diff mbox

conform tests: call perl with '-I.'

Message ID 20160903202223.14884-1-aurelien@aurel32.net
State New, archived
Headers

Commit Message

Aurelien Jarno Sept. 3, 2016, 8:22 p.m. UTC 
  Historically perl includes the current directory in the module search
path. Over the time this has been considered as a security issue and
the recent vulnerabilities [1] made people to reconsider this behaviour.
It is almost sure that this will be removed in the future [2], possibly
for the 5.26 release, although this is not yet firmly decided.

Debian has decided to backport the patches [3], so the perl binary in
unstable do not have '.' in @INC anymore.

This behaviour is used in the conform perl scripts to include the
GlibcConform module. This patch fixes that by calling perl with '-I.'.
This is not a security issue in this case as make ensures that the
current directory is $(srcdir)/conform/ when the scripts are called.
Passing the full path would do exactly the same.

[1] CVE-2016-1238 CVE-2016-6185
[2] https://rt.perl.org/Public/Bug/Display.html?id=127810
[3] https://lists.debian.org/debian-devel-announce/2016/08/msg00013.html

Changelog:
	* conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
	(linknamespace-symlists-tests): Likewise.
	(linknamespace-header-tests): Likewise.
---
 ChangeLog        | 6 ++++++
 conform/Makefile | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

Comments

Joseph Myers Sept. 5, 2016, 3:25 p.m. UTC | #1 
On Sat, 3 Sep 2016, Aurelien Jarno wrote:

> 	* conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
> 	(linknamespace-symlists-tests): Likewise.
> 	(linknamespace-header-tests): Likewise.

OK.
diff mbox

Patch

diff --git a/ChangeLog b/ChangeLog
index 07cc502..b9afb68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@ 
+2016-09-03  Aurelien Jarno  <aurelien@aurel32.net>
+
+	* conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
+	(linknamespace-symlists-tests): Likewise.
+	(linknamespace-header-tests): Likewise.
+
 2016-09-02  Roland McGrath  <roland@hack.frob.com>
 
 	* sysdeps/nacl/dup.c: Add libc_hidden_def.
diff --git a/conform/Makefile b/conform/Makefile
index 32a0937..b92a7d4 100644
--- a/conform/Makefile
+++ b/conform/Makefile
@@ -196,13 +196,13 @@  $(conformtest-header-tests): $(objpfx)%/conform.out: \
 			     conformtest.pl $(conformtest-headers-data)
 	(set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \
 	 mkdir -p $(@D)/scratch; \
-	 $(PERL) conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \
+	 $(PERL) -I. conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \
 		 --flags='$(conformtest-cc-flags)' --standard=$$std \
 		 --headers=$$hdr > $@); \
 	$(evaluate-test)
 
 $(linknamespace-symlists-tests): $(objpfx)symlist-%: list-header-symbols.pl
-	$(PERL) -w $< --tmpdir=$(objpfx) --cc='$(CC)' \
+	$(PERL) -I. -w $< --tmpdir=$(objpfx) --cc='$(CC)' \
 		--flags='$(conformtest-cc-flags)' --standard=$* \
 		--headers="$(strip $(conformtest-headers-$*))" \
 		> $@ 2> $@.err; \
@@ -232,7 +232,7 @@  $(linknamespace-header-tests): $(objpfx)%/linknamespace.out: \
 			       $(linknamespace-symlist-stdlibs-tests)
 	(set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \
 	 mkdir -p $(@D)/scratch; \
-	 $(PERL) -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \
+	 $(PERL) -I. -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \
 		 --flags='$(conformtest-cc-flags)' --standard=$$std \
 		 --stdsyms=$(objpfx)symlist-$$std --header=$$hdr \
 		 --libsyms=$(objpfx)symlist-stdlibs-$$std \