diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2013-01-01 17:08:48 +0200 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2013-01-01 17:08:48 +0200 |
| commit | fad678ec27c7f37da83ddf3ba3a96196a962c238 (patch) | |
| tree | 77197087a6c6c45c26cdd766c34b41f04891ce2d /etc | |
| parent | 142ce19b4072be33c209edf1d04a221d3bab7ac6 (diff) | |
| download | wydawca-fad678ec27c7f37da83ddf3ba3a96196a962c238.tar.gz wydawca-fad678ec27c7f37da83ddf3ba3a96196a962c238.tar.bz2 | |
Version 2.2. Happy GNU Year.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/wydawca.rc | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/etc/wydawca.rc b/etc/wydawca.rc index d40cf35..08c51dd 100644 --- a/etc/wydawca.rc +++ b/etc/wydawca.rc @@ -280,4 +280,4 @@ EOT; -/* Make sure the distributed tarball does not contain a security hole - * described in CVE-2009-4029. Reject it, if it does. +/* Make sure the distributed tarball does not contain security vulnerabilities + * CVE-2012-3386 and CVE-2009-4029. Reject it, if it does. * See `info wydawca verification', for a description of check-script. @@ -290,2 +290,18 @@ case ${WYDAWCA_DIST_FILE} in if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \ + --wildcards --no-wildcards-match-slash '*/Makefile.in' | \ + grep -q 'chmod a+w'; then + fmt <<_EOF_ +Some of the Makefile.in's in ${WYDAWCA_DIST_FILE} contain a locally +exploitable race condition (see CVE-2012-3386[1], for more details). + +Please, rebuild your package using Automake v. 1.11.6 / 1.12.2 +or newer and resubmit. +_EOF_ + cat <<_EOF_ +-- +[1] https://security-tracker.debian.org/tracker/CVE-2012-3386 +_EOF_ + exit 1 + fi + if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \ --wildcards --no-wildcards-match-slash '*/Makefile.in' | \ |