X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Flib%2FRT.pm;fp=rt%2Flib%2FRT.pm;h=91aeb15900681fe9dbafd4b6c8cd1e89d13c2e23;hp=069309dc77a2ec858ad31f78139ff6d3eedffa1c;hb=de9d037528895f7151a9aead6724ce2df95f9586;hpb=b226bc6bd81f999176cdbfa53a799033ff0a0307

diff --git a/rt/lib/RT.pm b/rt/lib/RT.pm
index 069309dc7..91aeb1590 100644
--- a/rt/lib/RT.pm
+++ b/rt/lib/RT.pm
@@ -2,7 +2,7 @@
 #
 # COPYRIGHT:
 #
-# This software is Copyright (c) 1996-2016 Best Practical Solutions, LLC
+# This software is Copyright (c) 1996-2017 Best Practical Solutions, LLC
 #                                          <sales@bestpractical.com>
 #
 # (Except where explicitly superseded by other copyright notices)
@@ -81,6 +81,10 @@ use vars qw($BasePath
  $MasonDataDir
  $MasonSessionDir);
 
+# Set Email::Address module var before anything else loads.
+# This avoids an algorithmic complexity denial of service vulnerability.
+# See T#157608 and CVE-2015-7686 for more information.
+$Email::Address::COMMENT_NEST_LEVEL = 1;
 
 RT->LoadGeneratedData();
 
@@ -765,6 +769,7 @@ sub InstallMode {
 sub LoadGeneratedData {
     my $class = shift;
     my $pm_path = ( File::Spec->splitpath( $INC{'RT.pm'} ) )[1];
+    $pm_path = File::Spec->rel2abs( $pm_path );
 
     require "$pm_path/RT/Generated.pm" || die "Couldn't load RT::Generated: $@";
     $class->CanonicalizeGeneratedPaths();
@@ -964,7 +969,9 @@ sub Deprecated {
 Please report them to rt-bugs@bestpractical.com, if you know what's
 broken and have at least some idea of what needs to be fixed.
 
-If you're not sure what's going on, report them rt-devel@lists.bestpractical.com.
+If you're not sure what's going on, start a discussion in the RT Developers
+category on the community forum at L<https://forum.bestpractical.com> or
+send email to sales@bestpractical.com for professional assistance.
 
 =head1 SEE ALSO