f73e358558
Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This defect was found and reported by David Golden of MongoDB, and a patch was provided by Tony Cook. References: * https://rt.perl.org/Public/Bug/Display.html?id=126862 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
27 lines
750 B
Diff
27 lines
750 B
Diff
--- a/Makefile.SH
|
|
+++ b/Makefile.SH
|
|
@@ -316,22 +316,11 @@ MANIFEST_SRT = MANIFEST.srt
|
|
|
|
!GROK!THIS!
|
|
|
|
-case "$usecrosscompile$perl" in
|
|
-define?*)
|
|
- $spitshell >>$Makefile <<!GROK!THIS!
|
|
-# Macros to invoke a copy of our fully operational perl during the build.
|
|
-PERL_EXE = perl\$(EXE_EXT)
|
|
-RUN_PERL = \$(LDLIBPTH) \$(RUN) $perl\$(EXE_EXT)
|
|
-!GROK!THIS!
|
|
- ;;
|
|
-*)
|
|
- $spitshell >>$Makefile <<!GROK!THIS!
|
|
+$spitshell >>$Makefile <<!GROK!THIS!
|
|
# Macros to invoke a copy of our fully operational perl during the build.
|
|
PERL_EXE = perl\$(EXE_EXT)
|
|
-RUN_PERL = \$(LDLIBPTH) \$(RUN) ./perl\$(EXE_EXT) -Ilib
|
|
+RUN_PERL = \$(LDLIBPTH) \$(RUN) ./miniperl\$(EXE_EXT) -Ilib
|
|
!GROK!THIS!
|
|
- ;;
|
|
-esac
|
|
|
|
$spitshell >>$Makefile <<!GROK!THIS!
|
|
# Macros to run our tests
|