-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Bruce Dubbs wrote: > It looks like 2071 says that we need to add -Dvendorprefix=/usr to > the configuration process, but configure.gnu doesn't support it. > > <...> > > Are there any comments about this? Should I just drop in these > instructions?
My only comment is that I've just tested perl-5.10.0's configure.gnu script, and it appears to pass those options through to Configure. Maybe this changed since that comment was added to the bug, but I see this (as a test): $ ./configure.gnu --prefix=/usr -Dman1dir=/usr/share/man/man1 - -Dman3dir=/usr/share/man/man3 -Dpager="/usr/bin/less -isR" - -Dvendorprefix=/usr sh Configure -ds -e -Dprefix=/usr -Dman1dir=/usr/share/man/man1 - -Dman3dir=/usr/share/man/man3 -Dpager=/usr/bin/less -isR -Dvendorprefix=/usr <...> Installation prefix to use for vendor-supplied add-ons? (~name ok) [/usr] Pathname for the vendor-supplied library files? (~name ok) [/usr/lib/perl5/vendor_perl/5.10.0] <...> I'm sure the other options (that Dan uses) could be added as well. It looks like configure.gnu simply passes along everything it doesn't have specific handling code for. So my vote would be to pass -Dvendorprefix to configure.gnu (to fix the bug), and perhaps more of Dan's args, unless that fails for anyone. :-) > The second ticket, 2227, concerns a group of patches, including one > reasonably severe security patch. This seems to be fixed in the > existing patch. The question is whether we really need to add any > additional perl patches. I'm not terribly inclined to add them (unless they fix holes), so I suppose I have a slight preference to leaving at least some of them out. Yes, it may be nice to have the test for the security fix, but it's not terribly important if the hole is actually closed. On the other hunks of Robert's patch, I don't know (except for the one that duplicates the fix to the rmtree bug: that one isn't needed). Of the Debian bug list: - - Our perl-5.10.0-security_fix-1.patch fixes the rmtree bug. - - Useless warnings: who cares. - - Segfault: Bad, and the fix isn't terribly hard (see the Debian bug[0] for a patch[1]). - - Memory corruption: Also bad; the fix is a one-liner (see [2]). [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498769 [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=498769.patch;att=1;bug=498769 [2] http://rt.perl.org/rt3/Public/Bug/Display.html?id=54934 > There seem to be a lot of patches, but they are not consolidated. I > can't tell which are meaningful and which are not. I'm tempted to > mark this wontfix. The two patches (from the three links above) seem best to me. That should at least fix the (theoretically-maybe-exploitable) bugs; I'm much less concerned about the useless warnings. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkkH5IIACgkQS5vET1Wea5zFGgCfWOrZ6kDOqig/o3vQBI3rzol3 5r8AoLQV7XqsxVZUOhQRdHSHRGeayD2q =yTc2 -----END PGP SIGNATURE----- -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
