On 2016-09-08 17:58:03 -0300, Alvaro Herrera wrote:
> Andres Freund wrote:
>
> > ISTM that the easiest fix is to just tack -I '$(srcdir)' into the prove
> > flags like:
> > PROVE = @PROVE@
> > PG_PROVE_FLAGS = -I $(top_srcdir)/src/test/perl/ -I '$(srcdir)'
> > PROVE_FLAGS = --verbose
> >
> > I don't think there's any security concerns for us here.
>
> Maybe not, but we could just as well use -I$(top_srcdir)/src/test/perl
> and not have to think about it.
That doesn't fix the issue - RewindTest is in src/bin/pg_rewind for
example. There's already an -I for /src/test/perl.
> But we have other .pm's ... are there other things that would break once
> the fix for that problem propagates? I think the msvc stuff will break,
> for one.
check-world appears to mostly run (still doing so, but it's mostly
through everything relevant). I can't vouch for the windows stuff, and
the invocations indeed look vulnerable. I'm not sure if hte fix actually
matters on windows, given . is the default for pretty much everything
there.
Greetings,
Andres Freund