[Automake-commit] [SCM] GNU Automake branch, maint, updated. v1.12.2

automake-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Automake-commit] [SCM] GNU Automake branch, maint, updated. v1.12.2

From:	Stefano Lattarini
Subject:	[Automake-commit] [SCM] GNU Automake branch, maint, updated. v1.12.2
Date:	Mon, 09 Jul 2012 16:13:14 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Automake".

http://git.sv.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=6a49a1b75b392a4b5c139fc2b6de3e4ca56fbdbb

The branch, maint has been updated
       via  6a49a1b75b392a4b5c139fc2b6de3e4ca56fbdbb (commit)
       via  784b3e6ccc7c72a1c95c340cbbe8897d6b689d76 (commit)
       via  bab7065f75bb9680df8c782da06a8312e5fa95a6 (commit)
       via  25510217c2844deccf469db8dc2b1f03072e858c (commit)
      from  3187debeb65ca767511cbc1720551c8db4b8e577 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6a49a1b75b392a4b5c139fc2b6de3e4ca56fbdbb
Author: Stefano Lattarini <address@hidden>
Date:   Mon Jul 9 17:26:14 2012 +0200

    release: stable release 1.12.2
    
    * configure.ac (AC_INIT): Bump version number to 1.12.2.
    * m4/amversion.m4: Likewise (auto-updated by "./bootstrap").
    
    Signed-off-by: Stefano Lattarini <address@hidden>

commit 784b3e6ccc7c72a1c95c340cbbe8897d6b689d76
Merge: 2551021 bab7065
Author: Stefano Lattarini <address@hidden>
Date:   Mon Jul 9 16:51:06 2012 +0200

    Merge branch 'distcheck-vulnerability-CVE-2012-3386' into maint
    
    * distcheck-vulnerability-CVE-2012-3386:
      distcheck: never make part of $(distdir) world-writable

commit bab7065f75bb9680df8c782da06a8312e5fa95a6
Author: Stefano Lattarini <address@hidden>
Date:   Fri Jul 6 22:43:04 2012 +0200

    distcheck: never make part of $(distdir) world-writable
    
    This fixes a locally-exploitable security vulnerability (CVE-2012-3386).
    
    In the 'distcheck' rule, we used to make the just-extracted (from
    the distribution tarball) $(distdir) directory and all its files and
    subdirectories read-only; then, in order to create the '_inst' and
    '_build' subdirectories in there (used by the rest of the recipe) we
    made the top-level $(distdir) *world-writable* for an instant (the
    time to create those two directories) before making it read-only
    again.
    
    Making that directory world-writable (albeit only briefly) introduced a
    locally exploitable race condition for those who run "make distcheck" with
    a non-restrictive umask (e.g., 022) in a directory that is accessible by
    others.  A successful exploit would result in arbitrary code execution
    with the privileges of the user running "make distcheck" -- game over.
    Jim Meyering wrote a proof-of-concept script showing that such exploit is
    easily implemented.
    
    This issue is similar to the CVE-2009-4029 vulnerability:
    <http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html>
    
    * lib/am/distdir.am (distcheck): Don't make $(distdir) world-writable,
    not even for an instant; make it user-writable instead, which is enough.
    
    Helped-By: Jim Meyering <address@hidden>
    Signed-off-by: Stefano Lattarini <address@hidden>

commit 25510217c2844deccf469db8dc2b1f03072e858c
Author: Stefano Lattarini <address@hidden>
Date:   Mon Jul 9 10:33:49 2012 +0200

    compat: automake should substitute @mkdir_p@, for backward compatibility
    
    That has been unwittingly broken by commit v1.12-19-g7a1eb9f of 2012-04-28,
    "AM_PROG_MKDIR_P: deprecate, to be removed in Automake 1.13". We thought it
    wasn't a big deal, but Jim Meyering reported that @mkdir_p@ is used in
    gettext's Makefile.in.in template:
    <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
    
    * lib/am/header-vars.am (mkdir_p): Don't define.
    * m4/init.m4 (AM_INIT_AUTOMAKE): AC_SUBST 'mkdir_p' with $(MKDIR_P).
    * t/mkdir_p.sh, t/mkdirp-deprecation.sh: Enhance.
    * NEWS: Update.
    
    Signed-off-by: Stefano Lattarini <address@hidden>

-----------------------------------------------------------------------

Summary of changes:
 NEWS                    |   27 ++++++++++++++++-----------
 configure.ac            |    2 +-
 lib/am/distdir.am       |    2 +-
 lib/am/header-vars.am   |    5 -----
 m4/amversion.m4         |    4 ++--
 m4/init.m4              |    5 +++++
 t/mkdir_p.sh            |   12 ++++++++----
 t/mkdirp-deprecation.sh |   12 ++++++++----
 8 files changed, 41 insertions(+), 28 deletions(-)

diff --git a/NEWS b/NEWS
index d38554d..800c7eb 100644
--- a/NEWS
+++ b/NEWS
@@ -6,10 +6,10 @@ New in 1.12.2:
     long-deprecated 'configure.in' name for the Autoconf input file.
     You are advised to use the recommended name 'configure.ac' instead.
 
-  - The long-obsolete (since automake 1.10) @mkdir_p@ configure-time
-    substitution and AM_PROG_MKDIR m4 macro will be removed in Automake
-    1.13.  The $(mkdir_p) should still remain available for the moment
-    though.
+  - The long-obsolete (since automake 1.10) AM_PROG_MKDIR m4 macro will
+    be removed in Automake 1.13.  The $(mkdir_p) make variable and the
+    @mkdir_p@ substitution will still remain available (as aliases of
+    $(MKDIR_P)) for the moment, for better backward compatibility.
 
   - Autoconf 2.65 or later will be required by the next major Automake
     version (1.13).  Until now, Automake has required Autoconf version
@@ -97,6 +97,15 @@ New in 1.12.2:
 
 Bugs fixed in 1.12.2:
 
+* SECURITY VULNERABILITIES!
+
+  - The recipe of the 'distcheck' no longer grants anymore temporary
+    world-wide write permissions on the extracted distdir.  Even if such
+    rights were only granted for a vanishingly small time window, the
+    implied race condition proved to be enough to allow a local attacker
+    to run arbitrary code with the privileges of the user running "make
+    distcheck".  This is CVE-2012-3386.
+
 * Long-standing bugs:
 
   - The "recheck" targets behaves better in the face of build failures
@@ -107,13 +116,9 @@ Bugs fixed in 1.12.2:
 
 * Bugs introduced by 1.12.1:
 
-  - Automake generated Makefiles define once again the $(mkdir_p) make
-    variable (simple ans an alias for $(MKDIR_P)), for better backward
-    compatibility.  The '@mkdir_p@' substitution is however not enabled
-    by default anymore; anyone needing it should call the AM_PROG_MKDIR
-    m4 macro explicitly (beware that this macro has been deprecated since
-    the previous Automake release 1.12.1, and will be removed in Automake
-    1.13).
+  - Automake provides once again the '$(mkdir_p)' make variable and the
+    '@mkdir_p@' substitution (both as simple aliases for '$(MKDIR_P)'),
+    for better backward-compatibility.
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/configure.ac b/configure.ac
index 7d30762..b26df18 100644
--- a/configure.ac
+++ b/configure.ac
@@ -16,7 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 AC_PREREQ([2.69])
-AC_INIT([GNU Automake], [1.12.1a], address@hidden)
+AC_INIT([GNU Automake], [1.12.2], address@hidden)
 
 AC_CONFIG_SRCDIR([automake.in])
 AC_CONFIG_AUX_DIR([lib])
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index e27b650..f636a1e 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -449,7 +449,7 @@ distcheck: dist
 ## Make the new source tree read-only.  Distributions ought to work in
 ## this case.  However, make the top-level directory writable so we
 ## can make our new subdirs.
-       chmod -R a-w $(distdir); chmod a+w $(distdir)
+       chmod -R a-w $(distdir); chmod u+w $(distdir)
        mkdir $(distdir)/_build
        mkdir $(distdir)/_inst
 ## Undo the write access.
diff --git a/lib/am/header-vars.am b/lib/am/header-vars.am
index c65e08c..ba4aa0b 100644
--- a/lib/am/header-vars.am
+++ b/lib/am/header-vars.am
@@ -77,11 +77,6 @@ NORMAL_UNINSTALL = :
 PRE_UNINSTALL = :
 POST_UNINSTALL = :
 
-# For better backward compatibility.  To be removed once Automake 1.9.x
-# dies out for good.  For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-mkdir_p = $(MKDIR_P)
-
 ## dejagnu.am uses these variables.  Some users might rely on them too.
 ?BUILD?build_triplet = @build@
 ?HOST?host_triplet = @host@
diff --git a/m4/amversion.m4 b/m4/amversion.m4
index e178750..4303586 100644
--- a/m4/amversion.m4
+++ b/m4/amversion.m4
@@ -17,7 +17,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
 [am__api_version='1.12'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.12.1a], [],
+m4_if([$1], [1.12.2], [],
       [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])
 
@@ -33,7 +33,7 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.12.1a])dnl
+[AM_AUTOMAKE_VERSION([1.12.2])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
diff --git a/m4/init.m4 b/m4/init.m4
index 85228ba..cf47e76 100644
--- a/m4/init.m4
+++ b/m4/init.m4
@@ -82,6 +82,11 @@ AM_MISSING_PROG([MAKEINFO], [makeinfo])
 AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
 AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
 AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+# For better backward compatibility.  To be removed once Automake 1.9.x
+# dies out for good.  For more background, see:
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
 # We need awk for the "check" target.  The system "awk" is bad on
 # some platforms.
 AC_REQUIRE([AC_PROG_AWK])dnl
diff --git a/t/mkdir_p.sh b/t/mkdir_p.sh
index 624365c..2cc68a3 100755
--- a/t/mkdir_p.sh
+++ b/t/mkdir_p.sh
@@ -27,17 +27,21 @@ END
 cat > Makefile.am << 'END'
 SUBDIRS = sub
 all-local:
-       $(mkdir_p) . dir1/dir2
+       $(mkdir_p) . dir1/a
+       @mkdir_p@ . dir2/b
 check-local: all
-       test -d dir1/dir2
-       test -d dir1/dir3
+       test -d dir1/a
+       test -d dir2/b
+       test -d dir3/c
+       test -d dir3/d
 END
 
 mkdir sub
 cat > sub/Makefile.am << 'END'
 # '$(mkdir_p)' should continue to work even in subdir makefiles.
 all-local:
-       $(mkdir_p) .. ../dir1/dir3
+       $(mkdir_p) .. ../dir3/c
+       @mkdir_p@ .. ../dir3/d
 END
 
 $ACLOCAL
diff --git a/t/mkdirp-deprecation.sh b/t/mkdirp-deprecation.sh
index 0257391..68ffa58 100755
--- a/t/mkdirp-deprecation.sh
+++ b/t/mkdirp-deprecation.sh
@@ -29,17 +29,21 @@ END
 cat > Makefile.am << 'END'
 SUBDIRS = sub
 all-local:
-       $(mkdir_p) . dir1/dir2
+       $(mkdir_p) . dir1/a
+       @mkdir_p@ . dir2/b
 check-local: all
-       test -d dir1/dir2
-       test -d dir1/dir3
+       test -d dir1/a
+       test -d dir2/b
+       test -d dir3/c
+       test -d dir3/d
 END
 
 mkdir sub
 cat > sub/Makefile.am << 'END'
 # '$(mkdir_p)' should continue to work even in subdir makefiles.
 all-local:
-       $(mkdir_p) .. ../dir1/dir3
+       $(mkdir_p) .. ../dir3/c
+       @mkdir_p@ .. ../dir3/d
 END
 
 grep_err ()


hooks/post-receive
-- 
GNU Automake
[Prev in Thread]
Current Thread
[Next in Thread]
[Automake-commit] [SCM] GNU Automake branch, maint, updated. v1.12.2, Stefano Lattarini <=
Prev by Date: [Automake-commit] [SCM] GNU Automake branch, ng/master, updated. v1.12.1-604-g7adf67b
Next by Date: [Automake-commit] [SCM] GNU Automake annotated tag, v1.11.6, created. v1.11.6
Previous by thread: [Automake-commit] [SCM] GNU Automake branch, ng/master, updated. v1.12.1-604-g7adf67b
Next by thread: [Automake-commit] [SCM] GNU Automake annotated tag, v1.11.6, created. v1.11.6
Index(es):
- Date
- Thread