Re: caution: avoid unpatched automake [CVE-2009-4029]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jim Meyering wrote:
> There was a nasty flaw in _every_ automake-generated Makefile.in
> until recently[*].  When making releases, most of us who maintain

To clarify, the vulnerability affects the "distdir" commands
that appear only in so-called top-level Makefile.in files.
Note however, that some packages include sub-packages, so it's not
enough to search the Makefile.in file in the top-level directory.

> automake-using packages run "make dist" or "make distcheck".
> Even if you don't, your users may.  The flaw put all of us at risk.
...

That's why this command searches all Makefile.in files:

>     tar --to-stdout -x -f $tgz '*/Makefile.in' | grep -e '-perm -777 '
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux