about summary refs log tree commit diff
path: root/malloc
diff options
context:
space:
mode:
authorAurelien Jarno <aurelien@aurel32.net>2016-09-05 22:53:22 +0200
committerAurelien Jarno <aurelien@aurel32.net>2016-09-05 22:53:22 +0200
commit6d5336211d2e823d4d431a01e62a80d9be4cbc9d (patch)
treef88714118815a95a2552e8b3b385bfe36cc5b878 /malloc
parentead3cea7d8948113fe205243acbddbda609de5c9 (diff)
downloadglibc-6d5336211d2e823d4d431a01e62a80d9be4cbc9d.tar.gz
glibc-6d5336211d2e823d4d431a01e62a80d9be4cbc9d.tar.xz
glibc-6d5336211d2e823d4d431a01e62a80d9be4cbc9d.zip
conform tests: call perl with '-I.'
Historically perl includes the current directory in the module search
path. Over the time this has been considered as a security issue and
the recent vulnerabilities [1] made people to reconsider this behaviour.
It is almost sure that this will be removed in the future [2], possibly
for the 5.26 release, although this is not yet firmly decided.

Debian has decided to backport the patches [3], so the perl binary in
unstable do not have '.' in @INC anymore.

This behaviour is used in the conform perl scripts to include the
GlibcConform module. This patch fixes that by calling perl with '-I.'.
This is not a security issue in this case as make ensures that the
current directory is $(srcdir)/conform/ when the scripts are called.
Passing the full path would do exactly the same.

[1] CVE-2016-1238 CVE-2016-6185
[2] https://rt.perl.org/Public/Bug/Display.html?id=127810
[3] https://lists.debian.org/debian-devel-announce/2016/08/msg00013.html

Changelog:
	* conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
	(linknamespace-symlists-tests): Likewise.
	(linknamespace-header-tests): Likewise.
Diffstat (limited to 'malloc')
0 files changed, 0 insertions, 0 deletions