diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | etc/wydawca.rc | 20 |
3 files changed, 21 insertions, 5 deletions
@@ -5,13 +5,13 @@ See the end of file for copying conditions. Please send Wydawca bug reports to <bug-wydawca@gnu.org.ua>. -Version 2.1.90 (Git) +Version 2.2 "HGY", 2013-01-01 * Implements upload protocol version 1.2 * Input file locations include start and end columns. -* When available, use inotify(7) to watch the input spools. +* When available, uses inotify(7) to watch the input spools. The use of inotify allows wydawca to act immediately upon finished uploads without the need of external notifications. This makes the diff --git a/configure.ac b/configure.ac index ba5e261..ccd85a9 100644 --- a/configure.ac +++ b/configure.ac @@ -15,7 +15,7 @@ # along with wydawca. If not, see <http://www.gnu.org/licenses/>. AC_PREREQ(2.63) -AC_INIT([wydawca], 2.1.90, [bug-wydawca@gnu.org.ua], [wydawca], +AC_INIT([wydawca], 2.2, [bug-wydawca@gnu.org.ua], [wydawca], [http://www.gnu.org.ua/software/wydawca]) AC_CONFIG_SRCDIR([src/wydawca.c]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/etc/wydawca.rc b/etc/wydawca.rc index d40cf35..08c51dd 100644 --- a/etc/wydawca.rc +++ b/etc/wydawca.rc @@ -278,8 +278,8 @@ The Project Submission Robot EOT; } -/* Make sure the distributed tarball does not contain a security hole - * described in CVE-2009-4029. Reject it, if it does. +/* Make sure the distributed tarball does not contain security vulnerabilities + * CVE-2012-3386 and CVE-2009-4029. Reject it, if it does. * See `info wydawca verification', for a description of check-script. * * Note: this script relies on GNU tar and grep. @@ -288,6 +288,22 @@ check-script <<EOT case ${WYDAWCA_DIST_FILE} in *.tar|*.tar.*) if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \ + --wildcards --no-wildcards-match-slash '*/Makefile.in' | \ + grep -q 'chmod a+w'; then + fmt <<_EOF_ +Some of the Makefile.in's in ${WYDAWCA_DIST_FILE} contain a locally +exploitable race condition (see CVE-2012-3386[1], for more details). + +Please, rebuild your package using Automake v. 1.11.6 / 1.12.2 +or newer and resubmit. +_EOF_ + cat <<_EOF_ +-- +[1] https://security-tracker.debian.org/tracker/CVE-2012-3386 +_EOF_ + exit 1 + fi + if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \ --wildcards --no-wildcards-match-slash '*/Makefile.in' | \ grep -q 'perm -777'; then fmt <<_EOF_ |