Re: [PATCH 3/7] build: require Automake >= 1.11.6

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/7] build: require Automake >= 1.11.6

From:	Bernhard Voelker
Subject:	Re: [PATCH 3/7] build: require Automake >= 1.11.6
Date:	Thu, 30 Aug 2012 20:58:27 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120713 Thunderbird/14.0

On 08/30/2012 02:13 PM, Stefano Lattarini wrote:
> Now that we use AM_TESTS_ENVIRONMENT, we should require at least
> Automake >= 1.11.2; but since all the Automake version until 1.11.5
> are vulnerable to CVE-2012-3386:
> 
>   <https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html>
> 
> it's even better to require 1.11.6.

I don't like this idea: I'm personally using OpenSuSE 12.1
(which is still the current version) which comes with 1.11.1.
To satisfy sc_vulnerable_makefile_CVE-2012-3386, I've patched
my /usr/share/automake-1.11/am/distdir.am.

So the question I'm putting forward is:
shouldn't COREUTILS be at least compileable on the latest
version of the major distributions?

I think a check like sc_vulnerable_makefile_CVE-2012-3386
is enough.

BTW: If you insist on this patch, then you also have to adapt
README-prereq.

Have a nice day,
Berny

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 1/7] tests: merge tests/check.mk into tests/Makefile.am, (continued)
- [PATCH 1/7] tests: merge tests/check.mk into tests/Makefile.am, Stefano Lattarini, 2012/08/30
- [PATCH 2/7] tests: prefer AM_TESTS_ENVIRONMENT over TESTS_ENVIRONMENT, Stefano Lattarini, 2012/08/30
- [PATCH 4/7] tests: avoid use of '-T' in shebang line to enable perl taint mode, Stefano Lattarini, 2012/08/30
  - Re: [PATCH 4/7] tests: avoid use of '-T' in shebang line to enable perl taint mode, Jim Meyering, 2012/08/30
    - Re: [PATCH 4/7] tests: avoid use of '-T' in shebang line to enable perl taint mode, Stefano Lattarini, 2012/08/30
    - Re: [PATCH 4/7] tests: avoid use of '-T' in shebang line to enable perl taint mode, Jim Meyering, 2012/08/30
- [PATCH 7/7] tests: get rid of the 'shell-or-perl' auxiliary script, Stefano Lattarini, 2012/08/30
- [PATCH 3/7] build: require Automake >= 1.11.6, Stefano Lattarini, 2012/08/30
  - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Jim Meyering, 2012/08/30
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Stefano Lattarini, 2012/08/30
  - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Bernhard Voelker <=
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Jim Meyering, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Bernhard Voelker, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Stefano Lattarini, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Jim Meyering, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Bernhard Voelker, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Jim Meyering, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Bernhard Voelker, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Erik Auerswald, 2012/08/31
    - Re: [PATCH 3/7] build: require Automake >= 1.11.6, Jim Meyering, 2012/08/31
- [PATCH 5/7] tests: detect missing perl at configure runtime, Stefano Lattarini, 2012/08/30

Prev by Date: Re: [PATCH 3/7] build: require Automake >= 1.11.6
Next by Date: Re: [PATCH 3/7] build: require Automake >= 1.11.6
Previous by thread: Re: [PATCH 3/7] build: require Automake >= 1.11.6
Next by thread: Re: [PATCH 3/7] build: require Automake >= 1.11.6
Index(es):
- Date
- Thread