From b4915286045859c8344eb6b93f9f13186c15db98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Tue, 11 Feb 2020 01:07:08 +0100 Subject: [PATCH] syntax-check: drop vulnerable Makefile checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As foretold, fixed automake is so common nowadays even Ubuntu 16.04 and Debian 9 have 1.11.6 as the oldest available version. Signed-off-by: Ján Tomko Reviewed-by: Michal Privoznik --- build-aux/syntax-check.mk | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/build-aux/syntax-check.mk b/build-aux/syntax-check.mk index 58a24b6276..52a6062ad5 100644 --- a/build-aux/syntax-check.mk +++ b/build-aux/syntax-check.mk @@ -130,17 +130,6 @@ syntax-check: $(local-check) _test_script_regex = \ -# Most developers don't run 'make distcheck'. We want the official -# dist to be secure, but don't want to penalize other developers -# using a distro that has not yet picked up the automake fix. -# FIXME remove this ifeq (making the syntax check unconditional) -# once fixed automake (1.11.6 or 1.12.2+) is more common. -ifeq ($(filter dist%, $(MAKECMDGOALS)), ) -local-checks-to-skip += sc_vulnerable_makefile_CVE-2012-3386 -else -distdir: sc_vulnerable_makefile_CVE-2012-3386.z -endif - # Files that should never cause syntax check failures. VC_LIST_ALWAYS_EXCLUDE_REGEX = \ (^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$ @@ -1957,25 +1946,6 @@ sc_prohibit_path_max_allocation: halt='Avoid stack allocations of size PATH_MAX' \ $(_sc_search_regexp) -sc_vulnerable_makefile_CVE-2009-4029: - @prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \ - in_files='(^|/)Makefile\.in$$' \ - halt=$$(printf '%s\n' \ - 'the above files are vulnerable; beware of running' \ - ' "make dist*" rules, and upgrade to fixed automake' \ - ' see https://bugzilla.redhat.com/show_bug.cgi?id=542609 for details') \ - $(_sc_search_regexp) - -sc_vulnerable_makefile_CVE-2012-3386: - @prohibit='chmod a\+w \$$\(distdir\)' \ - in_files='(^|/)Makefile\.in$$' \ - halt=$$(printf '%s\n' \ - 'the above files are vulnerable; beware of running' \ - ' "make distcheck", and upgrade to fixed automake' \ - ' see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3386 for details') \ - $(_sc_search_regexp) - - ifneq ($(_gl-Makefile),) syntax-check: spacing-check test-wrap-argv \ prohibit-duplicate-header mock-noinline group-qemu-caps \ -- GitLab