On Fri, Jul 20, 2012 at 05:39:43PM -0600, Eric Blake wrote: > Pick up some build fixes in the latest gnulib. In particular, > we want to ensure that official tarballs are secure, but don't > want to penalize people who don't run 'make dist', since fixed > automake still hasn't hit common platforms like Fedora 17. > > * .gnulib: Update to latest, for Automake CVE-2012-3386 detection. > * bootstrap: Resync from gnulib. > * bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib > has dropped it in favor of Automake's version. > * cfg.mk (local-checks-to-skip): Conditionally skip the security > check in cases where it doesn't matter. > --- > > I'm stoked! I figured out how to upgrade to the latest automake > and make our release process secure (tested with 'make dist' on > a system with insecure automake), without penalizing normal > development (tested with 'make check' on the same system).
ACK, since only 'make dist' people are forced to install new automake. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
