External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 04:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

syntax-check: drop vulnerable Makefile checks

Browse Source 
As foretold, fixed automake is so common nowadays even Ubuntu 16.04
and Debian 9 have 1.11.6 as the oldest available version.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Ján Tomko 2020-02-11 01:07:08 +01:00
parent c642199fdf
commit b491528604
1 changed files with 0 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
build-aux/syntax-check.mk
View File

@ -130,17 +130,6 @@ syntax-check: $(local-check)
_test_script_regex = \<test-lib\.sh\> _test_script_regex = \<test-lib\.sh\>
# Most developers don't run 'make distcheck'. We want the official
# dist to be secure, but don't want to penalize other developers
# using a distro that has not yet picked up the automake fix.
# FIXME remove this ifeq (making the syntax check unconditional)
# once fixed automake (1.11.6 or 1.12.2+) is more common.
ifeq ($(filter dist%, $(MAKECMDGOALS)), )
local-checks-to-skip += sc_vulnerable_makefile_CVE-2012-3386
else
distdir: sc_vulnerable_makefile_CVE-2012-3386.z
endif
# Files that should never cause syntax check failures. # Files that should never cause syntax check failures.
VC_LIST_ALWAYS_EXCLUDE_REGEX = \ VC_LIST_ALWAYS_EXCLUDE_REGEX = \
(^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$ (^(docs/(news(-[0-9]*)?\.html\.in|.*\.patch))|\.(po|fig|gif|ico|png))$$
@ -1957,25 +1946,6 @@ sc_prohibit_path_max_allocation:
halt='Avoid stack allocations of size PATH_MAX' \ halt='Avoid stack allocations of size PATH_MAX' \
$(_sc_search_regexp) $(_sc_search_regexp)
sc_vulnerable_makefile_CVE-2009-4029:
@prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
in_files='(^|/)Makefile\.in$$' \
halt=$$(printf '%s\n' \
'the above files are vulnerable; beware of running' \
' "make dist*" rules, and upgrade to fixed automake' \
' see https://bugzilla.redhat.com/show_bug.cgi?id=542609 for details') \
$(_sc_search_regexp)
sc_vulnerable_makefile_CVE-2012-3386:
@prohibit='chmod a\+w \$$\(distdir\)' \
in_files='(^|/)Makefile\.in$$' \
halt=$$(printf '%s\n' \
'the above files are vulnerable; beware of running' \
' "make distcheck", and upgrade to fixed automake' \
' see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3386 for details') \
$(_sc_search_regexp)
ifneq ($(_gl-Makefile),) ifneq ($(_gl-Makefile),)
syntax-check: spacing-check test-wrap-argv \ syntax-check: spacing-check test-wrap-argv \
prohibit-duplicate-header mock-noinline group-qemu-caps \ prohibit-duplicate-header mock-noinline group-qemu-caps \