Re: MakeMaker 6.31 + Debian stable == th3 br0ken
Michael G Schwern wrote in perl.makemaker : Before I get a zillion bug reports about this... as a result of a lightly broken security fix, Debian stable ships with a slightly broken File::Path::rmtree() that cannot delete read-only directories. Ubuntu may also be effected. This causes an ExtUtils::Command test to fail. If I remember correctly, this patch hasn't been applied in blead or in maint ?
Re: MakeMaker 6.31 + Debian stable == th3 br0ken
On Fri, Oct 27, 2006 at 08:15:24AM -, Rafael Garcia-Suarez wrote: Michael G Schwern wrote in perl.makemaker : Before I get a zillion bug reports about this... as a result of a lightly broken security fix, Debian stable ships with a slightly broken File::Path::rmtree() that cannot delete read-only directories. Ubuntu may also be effected. This causes an ExtUtils::Command test to fail. If I remember correctly, this patch hasn't been applied in blead or in maint ? In turn IIRC I think that it was because it was *nix specific, and no-one had the time to offer a portable version. There are a lot of little grotty jobs in the core development that just aren't getting done because there aren't fun or simple, so aren't very rewarding for the volunteers involved. To which I should append my thanks to Schwern for continuing to volunteer his time to deal with the non-small, not-fun job of herding MakeMaker. Nicholas Clark
Re: MakeMaker 6.31 + Debian stable == th3 br0ken
Rafael Garcia-Suarez wrote: Michael G Schwern wrote in perl.makemaker : Before I get a zillion bug reports about this... as a result of a lightly broken security fix, Debian stable ships with a slightly broken File::Path::rmtree() that cannot delete read-only directories. Ubuntu may also be effected. This causes an ExtUtils::Command test to fail. If I remember correctly, this patch hasn't been applied in blead or in maint ? I believe an equivalent patch was. [ 23953] By: rgs on 2005/02/09 09:28:19 Log: Patch for CAN-2004-0452 by Jeroen van Wolffelaar. The rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack. Branch: perl ! lib/File/Path.pm And here's the Debian patch file from perl-base stable for comparison. http://ftp.debian.org/debian/pool/main/p/perl/perl_5.8.4-8sarge5.diff.gz perl-base in testing contains no such patch. http://ftp.debian.org/debian/pool/main/p/perl/perl_5.8.8-6.1.diff.gz I haven't reported this upstream, I don't have a Debian stable box handy at the moment.
