| 1 |
I posted a tested ebuild for perl this afternoon to address an rmtree |
| 2 |
vulnerability in File::Path. This ebuild was tested on 3 arches and 6 |
| 3 |
boxes total without an issue - the patch was to the .pm file, code that |
| 4 |
isn't touched by perl until you invoke it with your own perl code (ie, |
| 5 |
not compiled code that might be swayed by arch differences, gcc |
| 6 |
differences, what have you). |
| 7 |
|
| 8 |
Turns out, though, there was a flaw in my ordering of the patch. The |
| 9 |
patched File::Path invokes Errno.pm, which typically isn't created until |
| 10 |
after File::Path is built into your perl during the make phase. Because |
| 11 |
Errno.pm didn't exist yet in the chroot, it was pulling it from folks' |
| 12 |
installed perl. One of the first things in this particular module is to |
| 13 |
check that the kernel and platform hardcoded in it at perl build time |
| 14 |
match what was used during the original install of your current perl |
| 15 |
according to Config.pm. No problem - unless you've changed kernel |
| 16 |
versions. Because during the make process the file is sourced by perl, |
| 17 |
and during that sourcing (ok, not the right word, but I'm talking to |
| 18 |
you, the masses) it attempted to require, or pull in, the Errno.pm, and |
| 19 |
failing to find a new one in the unpacked source, it pulled the one on |
| 20 |
the main system. And therein began the mess. Two values that would |
| 21 |
normally never appear to perl to be out of sync were suddenly horribly |
| 22 |
wrong on any box that had had a kernel upgrade since the last perl |
| 23 |
install. |
| 24 |
|
| 25 |
This is now fixed by moving the patch to post install in image, but |
| 26 |
prior to the install on your filesystem. I have to give thanks to jat, a |
| 27 |
user on irc who talked me down a few times and inadvertently gave me the |
| 28 |
inspiration to move the patch (rather than the messy solutions I was |
| 29 |
considering), and to seemant, who without question or hesitation offered |
| 30 |
me root on a broken box so I could properly work this out so quickly. |
| 31 |
Without either of them I wouldn't have gotten it so soon. |
| 32 |
|
| 33 |
So for those of you who sync'd this afternoon, please re-sync. If you |
| 34 |
tried to emerge perl and got a weird message about kernel versions |
| 35 |
mismatching, and want to add your gripes in bug 84868, that's fine, but |
| 36 |
sync again and you will be all set. |
| 37 |
|
| 38 |
I have to say, this is the first time in almost two years that I've |
| 39 |
managed to break perl. Gotta count for something that its been so long |
| 40 |
:) |
| 41 |
|
| 42 |
-Michael |
Archives