From d14bde197eb0704c4172ad7113cc9c739487e724 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 24 Feb 2008 15:42:43 -0500 Subject: [PATCH] * Disable taint checking for all builds as people keep complaining about it, and since all versions of perl seem to be hopelessly broken. --- Makefile.PL | 2 +- README | 2 +- debian/changelog | 2 ++ debian/rules | 3 +-- doc/bugs/Insecure_dependency_in_utime.mdwn | 6 ++++++ po/ikiwiki.pot | 20 ++++++++++---------- 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/Makefile.PL b/Makefile.PL index cfaa6e6cd..6162743f3 100755 --- a/Makefile.PL +++ b/Makefile.PL @@ -23,7 +23,7 @@ PROBABLE_INST_LIB=$(shell \\ fi \\ ) -tflag=$(shell if [ "$$NOTAINT" != 1 ]; then printf -- "-T"; fi) +tflag=$(shell if [ -n "$$NOTAINT" ] && [ "$$NOTAINT" != 1 ]; then printf -- "-T"; fi) extramodules=$(shell if [ "$$PROFILE" = 1 ]; then printf -- "-MDevel::Profiler"; fi) ikiwiki.out: ikiwiki.in diff --git a/README b/README index ba632a300..488ef7191 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ A few special variables you can set while using the Makefile: PROFILE=1 turns on profiling for the build of the doc wiki. Uses Devel::Profile -NOTAINT=1 turns off the taint flag in the ikiwiki program. (Recommended +NOTAINT=0 turns on the taint flag in the ikiwiki program. (Not recommended unless your perl is less buggy than mine -- see http://bugs.debian.org/411786) diff --git a/debian/changelog b/debian/changelog index cd66d3c5b..093ca0f6c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -44,6 +44,8 @@ ikiwiki (2.40) UNRELEASED; urgency=low about any other files rendered due to the page. The scan also turns out to be unnecessary now, since meta persistently stores state and it's always available. So it was just removed. + * Disable taint checking for all builds as people keep complaining about it, + and since all versions of perl seem to be hopelessly broken. -- Josh Triplett Sun, 10 Feb 2008 13:18:58 -0800 diff --git a/debian/rules b/debian/rules index bf0c65a43..af33131d9 100755 --- a/debian/rules +++ b/debian/rules @@ -4,8 +4,7 @@ build: build-stamp build-stamp: dh_testdir perl Makefile.PL PREFIX=/usr INSTALLDIRS=vendor - # taint checking disabled due to perl bug #411786 - NOTAINT=1 $(MAKE) + $(MAKE) $(MAKE) test touch build-stamp diff --git a/doc/bugs/Insecure_dependency_in_utime.mdwn b/doc/bugs/Insecure_dependency_in_utime.mdwn index f10905849..de20385f6 100644 --- a/doc/bugs/Insecure_dependency_in_utime.mdwn +++ b/doc/bugs/Insecure_dependency_in_utime.mdwn @@ -6,3 +6,9 @@ This was in ikiwiki\_2.32.3. I worked-around this by doing: utime IkiWiki::possibly_foolish_untaint($change->{when}), IkiWiki::possibly_foolish_untaint($change->{when}), "$config{srcdir}/$file + +> Don't build ikiwiki with taint checking. It's known to be broken in +> apparently all versions of perl, apparently leaking taint flags at random. +> See [[Insecure_dependency_in_mkdir]] --[[Joey]] + +[[tag done]] diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot index 011ed3e98..1ccb583a7 100644 --- a/po/ikiwiki.pot +++ b/po/ikiwiki.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2008-02-11 23:03-0500\n" +"POT-Creation-Date: 2008-02-24 15:37-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -46,24 +46,24 @@ msgid "%s is not an editable page" msgstr "" #: ../IkiWiki/CGI.pm:384 ../IkiWiki/Plugin/brokenlinks.pm:24 -#: ../IkiWiki/Plugin/inline.pm:242 ../IkiWiki/Plugin/opendiscussion.pm:17 +#: ../IkiWiki/Plugin/inline.pm:237 ../IkiWiki/Plugin/opendiscussion.pm:17 #: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:95 #: ../IkiWiki/Render.pm:172 msgid "discussion" msgstr "" -#: ../IkiWiki/CGI.pm:431 +#: ../IkiWiki/CGI.pm:440 #, perl-format msgid "creating %s" msgstr "" -#: ../IkiWiki/CGI.pm:449 ../IkiWiki/CGI.pm:467 ../IkiWiki/CGI.pm:477 -#: ../IkiWiki/CGI.pm:511 ../IkiWiki/CGI.pm:555 +#: ../IkiWiki/CGI.pm:458 ../IkiWiki/CGI.pm:476 ../IkiWiki/CGI.pm:486 +#: ../IkiWiki/CGI.pm:520 ../IkiWiki/CGI.pm:564 #, perl-format msgid "editing %s" msgstr "" -#: ../IkiWiki/CGI.pm:644 +#: ../IkiWiki/CGI.pm:653 msgid "You are banned." msgstr "" @@ -209,20 +209,20 @@ msgstr "" msgid "unknown sort type %s" msgstr "" -#: ../IkiWiki/Plugin/inline.pm:201 +#: ../IkiWiki/Plugin/inline.pm:196 msgid "Add a new post titled:" msgstr "" -#: ../IkiWiki/Plugin/inline.pm:217 +#: ../IkiWiki/Plugin/inline.pm:212 #, perl-format msgid "nonexistant template %s" msgstr "" -#: ../IkiWiki/Plugin/inline.pm:250 ../IkiWiki/Render.pm:99 +#: ../IkiWiki/Plugin/inline.pm:245 ../IkiWiki/Render.pm:99 msgid "Discussion" msgstr "" -#: ../IkiWiki/Plugin/inline.pm:468 +#: ../IkiWiki/Plugin/inline.pm:463 msgid "RPC::XML::Client not found, not pinging" msgstr ""