CPAN::Shell->autobundle.

\-A module \[ module ... \]

Shows the primary maintainers for the specified modules.

\-c module

Runs a \`make clean\` in the specified module's directories.

\-C module \[ module ... \]

Show the _Changes_ files for the specified modules

\-D module \[ module ... \]

Show the module details. This prints one line for each out-of-date module (meaning, modules locally installed but have newer versions on CPAN). Each line has three columns: module name, local version, and CPAN version.

\-f

Force the specified action, when it normally would have failed. Use this to install a module even if its tests fail. When you use this option, -i is not optional for installing a module when you need to force it:

            % cpan -f -i Module::Foo

\-F

Turn off CPAN.pm's attempts to lock anything. You should be careful with this since you might end up with multiple scripts trying to muck in the same directory. This isn't so much of a concern if you're loading a special config with `-j`, and that config sets up its own work directories.

\-g module \[ module ... \]

Downloads to the current directory the latest distribution of the module.

\-G module \[ module ... \]

UNIMPLEMENTED

Download to the current directory the latest distribution of the modules, unpack each distribution, and create a git repository for each distribution.

If you want this feature, check out Yanick Champoux's `Git::CPAN::Patch` distribution.

\-h

Print a help message and exit. When you specify `-h`, it ignores all of the other options and arguments.

\-i module \[ module ... \]

Install the specified modules. With no other switches, this switch is implied.

\-I

Load `local::lib` (think like `-I` for loading lib paths). Too bad `-l` was already taken.

\-j Config.pm

Load the file that has the CPAN configuration data. This should have the same format as the standard _CPAN/Config.pm_ file, which defines `$CPAN::Config` as an anonymous hash.

\-J

Dump the configuration in the same format that CPAN.pm uses. This is useful for checking the configuration as well as using the dump as a starting point for a new, custom configuration.

\-l

List all installed modules with their versions

\-L author \[ author ... \]

List the modules by the specified authors.

\-m

Make the specified modules.

\-M mirror1,mirror2,...

A comma-separated list of mirrors to use for just this run. The `-P` option can find them for you automatically.

\-n

Do a dry run, but don't actually install anything. (unimplemented)

\-O

Show the out-of-date modules.

\-p

Ping the configured mirrors and print a report

\-P

Find the best mirrors you could be using and use them for the current session.

\-r

Recompiles dynamically loaded modules with CPAN::Shell->recompile.

\-s

Drop in the CPAN.pm shell. This command does this automatically if you don't specify any arguments.

\-t module \[ module ... \]

Run a \`make test\` on the specified modules.

\-T

Do not test modules. Simply install them.

\-u

Upgrade all installed modules. Blindly doing this can really break things, so keep a backup.

\-v

Print the script version and CPAN.pm version then exit.

\-V

Print detailed information about the cpan client.

\-w

UNIMPLEMENTED

Turn on cpan warnings. This checks various things, like directory permissions, and tells you about problems you might have.

\-x module \[ module ... \]

Find close matches to the named modules that you think you might have mistyped. This requires the optional installation of Text::Levenshtein or Text::Levenshtein::Damerau.

\-X

Dump all the namespaces to standard output.

**Examples**

            # print a help message
            cpan -h
    
            # print the version numbers
            cpan -v
    
            # create an autobundle
            cpan -a
    
            # recompile modules
            cpan -r
    
            # upgrade all installed modules
            cpan -u
    
            # install modules ( sole -i is optional )
            cpan -i Netscape::Booksmarks Business::ISBN
    
            # force install modules ( must use -i )
            cpan -fi CGI::Minimal URI
    
            # install modules but without testing them
            cpan -Ti CGI::Minimal URI

**Environment variables**

There are several components in CPAN.pm that use environment variables. The build tools, ExtUtils::MakeMaker and Module::Build use some, while others matter to the levels above them. Some of these are specified by the Perl Toolchain Gang:

Lancaster Concensus: https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/lancaster-consensus.md

Oslo Concensus: https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/oslo-consensus.md

NONINTERACTIVE\_TESTING

Assume no one is paying attention and skips prompts for distributions that do that correctly. `cpan(1)` sets this to `1` unless it already has a value (even if that value is false).

PERL\_MM\_USE\_DEFAULT

Use the default answer for a prompted questions. `cpan(1)` sets this to `1` unless it already has a value (even if that value is false).

CPAN\_OPTS

As with `PERL5OPT`, a string of additional `cpan(1)` options to add to those you specify on the command line.

CPANSCRIPT\_LOGLEVEL

The log level to use, with either the embedded, minimal logger or Log::Log4perl if it is installed. Possible values are the same as the `Log::Log4perl` levels: `TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, and `FATAL`. The default is `INFO`.

GIT\_COMMAND

The path to the `git` binary to use for the Git features. The default is `/usr/local/bin/git`.

**EXIT VALUES**

The script exits with zero if it thinks that everything worked, or a positive number if it thinks that something failed. Note, however, that in some cases it has to divine a failure by the output of things it does not control. For now, the exit codes are vague:

            1       An unknown error
    
            2       The was an external problem
    
            4       There was an internal problem with the script
    
            8       A module failed to install

**TO DO**

\* one shot configuration values from the command line

**BUGS**

\* none noted

**SEE ALSO**

Most behaviour, including environment variables and configuration, comes directly from CPAN.pm.

**SOURCE AVAILABILITY**

This code is in Github in the CPAN.pm repository:

            https://github.com/andk/cpanpm

The source used to be tracked separately in another GitHub repo, but the canonical source is now in the above repo.

**CREDITS**

Japheth Cleaver added the bits to allow a forced install (-f).

Jim Brandt suggest and provided the initial implementation for the up-to-date and Changes features.

Adam Kennedy pointed out that exit() causes problems on Windows where this script ends up with a .bat extension

**AUTHOR**

brian d foy, `<bdfoy@cpan.org>`

**COPYRIGHT**

Copyright (c) 2001-2015, brian d foy, All Rights Reserved.

You may redistribute this under the same terms as Perl itself.

Tag

#redis