diff options
| author | Aurelien Jarno <aurelien@aurel32.net> | 2016-09-05 22:53:22 +0200 |
|---|---|---|
| committer | Florian Weimer <fw@deneb.enyo.de> | 2017-07-06 15:14:47 +0200 |
| commit | 605e6f9f4a4bf39416ac16fad1f41b5a93a0774d (patch) | |
| tree | 005c274060928991b4ad29826bc9639231a21694 | |
| parent | 8c04a738135e6267f21927588ae21b2eb48ca9da (diff) | |
| download | glibc-605e6f9f4a4bf39416ac16fad1f41b5a93a0774d.tar.gz | |
conform tests: call perl with '-I.'
Historically perl includes the current directory in the module search
path. Over the time this has been considered as a security issue and
the recent vulnerabilities [1] made people to reconsider this behaviour.
It is almost sure that this will be removed in the future [2], possibly
for the 5.26 release, although this is not yet firmly decided.
Debian has decided to backport the patches [3], so the perl binary in
unstable do not have '.' in @INC anymore.
This behaviour is used in the conform perl scripts to include the
GlibcConform module. This patch fixes that by calling perl with '-I.'.
This is not a security issue in this case as make ensures that the
current directory is $(srcdir)/conform/ when the scripts are called.
Passing the full path would do exactly the same.
[1] CVE-2016-1238 CVE-2016-6185
[2] https://rt.perl.org/Public/Bug/Display.html?id=127810
[3] https://lists.debian.org/debian-devel-announce/2016/08/msg00013.html
Changelog:
* conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
(linknamespace-symlists-tests): Likewise.
(linknamespace-header-tests): Likewise.
(cherry picked from commit 6d5336211d2e823d4d431a01e62a80d9be4cbc9d)
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | conform/Makefile | 6 |
2 files changed, 9 insertions, 3 deletions
@@ -1,3 +1,9 @@ +2016-09-05 Aurelien Jarno <aurelien@aurel32.net> + + * conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL). + (linknamespace-symlists-tests): Likewise. + (linknamespace-header-tests): Likewise. + 2017-07-06 Florian Weimer <fweimer@redhat.com> H.J. Lu <hongjiu.lu@intel.com> diff --git a/conform/Makefile b/conform/Makefile index 762aac98fc..7883624c81 100644 --- a/conform/Makefile +++ b/conform/Makefile @@ -196,13 +196,13 @@ $(conformtest-header-tests): $(objpfx)%/conform.out: \ conformtest.pl $(conformtest-headers-data) (set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \ mkdir -p $(@D)/scratch; \ - $(PERL) conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \ + $(PERL) -I. conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \ --flags='$(conformtest-cc-flags)' --standard=$$std \ --headers=$$hdr > $@); \ $(evaluate-test) $(linknamespace-symlists-tests): $(objpfx)symlist-%: list-header-symbols.pl - $(PERL) -w $< --tmpdir=$(objpfx) --cc='$(CC)' \ + $(PERL) -I. -w $< --tmpdir=$(objpfx) --cc='$(CC)' \ --flags='$(conformtest-cc-flags)' --standard=$* \ --headers="$(strip $(conformtest-headers-$*))" \ > $@ 2> $@.err; \ @@ -233,7 +233,7 @@ $(linknamespace-header-tests): $(objpfx)%/linknamespace.out: \ $(linknamespace-symlist-stdlibs-tests) (set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \ mkdir -p $(@D)/scratch; \ - $(PERL) -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \ + $(PERL) -I. -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \ --flags='$(conformtest-cc-flags)' --standard=$$std \ --stdsyms=$(objpfx)symlist-$$std --header=$$hdr \ --libsyms=$(objpfx)symlist-stdlibs-$$std \ |