From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-alpha@sourceware.org
Cc: Aurelien Jarno <aurelien@aurel32.net>
Subject: [PATCH] conform tests: call perl with '-I.'
Date: Sat, 03 Sep 2016 20:22:00 -0000 [thread overview]
Message-ID: <20160903202223.14884-1-aurelien@aurel32.net> (raw)
Historically perl includes the current directory in the module search
path. Over the time this has been considered as a security issue and
the recent vulnerabilities [1] made people to reconsider this behaviour.
It is almost sure that this will be removed in the future [2], possibly
for the 5.26 release, although this is not yet firmly decided.
Debian has decided to backport the patches [3], so the perl binary in
unstable do not have '.' in @INC anymore.
This behaviour is used in the conform perl scripts to include the
GlibcConform module. This patch fixes that by calling perl with '-I.'.
This is not a security issue in this case as make ensures that the
current directory is $(srcdir)/conform/ when the scripts are called.
Passing the full path would do exactly the same.
[1] CVE-2016-1238 CVE-2016-6185
[2] https://rt.perl.org/Public/Bug/Display.html?id=127810
[3] https://lists.debian.org/debian-devel-announce/2016/08/msg00013.html
Changelog:
* conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
(linknamespace-symlists-tests): Likewise.
(linknamespace-header-tests): Likewise.
---
ChangeLog | 6 ++++++
conform/Makefile | 6 +++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 07cc502..b9afb68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2016-09-03 Aurelien Jarno <aurelien@aurel32.net>
+
+ * conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
+ (linknamespace-symlists-tests): Likewise.
+ (linknamespace-header-tests): Likewise.
+
2016-09-02 Roland McGrath <roland@hack.frob.com>
* sysdeps/nacl/dup.c: Add libc_hidden_def.
diff --git a/conform/Makefile b/conform/Makefile
index 32a0937..b92a7d4 100644
--- a/conform/Makefile
+++ b/conform/Makefile
@@ -196,13 +196,13 @@ $(conformtest-header-tests): $(objpfx)%/conform.out: \
conformtest.pl $(conformtest-headers-data)
(set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \
mkdir -p $(@D)/scratch; \
- $(PERL) conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \
+ $(PERL) -I. conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \
--flags='$(conformtest-cc-flags)' --standard=$$std \
--headers=$$hdr > $@); \
$(evaluate-test)
$(linknamespace-symlists-tests): $(objpfx)symlist-%: list-header-symbols.pl
- $(PERL) -w $< --tmpdir=$(objpfx) --cc='$(CC)' \
+ $(PERL) -I. -w $< --tmpdir=$(objpfx) --cc='$(CC)' \
--flags='$(conformtest-cc-flags)' --standard=$* \
--headers="$(strip $(conformtest-headers-$*))" \
> $@ 2> $@.err; \
@@ -232,7 +232,7 @@ $(linknamespace-header-tests): $(objpfx)%/linknamespace.out: \
$(linknamespace-symlist-stdlibs-tests)
(set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \
mkdir -p $(@D)/scratch; \
- $(PERL) -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \
+ $(PERL) -I. -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \
--flags='$(conformtest-cc-flags)' --standard=$$std \
--stdsyms=$(objpfx)symlist-$$std --header=$$hdr \
--libsyms=$(objpfx)symlist-stdlibs-$$std \
--
2.9.3
next reply other threads:[~2016-09-03 20:22 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-03 20:22 Aurelien Jarno [this message]
2016-09-05 15:25 ` Joseph Myers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160903202223.14884-1-aurelien@aurel32.net \
--to=aurelien@aurel32.net \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).