* Work around perl taint checking bug #411786, where perl sometimes randomly

  sets the taint flag on untainted variables, by disabling taint checking
  in the deb. This sucks.

diff --git a/debian/changelog b/debian/changelog
index 3d9f01207cfbe3097b01df86dedc014cd759c492..fe3c6b16ce58d992c72e713b0cc77438062b956a 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -59,6 +59,9 @@ ikiwiki (2.16) UNRELEASED; urgency=low
   * Re-organise dependencies and recommends now that recommends are installed
     by default.
   * Don't refuse to render files with ".." in their name. (Anchor the regexp.)
+  * Work around perl taint checking bug #411786, where perl sometimes randomly
+    sets the taint flag on untainted variables, by disabling taint checking
+    in the deb. This sucks.
 
  -- Joey Hess <joeyh@debian.org>  Sun, 16 Dec 2007 16:55:23 -0500
 

diff --git a/debian/rules b/debian/rules
index af33131d9b92554414e67258a2aa397374ef5ce3..ef0e7f82780519992456c6b659a86a11cec73041 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -4,7 +4,8 @@ build: build-stamp
 build-stamp:
        dh_testdir
        perl Makefile.PL PREFIX=/usr INSTALLDIRS=vendor
-       $(MAKE)
+       # taint checking disabled due to perl bug #411786
+       $(MAKE) NOTAINT=1
        $(MAKE) test
        touch build-stamp
 

diff --git a/doc/bugs/Insecure_dependency_in_mkdir.mdwn b/doc/bugs/Insecure_dependency_in_mkdir.mdwn
index 4c7d8ebbe0cbb58a32e0887fda310397fba1b668..68fb2cb57eede7909993b9929796698b0ac8c5f1 100644 (file)
--- a/doc/bugs/Insecure_dependency_in_mkdir.mdwn
+++ b/doc/bugs/Insecure_dependency_in_mkdir.mdwn
@@ -59,5 +59,5 @@ I can't see any related entries. Any ideas?
 >> --[[Joey]]
 
 >> I'd forgotten about [this perl bug](http://bugs.debian.org/411786).
->> If your problem is that bug, I can't help, it's a real bug in perl.
->> --[[Joey]]
+>> All I can do is work around it by disabling the taint checking. :-(
+>> (Which I've [[done]].) --[[Joey]]