On 07/26/2012 07:45 AM, Daniel P. Berrange wrote: > On Fri, Jul 20, 2012 at 05:39:43PM -0600, Eric Blake wrote: >> Pick up some build fixes in the latest gnulib. In particular, >> we want to ensure that official tarballs are secure, but don't >> want to penalize people who don't run 'make dist', since fixed >> automake still hasn't hit common platforms like Fedora 17. >> >> * .gnulib: Update to latest, for Automake CVE-2012-3386 detection. >> * bootstrap: Resync from gnulib. >> * bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib >> has dropped it in favor of Automake's version. >> * cfg.mk (local-checks-to-skip): Conditionally skip the security >> check in cases where it doesn't matter. >> --- >> >> I'm stoked! I figured out how to upgrade to the latest automake >> and make our release process secure (tested with 'make dist' on >> a system with insecure automake), without penalizing normal >> development (tested with 'make check' on the same system). > > ACK, since only 'make dist' people are forced to install new > automake. Thanks, pushed, and I'm also backporting it to the maint branches. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list