[libvirt] [PATCH] build: update to latest gnulib, for secure tarball

Pick up some build fixes in the latest gnulib. In particular, we want to ensure that official tarballs are secure, but don't want to penalize people who don't run 'make dist', since fixed automake still hasn't hit common platforms like Fedora 17. * .gnulib: Update to latest, for Automake CVE-2012-3386 detection. * bootstrap: Resync from gnulib. * bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib has dropped it in favor of Automake's version. * cfg.mk (local-checks-to-skip): Conditionally skip the security check in cases where it doesn't matter. --- I'm stoked! I figured out how to upgrade to the latest automake and make our release process secure (tested with 'make dist' on a system with insecure automake), without penalizing normal development (tested with 'make check' on the same system). * .gnulib a02ba4b...6c37e0a (76):
verify: document conflict with -Wnested-externs maint.mk: forbid exit(-1) fsusage: port back to Solaris gnu-web-doc-update: fix error messages gnu-web-doc-update: check the requirements. maint.mk: minor simplification. gitlog-to-changelog: VPATH build issues. fpending: Assume AC_CHECK_DECLS_ONCE invocation, like in fpending.m4. pthread_sigmask: fix bug on FreeBSD 9 README-release: make it more legible autoupdate maint: require that each sc_... command start with "@" maint.mk: add leading "@" to quiet new "make syntax-check" rule autoupdate maint.mk: new syntax check for HAVE_DECL checks argp: make HAVE_DECL usage consistent stat-time: relax license to LGPLv2+ strndup: fix m4 usage error maint: enable the sc_avoid_if_before_free syntax-check rule gettext: do not assume '#define ... defined ...' behavior getloadavg: clean out old Emacs and Autoconf cruft bootstrap: let warn be like tests/init.sh's warn_ getopt: Simplify after Emacs changed. maint.mk: add sc_vulnerable_makefile_CVE-2012-3386 maint.mk: _sc_search_regexp, sc_vulnerable_makefile_CVE-2009-4029: fix getloadavg, getopt: fix commentary re configure.in timespec: mark functions with const attributes canonicalize[-lgpl]: handle "guessing" values when cross-building canonicalize: make the right guess when cross-compiling to GNU update from texinfo timespec-sub: avoid duplicate include bootstrap: use a more consistent error reporting scheme sys_time: allow too-wide tv_sec pthread: check for both pthread_create and pthread_join parse-datetime: doc tuneup do-release-commit-and-tag: fix the previous commit do-release-commit-and-tag: fix typo pthread: check for pthread_create, not pthread_join parse-datetime: fix failure to diagnose invalid input bootstrap: do not require now-removed build-aux/missing alloca: add support for HP NonStop TNS/E native fsusage: remove code not needed on non GNU/Linux systems. fsusage: include files needed for glibc 2.6 fallback fsusage: avoid needless check on GNU/Linux log: Fix an autoconf >= 2.64 warning. autoupdate autoupdate log10f: Fix possible configuration problem. Fix typo in ChangeLog entry. remove: No longer override on all platforms. Fixes bug from 2012-03-20. config: drop scripts that automake says are not independent root-uid: new module regex: use locale-independent comparison for codeset name getopt-posix: No longer guarantee that option processing is resettable. argp, regex: Ensure strcasecmp gets declared. autoupdate ptsname_r: Fix typo in last commit. ptsname_r: Make it consistent with ptsname on AIX. ptsname_r: Make it consistent with ptsname on OSF/1. ttyname_r: Fix result on OSF/1, Solaris. ptsname_r: Add support for Solaris. ptsname_r: Fix test failure on native Windows. ptsname_r: Fix test failures on IRIX, Solaris. ptsname test: Extend test. time: fix obsolete comment getopt-gnu: Handle suboptimal getopt_long's abbreviation handling. time_r: fix typo that always overrode localtime_r decl Write "Mac OS X" instead of "MacOS X". grantpt: Relax requirement regarding invalid file descriptors. fbufmode test: Don't test unportable behaviour. gnulib-tool: Refactor inctests variable. gnulib-tool: --create-[mega]testdir, --[mega]test implies --with-tests. parse-duration test: Avoid spurious output. testing: fix typo in here doc maint: disable the strncpy prohibition Fix misspellings in comments.
.gnulib | 2 +- bootstrap | 118 +++++++++++++++++++++++++++++++++----------------------- bootstrap.conf | 1 - cfg.mk | 11 ++++++ 4 files changed, 81 insertions(+), 51 deletions(-) diff --git a/.gnulib b/.gnulib index a02ba4b..6c37e0a 160000 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit a02ba4bf889fee4622db87f185c3d0af84d74ae7 +Subproject commit 6c37e0a73c7c1b6fe6eac4d794e2e65791a2700d diff --git a/bootstrap b/bootstrap index ce37a2c..e3e270b 100755 --- a/bootstrap +++ b/bootstrap @@ -1,6 +1,6 @@ #! /bin/sh # Print a version string. -scriptversion=2012-05-15.06; # UTC +scriptversion=2012-07-19.14; # UTC # Bootstrap this package from checked-out sources. @@ -77,6 +77,33 @@ Running without arguments will suffice in most cases. EOF } +# warnf_ FORMAT-STRING ARG1... +warnf_ () +{ + warnf_format_=$1 + shift + nl=' +' + case $* in + *$nl*) me_=$(printf "$me"|tr "$nl|" '??') + printf "$warnf_format_" "$@" | sed "s|^|$me_: |" ;; + *) printf "$me: $warnf_format_" "$@" ;; + esac >&2 +} + +# warn_ WORD1... +warn_ () +{ + # If IFS does not start with ' ', set it and emit the warning in a subshell. + case $IFS in + ' '*) warnf_ '%s\n' "$*";; + *) (IFS=' '; warn_ "$@");; + esac +} + +# die WORD1... +die() { warn_ "$@"; exit 1; } + # Configuration. # Name of the Makefile.am @@ -130,7 +157,8 @@ extract_package_name=' p } ' -package=$(sed -n "$extract_package_name" configure.ac) || exit +package=$(sed -n "$extract_package_name" configure.ac) \ + || die 'cannot find package name in configure.ac' gnulib_name=lib$package build_aux=build-aux @@ -186,6 +214,8 @@ use_git=true # otherwise find the first of the NAMES that can be run (i.e., # supports --version). If found, set ENVVAR to the program name, # die otherwise. +# +# FIXME: code duplication, see also gnu-web-doc-update. find_tool () { find_tool_envvar=$1 @@ -203,19 +233,15 @@ find_tool () else find_tool_error_prefix="\$$find_tool_envvar: " fi - if test x"$find_tool_res" = x; then - echo >&2 "$me: one of these is required: $find_tool_names" - exit 1 - fi - ($find_tool_res --version </dev/null) >/dev/null 2>&1 || { - echo >&2 "$me: ${find_tool_error_prefix}cannot run $find_tool_res --version" - exit 1 - } + test x"$find_tool_res" != x \ + || die "one of these is required: $find_tool_names" + ($find_tool_res --version </dev/null) >/dev/null 2>&1 \ + || die "${find_tool_error_prefix}cannot run $find_tool_res --version" eval "$find_tool_envvar=\$find_tool_res" eval "export $find_tool_envvar" } -# Find sha1sum, named gsha1sum on MacPorts, and shasum on MacOS 10.6. +# Find sha1sum, named gsha1sum on MacPorts, and shasum on Mac OS X 10.6. find_tool SHA1SUM sha1sum gsha1sum shasum # Override the default configuration, if necessary. @@ -230,7 +256,6 @@ esac test -z "${gnulib_extra_files}" && \ gnulib_extra_files=" $build_aux/install-sh - $build_aux/missing $build_aux/mdate-sh $build_aux/texinfo.tex $build_aux/depcomp @@ -270,21 +295,15 @@ do --no-git) use_git=false;; *) - echo >&2 "$0: $option: unknown option" - exit 1;; + die "$option: unknown option";; esac done -if $use_git || test -d "$GNULIB_SRCDIR"; then - : -else - echo "$0: Error: --no-git requires --gnulib-srcdir" >&2 - exit 1 -fi +$use_git || test -d "$GNULIB_SRCDIR" \ + || die "Error: --no-git requires --gnulib-srcdir" if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then - echo "$0: Bootstrapping from a non-checked-out distribution is risky." >&2 - exit 1 + die "Bootstrapping from a non-checked-out distribution is risky." fi # Ensure that lines starting with ! sort last, per gitignore conventions @@ -310,7 +329,7 @@ insert_sorted_if_absent() { echo "$str" | sort_patterns - $file | cmp -s - $file > /dev/null \ || { echo "$str" | sort_patterns - $file > $file.bak \ && mv $file.bak $file; } \ - || exit 1 + || die "insert_sorted_if_absent $file $str: failed" } # Adjust $PATTERN for $VC_IGNORE_FILE and insert it with @@ -334,11 +353,8 @@ grep '^[ ]*AC_CONFIG_AUX_DIR(\['"$build_aux"'\])' configure.ac \ >/dev/null && found_aux_dir=yes grep '^[ ]*AC_CONFIG_AUX_DIR('"$build_aux"')' configure.ac \ >/dev/null && found_aux_dir=yes -if test $found_aux_dir = no; then - echo "$0: expected line not found in configure.ac. Add the following:" >&2 - echo " AC_CONFIG_AUX_DIR([$build_aux])" >&2 - exit 1 -fi +test $found_aux_dir = yes \ + || die "configure.ac lacks 'AC_CONFIG_AUX_DIR([$build_aux])'; add it" # If $build_aux doesn't exist, create it now, otherwise some bits # below will malfunction. If creating it, also mark it as ignored. @@ -444,7 +460,7 @@ check_versions() { automake-ng|aclocal-ng) app=${app%-ng} ($app --version | grep '(GNU automake-ng)') >/dev/null 2>&1 || { - echo "$me: Error: '$app' not found or not from Automake-NG" >&2 + warn_ "Error: '$app' not found or not from Automake-NG" ret=1 continue } ;; @@ -454,20 +470,21 @@ check_versions() { # so we have to rely on $? rather than get_version. $app --version >/dev/null 2>&1 if [ 126 -le $? ]; then - echo "$me: Error: '$app' not found" >&2 + warn_ "Error: '$app' not found" ret=1 fi else # Require app to produce a new enough version string. inst_ver=$(get_version $app) if [ ! "$inst_ver" ]; then - echo "$me: Error: '$app' not found" >&2 + warn_ "Error: '$app' not found" ret=1 else latest_ver=$(sort_ver $req_ver $inst_ver | cut -d' ' -f2) if [ ! "$latest_ver" = "$inst_ver" ]; then - echo "$me: Error: '$app' version == $inst_ver is too old" >&2 - echo " '$app' version >= $req_ver is required" >&2 + warnf_ '%s\n' \ + "Error: '$app' version == $inst_ver is too old" \ + " '$app' version >= $req_ver is required" ret=1 fi fi @@ -524,11 +541,10 @@ fi if ! printf "$buildreq" | check_versions; then echo >&2 if test -f README-prereq; then - echo "$0: See README-prereq for how to get the prerequisite programs" >&2 + die "See README-prereq for how to get the prerequisite programs" else - echo "$0: Please install the prerequisite programs" >&2 + die "Please install the prerequisite programs" fi - exit 1 fi echo "$0: Bootstrapping from checked-out $package sources..." @@ -739,11 +755,10 @@ symlink_to_dir() *) case /$dst/ in *//* | */../* | */./* | /*/*/*/*/*/) - echo >&2 "$me: invalid symlink calculation: $src -> $dst" - exit 1;; - /*/*/*/*/) dot_dots=../../../;; - /*/*/*/) dot_dots=../../;; - /*/*/) dot_dots=../;; + die "invalid symlink calculation: $src -> $dst";; + /*/*/*/*/) dot_dots=../../../;; + /*/*/*/) dot_dots=../../;; + /*/*/) dot_dots=../;; esac;; esac @@ -765,7 +780,7 @@ version_controlled_file() { grep -F "/${file##*/}/" "$parent/CVS/Entries" 2>/dev/null | grep '^/[^/]*/[0-9]' > /dev/null else - echo "$me: no version control for $file?" >&2 + warn_ "no version control for $file?" false fi } @@ -855,11 +870,12 @@ echo "$0: $gnulib_tool $gnulib_tool_options --import ..." $gnulib_tool $gnulib_tool_options --import $gnulib_modules && for file in $gnulib_files; do - symlink_to_dir "$GNULIB_SRCDIR" $file || exit + symlink_to_dir "$GNULIB_SRCDIR" $file \ + || die "failed to symlink $file" done bootstrap_post_import_hook \ - || { echo >&2 "$me: bootstrap_post_import_hook failed"; exit 1; } + || die "bootstrap_post_import_hook failed" # Remove any dangling symlink matching "*.m4" or "*.[ch]" in some # gnulib-populated directories. Such .m4 files would cause aclocal to fail. @@ -887,7 +903,7 @@ echo "running: AUTOPOINT=true LIBTOOLIZE=true " \ "$AUTORECONF --verbose --install $no_recursive -I $m4_base $ACLOCAL_FLAGS" AUTOPOINT=true LIBTOOLIZE=true \ $AUTORECONF --verbose --install $no_recursive -I $m4_base $ACLOCAL_FLAGS \ - || exit 1 + || die "autoreconf failed" # Get some extra files from gnulib, overriding existing files. for file in $gnulib_extra_files; do @@ -896,7 +912,8 @@ for file in $gnulib_extra_files; do build-aux/*) dst=$build_aux/${file#build-aux/};; *) dst=$file;; esac - symlink_to_dir "$GNULIB_SRCDIR" $file $dst || exit + symlink_to_dir "$GNULIB_SRCDIR" $file $dst \ + || die "failed to symlink $file" done if test $with_gettext = yes; then @@ -912,7 +929,8 @@ if test $with_gettext = yes; then a\ '"$XGETTEXT_OPTIONS"' $${end_of_xgettext_options+} } - ' po/Makevars.template >po/Makevars || exit 1 + ' po/Makevars.template >po/Makevars \ + || die 'cannot generate po/Makevars' # If the 'gettext' module is in use, grab the latest Makefile.in.in. # If only the 'gettext-h' module is in use, assume autopoint already @@ -920,7 +938,8 @@ if test $with_gettext = yes; then case $gnulib_modules in *gettext-h*) ;; *gettext*) - cp $GNULIB_SRCDIR/build-aux/po/Makefile.in.in po/Makefile.in.in || exit 1 + cp $GNULIB_SRCDIR/build-aux/po/Makefile.in.in po/Makefile.in.in \ + || die "cannot create po/Makefile.in.in" ;; esac @@ -936,7 +955,8 @@ if test $with_gettext = yes; then a\ '"$XGETTEXT_OPTIONS_RUNTIME"' $${end_of_xgettext_options+} } - ' po/Makevars.template >runtime-po/Makevars || exit 1 + ' po/Makevars.template >runtime-po/Makevars \ + || die 'cannot generate runtime-po/Makevars' # Copy identical files from po to runtime-po. (cd po && cp -p Makefile.in.in *-quot *.header *.sed *.sin ../runtime-po) diff --git a/bootstrap.conf b/bootstrap.conf index 9b42cbf..3ac84f4 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -223,7 +223,6 @@ touch ChangeLog || exit 1 # Override bootstrap's list - we don't use mdate-sh or texinfo.tex. gnulib_extra_files=" $build_aux/install-sh - $build_aux/missing $build_aux/depcomp $build_aux/config.guess $build_aux/config.sub diff --git a/cfg.mk b/cfg.mk index 39d19b4..d054e5a 100644 --- a/cfg.mk +++ b/cfg.mk @@ -76,6 +76,17 @@ local-checks-to-skip = \ sc_makefile_check \ sc_useless_cpp_parens +# Most developers don't run 'make distcheck'. We want the official +# dist to be secure, but don't want to penalize other developers +# using a distro that has not yet picked up the automake fix. +# FIXME remove this ifeq (making the syntax check unconditional) +# once fixed automake (1.11.6 or 1.12.2+) is more common. +ifeq ($(filter dist%, $(MAKECMDGOALS)), ) +local-checks-to-skip += sc_vulnerable_makefile_CVE-2012-3386 +else +distdir: sc_vulnerable_makefile_CVE-2012-3386 +endif + # Files that should never cause syntax check failures. VC_LIST_ALWAYS_EXCLUDE_REGEX = \ (^(HACKING|docs/(news\.html\.in|.*\.patch))|\.po)$$ -- 1.7.10.4

On Fri, Jul 20, 2012 at 05:39:43PM -0600, Eric Blake wrote:
Pick up some build fixes in the latest gnulib. In particular, we want to ensure that official tarballs are secure, but don't want to penalize people who don't run 'make dist', since fixed automake still hasn't hit common platforms like Fedora 17.
* .gnulib: Update to latest, for Automake CVE-2012-3386 detection. * bootstrap: Resync from gnulib. * bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib has dropped it in favor of Automake's version. * cfg.mk (local-checks-to-skip): Conditionally skip the security check in cases where it doesn't matter. ---
I'm stoked! I figured out how to upgrade to the latest automake and make our release process secure (tested with 'make dist' on a system with insecure automake), without penalizing normal development (tested with 'make check' on the same system).
ACK, since only 'make dist' people are forced to install new automake. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

On 07/26/2012 07:45 AM, Daniel P. Berrange wrote:
On Fri, Jul 20, 2012 at 05:39:43PM -0600, Eric Blake wrote:
Pick up some build fixes in the latest gnulib. In particular, we want to ensure that official tarballs are secure, but don't want to penalize people who don't run 'make dist', since fixed automake still hasn't hit common platforms like Fedora 17.
* .gnulib: Update to latest, for Automake CVE-2012-3386 detection. * bootstrap: Resync from gnulib. * bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib has dropped it in favor of Automake's version. * cfg.mk (local-checks-to-skip): Conditionally skip the security check in cases where it doesn't matter. ---
I'm stoked! I figured out how to upgrade to the latest automake and make our release process secure (tested with 'make dist' on a system with insecure automake), without penalizing normal development (tested with 'make check' on the same system).
ACK, since only 'make dist' people are forced to install new automake.
Thanks, pushed, and I'm also backporting it to the maint branches. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

On 07/26/2012 07:52 AM, Eric Blake wrote:
On 07/26/2012 07:45 AM, Daniel P. Berrange wrote:
On Fri, Jul 20, 2012 at 05:39:43PM -0600, Eric Blake wrote:
Pick up some build fixes in the latest gnulib. In particular, we want to ensure that official tarballs are secure, but don't want to penalize people who don't run 'make dist', since fixed automake still hasn't hit common platforms like Fedora 17.
* .gnulib: Update to latest, for Automake CVE-2012-3386 detection.
ACK, since only 'make dist' people are forced to install new automake.
Thanks, pushed, and I'm also backporting it to the maint branches.
Now pushed to v0.9.6-maint; I'm still working on v0.9.11.maint. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org

On 07/27/2012 11:18 AM, Eric Blake wrote:
On 07/26/2012 07:52 AM, Eric Blake wrote:
On 07/26/2012 07:45 AM, Daniel P. Berrange wrote:
On Fri, Jul 20, 2012 at 05:39:43PM -0600, Eric Blake wrote:
Pick up some build fixes in the latest gnulib. In particular, we want to ensure that official tarballs are secure, but don't want to penalize people who don't run 'make dist', since fixed automake still hasn't hit common platforms like Fedora 17.
* .gnulib: Update to latest, for Automake CVE-2012-3386 detection.
ACK, since only 'make dist' people are forced to install new automake.
Thanks, pushed, and I'm also backporting it to the maint branches.
Now pushed to v0.9.6-maint; I'm still working on v0.9.11.maint.
Done as well. Cole, I also backported the fix for BZ 843836 to v0.9.11-maint; be aware that when you cut a new build for Fedora 17, you will need a fixed automake on your PATH. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (2)
-
Daniel P. Berrange
-
Eric Blake