Bug#758471: perl: regression in passing LDFLAGS to subdirectory builds
Niko Tyni
ntyni at debian.org
Sun Aug 17 20:21:19 UTC 2014
Package: perl
Version: 5.20.0-4
Severity: important
Tags: security
There seems to be a regression from the 5.18 packages in passing linker
build flags into subdirectory builds. At least libwx-perl is now built
with the default linker and flags in all its subdirectories, resulting in
"less hardenedness" (softening?).
The linker flags are passed from debhelper v9 packages inside the LD variable;
from /usr/share/perl5/Debian/Debhelper/Buildsystem/perl_makemaker.pm :
push @flags, "LD=$Config{ld} $ENV{CFLAGS} $ENV{LDFLAGS}";
For the Perl 5.18 packages, this needed a patch in ExtUtils::MakeMaker
to whitelist passing LD to subdirectory builds. See #660195.
The issue was discussed upstream in
https://rt.cpan.org/Public/Bug/Display.html?id=28632 and Bingos applied
my first patch in #660195, resulting in
https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/98e8532fffe5afa8186329acc44fb957427f1823
However, this wasn't what we had ended up using: I had come up with
a different and arguably cleaner patch in the meantime, named
debian/makemaker-pasthru.diff in the source package and viewable at
http://anonscm.debian.org/cgit/perl/perl.git/commit/?id=146be92c51771b84670911f5100936f1bdbcb8c6
At the time I clearly thought that these two were equivalent, so I
dropped our version when rebasing the patches for 5.20, which included
the upstream fix.
Given libwx-perl has now regressed, this apparently wasn't
correct. However, my main test case at the time, libimager-perl, seems
to be still using the hardening linker flags.
This needs more investigation. I expect we will want to binNMU affected
packages once we've fixed perl.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list