diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2013-01-01 17:08:48 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2013-01-01 17:08:48 +0200 |
commit | fad678ec27c7f37da83ddf3ba3a96196a962c238 (patch) | |
tree | 77197087a6c6c45c26cdd766c34b41f04891ce2d /etc/wydawca.rc | |
parent | 142ce19b4072be33c209edf1d04a221d3bab7ac6 (diff) | |
download | wydawca-fad678ec27c7f37da83ddf3ba3a96196a962c238.tar.gz wydawca-fad678ec27c7f37da83ddf3ba3a96196a962c238.tar.bz2 |
Version 2.2. Happy GNU Year.
Diffstat (limited to 'etc/wydawca.rc')
-rw-r--r-- | etc/wydawca.rc | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/etc/wydawca.rc b/etc/wydawca.rc index d40cf35..08c51dd 100644 --- a/etc/wydawca.rc +++ b/etc/wydawca.rc @@ -278,8 +278,8 @@ The Project Submission Robot EOT; } -/* Make sure the distributed tarball does not contain a security hole - * described in CVE-2009-4029. Reject it, if it does. +/* Make sure the distributed tarball does not contain security vulnerabilities + * CVE-2012-3386 and CVE-2009-4029. Reject it, if it does. * See `info wydawca verification', for a description of check-script. * * Note: this script relies on GNU tar and grep. @@ -288,6 +288,22 @@ check-script <<EOT case ${WYDAWCA_DIST_FILE} in *.tar|*.tar.*) if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \ + --wildcards --no-wildcards-match-slash '*/Makefile.in' | \ + grep -q 'chmod a+w'; then + fmt <<_EOF_ +Some of the Makefile.in's in ${WYDAWCA_DIST_FILE} contain a locally +exploitable race condition (see CVE-2012-3386[1], for more details). + +Please, rebuild your package using Automake v. 1.11.6 / 1.12.2 +or newer and resubmit. +_EOF_ + cat <<_EOF_ +-- +[1] https://security-tracker.debian.org/tracker/CVE-2012-3386 +_EOF_ + exit 1 + fi + if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \ --wildcards --no-wildcards-match-slash '*/Makefile.in' | \ grep -q 'perm -777'; then fmt <<_EOF_ |