Quotes argument lists to be used in Win32 in several different situations. Windows passes its arguments as a single string instead of an array as other platforms do. In almost all cases, the standard Win32 CommandLineToArgvW function is used to parse this string. cmd.exe has different rules for handling quoting, so extra work has to be done if it is involved. It isn't possible to consistantly create a single string that will be handled the same by cmd.exe and the stardard parsing rules. Perl will try to detect if you need the shell by detecting shell metacharacters. The routine that checks that uses different quoting rules from both cmd.exe and the native Win32 parsing. Extra work must therefore be done to protect against this autodetection.
Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.
The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.
Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.
Problem reports, updates or suggestions for this package should be reported with send-pr.