aboutsummaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/wydawca.rc20
1 files changed, 18 insertions, 2 deletions
diff --git a/etc/wydawca.rc b/etc/wydawca.rc
index d40cf35..08c51dd 100644
--- a/etc/wydawca.rc
+++ b/etc/wydawca.rc
@@ -278,8 +278,8 @@ The Project Submission Robot
EOT;
}
-/* Make sure the distributed tarball does not contain a security hole
- * described in CVE-2009-4029. Reject it, if it does.
+/* Make sure the distributed tarball does not contain security vulnerabilities
+ * CVE-2012-3386 and CVE-2009-4029. Reject it, if it does.
* See `info wydawca verification', for a description of check-script.
*
* Note: this script relies on GNU tar and grep.
@@ -288,6 +288,22 @@ check-script <<EOT
case ${WYDAWCA_DIST_FILE} in
*.tar|*.tar.*)
if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \
+ --wildcards --no-wildcards-match-slash '*/Makefile.in' | \
+ grep -q 'chmod a+w'; then
+ fmt <<_EOF_
+Some of the Makefile.in's in ${WYDAWCA_DIST_FILE} contain a locally
+exploitable race condition (see CVE-2012-3386[1], for more details).
+
+Please, rebuild your package using Automake v. 1.11.6 / 1.12.2
+or newer and resubmit.
+_EOF_
+ cat <<_EOF_
+--
+[1] https://security-tracker.debian.org/tracker/CVE-2012-3386
+_EOF_
+ exit 1
+ fi
+ if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \
--wildcards --no-wildcards-match-slash '*/Makefile.in' | \
grep -q 'perm -777'; then
fmt <<_EOF_

Return to:

Send suggestions and report system problems to the System administrator.