On Wed, 9 Dec 2009 01:38:19 +0100 (CET) Vincent Torri <vto...@univ-evry.fr> said:
i say we just wait for next snap. it's pretty much a non-used feature of a tarball that u use make dist after getting the tarballs... thats done from svn already by us. i'd say this is minor at best if u read about the security issue. it doesnt affect us at all given tarballs are created by me on my machine with no one else having access. > Below is a mail about a security issue about Makefile files generated by > automake. > > raster: maybe we should regeenrate the snapshots > > Vincent > > ---------- Forwarded message ---------- > Date: Tue, 08 Dec 2009 15:48:03 -0800 > From: Alan Coopersmith <alan.coopersm...@sun.com> > To: X.Org Developers <xorg-de...@lists.x.org> > Subject: X.Org releases & automake security issue CVE-2009-4029 > > The GNU automake maintainers today issued patches and a security advisory > for a problem when running 'make dist*' on projects which had Makefile.in > generated by versions of automake prior to the patch: > http://lists.gnu.org/archive/html/autotools-announce/2009-12/msg00002.html > > This pretty much covers every X.Org modular release tarball ever made. > Clearly X.Org will not be rebuilding all our past tarballs with new > automake releases, as we simply don't have the people-power. > > It's unclear to me if we need to rebuild any releases at all, or just > tell end users that if they're running 'make dist*' on a previously > released tarball, on a system in which untrusted users could login or > access the filesystem, they should run "autoreconf" first with a patched > local automake install. Any opinions? > > X.Org developers/maintainers should move to patched versions of automake > when possible for generating release tarballs going forward. > > -- > -Alan Coopersmith- alan.coopersm...@sun.com > Sun Microsystems, Inc. - X Window System Engineering > > _______________________________________________ > xorg-devel mailing list > xorg-de...@lists.x.org > http://lists.x.org/mailman/listinfo/xorg-devel > > > ------------------------------------------------------------------------------ > Return on Information: > Google Enterprise Search pays you back > Get the facts. > http://p.sf.net/sfu/google-dev2dev > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) ras...@rasterman.com ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
