diff options
author | Aurelien Jarno <aurelien@aurel32.net> | 2016-09-05 22:53:22 +0200 |
---|---|---|
committer | Aurelien Jarno <aurelien@aurel32.net> | 2016-09-05 22:53:22 +0200 |
commit | 6d5336211d2e823d4d431a01e62a80d9be4cbc9d (patch) | |
tree | f88714118815a95a2552e8b3b385bfe36cc5b878 /malloc | |
parent | ead3cea7d8948113fe205243acbddbda609de5c9 (diff) | |
download | glibc-6d5336211d2e823d4d431a01e62a80d9be4cbc9d.tar.gz glibc-6d5336211d2e823d4d431a01e62a80d9be4cbc9d.tar.xz glibc-6d5336211d2e823d4d431a01e62a80d9be4cbc9d.zip |
conform tests: call perl with '-I.'
Historically perl includes the current directory in the module search path. Over the time this has been considered as a security issue and the recent vulnerabilities [1] made people to reconsider this behaviour. It is almost sure that this will be removed in the future [2], possibly for the 5.26 release, although this is not yet firmly decided. Debian has decided to backport the patches [3], so the perl binary in unstable do not have '.' in @INC anymore. This behaviour is used in the conform perl scripts to include the GlibcConform module. This patch fixes that by calling perl with '-I.'. This is not a security issue in this case as make ensures that the current directory is $(srcdir)/conform/ when the scripts are called. Passing the full path would do exactly the same. [1] CVE-2016-1238 CVE-2016-6185 [2] https://rt.perl.org/Public/Bug/Display.html?id=127810 [3] https://lists.debian.org/debian-devel-announce/2016/08/msg00013.html Changelog: * conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL). (linknamespace-symlists-tests): Likewise. (linknamespace-header-tests): Likewise.
Diffstat (limited to 'malloc')
0 files changed, 0 insertions, 0 deletions