Re: [savannah-help-public] failing upload of groff due CVE-2012-3386

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [savannah-help-public] failing upload of groff due CVE-2012-3386

From:	Karl Berry
Subject:	Re: [savannah-help-public] failing upload of groff due CVE-2012-3386
Date:	Fri, 28 Dec 2012 22:05:25 GMT

    wl> while uploading a new groff version I got the following failure:

      > upload rejected: groff-1.22.tar.gz contains a vulnerable
      > Makefile.in CVE-2012-3386
      > Regenerate it with automake 1.11.6 / 1.12.2 or newer.

    However, groff doesn't use automake at all!
    So what exactly triggers this message?  

Good question.

Unfortunately, the latest version of the ftp-upload script I can put my
hands on is too old to have the test, and I can't find it on Savannah :(.

Sergey, I couldn't find the current script you use at puszcza.  Maybe
you can answer Werner?  (And please send me or the list the script, ok?
And maybe the script source should be linked from somewhere on the site,
e.g., https://puszcza.gnu.org.ua/cookbook/?func=detailitem&item_id=136
Thanks ...)

    Below you can find the `dist'
    rule in groff's Makefile.in file.  Shall I perhaps replace `mkdir'
    with `mkdir -m 755'?

It couldn't hurt to try.

karl

======================================================================
dist:
        -rm -fr tmp
        rm -f groff-$(version)$(revision).tar.gz
        mkdir tmp
        for d in $(DISTDIRS); do \
          $(mkinstalldirs) tmp/$$d; \
        done
        srcdir=`cd $(srcdir); pwd`; \
        cd tmp; \
        cp ../Makefile .; \
        cp $$srcdir/* . 2>/dev/null || true; \
        rm -rf CVS; \
        for d in $(DISTDIRS); do \
          (cd $$d; \
           cp $$srcdir/$$d/* . 2>/dev/null; \
           rm -rf CVS || true); \
        done; \
        $(MAKE) srcdir=. VPATH=. distfiles; \
        $(MAKE) srcdir=. VPATH=. extraclean; \
        for d in $(EXTRADIRS); do \
          (cd $$d; \
           if test -f Makefile; then \
             $(MAKE) extraclean; \
           else \
             $(MAKE) -f $(top_builddir)/$$d/Makefile extraclean; \
           fi); \
        done; \
        rm -f Makefile; \
        cp $$srcdir/Makefile.init Makefile
        mv tmp groff-$(version)$(revision)
        tar cfh - groff-$(version)$(revision) | \
          gzip -c >groff-$(version)$(revision).tar.gz
        rm -fr groff-$(version)$(revision)

[Prev in Thread]

Current Thread

[Next in Thread]

[savannah-help-public] failing upload of groff due CVE-2012-3386, Werner LEMBERG, 2012/12/28
- Re: [savannah-help-public] failing upload of groff due CVE-2012-3386, Karl Berry <=
  - Re: [savannah-help-public] failing upload of groff due CVE-2012-3386, Sergey Poznyakoff, 2012/12/29
    - Re: [savannah-help-public] failing upload of groff due CVE-2012-3386, Werner LEMBERG, 2012/12/29

Prev by Date: [savannah-help-public] [sr #108217] Create git repositories for stee project
Next by Date: Re: [savannah-help-public] failing upload of groff due CVE-2012-3386
Previous by thread: [savannah-help-public] failing upload of groff due CVE-2012-3386
Next by thread: Re: [savannah-help-public] failing upload of groff due CVE-2012-3386
Index(es):
- Date
- Thread