[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[savannah-help-public] failing upload of groff due CVE-2012-3386
|
From: |
Werner LEMBERG |
|
Subject: |
[savannah-help-public] failing upload of groff due CVE-2012-3386 |
|
Date: |
Fri, 28 Dec 2012 15:27:43 +0100 (CET) |
Folks,
while uploading a new groff version I got the following failure:
> upload rejected: groff-1.22.tar.gz contains a vulnerable
> Makefile.in CVE-2012-3386
> Regenerate it with automake 1.11.6 / 1.12.2 or newer.
However, groff doesn't use automake at all!
So what exactly triggers this message? Below you can find the `dist'
rule in groff's Makefile.in file. Shall I perhaps replace `mkdir'
with `mkdir -m 755'?
Werner
======================================================================
dist:
-rm -fr tmp
rm -f groff-$(version)$(revision).tar.gz
mkdir tmp
for d in $(DISTDIRS); do \
$(mkinstalldirs) tmp/$$d; \
done
srcdir=`cd $(srcdir); pwd`; \
cd tmp; \
cp ../Makefile .; \
cp $$srcdir/* . 2>/dev/null || true; \
rm -rf CVS; \
for d in $(DISTDIRS); do \
(cd $$d; \
cp $$srcdir/$$d/* . 2>/dev/null; \
rm -rf CVS || true); \
done; \
$(MAKE) srcdir=. VPATH=. distfiles; \
$(MAKE) srcdir=. VPATH=. extraclean; \
for d in $(EXTRADIRS); do \
(cd $$d; \
if test -f Makefile; then \
$(MAKE) extraclean; \
else \
$(MAKE) -f $(top_builddir)/$$d/Makefile extraclean; \
fi); \
done; \
rm -f Makefile; \
cp $$srcdir/Makefile.init Makefile
mv tmp groff-$(version)$(revision)
tar cfh - groff-$(version)$(revision) | \
gzip -c >groff-$(version)$(revision).tar.gz
rm -fr groff-$(version)$(revision)
- [savannah-help-public] failing upload of groff due CVE-2012-3386,
Werner LEMBERG <=