# Verify that this is really a new version of the file!
if (exists($serials{$full_filename}) && ($serials{$full_filename} >= $epoch)) {
flock(SERIALS,4); # Release lock
- &fatal("Gpg signed upload older than/same timestamp as existing version - not allowed. In other words, the filenames for the triplet you have uploaded are an exact match for a triplet that has been uploaded in the past, and the directive file that you just uploaded has been signed before or at the same time as the directive file for the triplet that was uploaded earlier. Most likely, you are re-uploading an old triplet.",1);
+ &fatal("GPG signed upload older than/same timestamp as existing version - not allowed. In other words, the filenames for the triplet you have uploaded are an exact match for a triplet that has been uploaded in the past, and the directive file that you just uploaded has been signed before or at the same time as the directive file for the triplet that was uploaded earlier. Most likely, you are re-uploading an old triplet.",1);
}
$serials{$full_filename} = $epoch;
close(TAR); # We don't care about errors here; the pipe can cause non-zero exit codes when tar is unhappy that it's asked to stop
return if (!$found_makefile);
# If it does, check inside them
- ftp_syslog('debug', "($log_style) DEBUG: found Makefile.in, testing for CVE-2009-4029") if $DEBUG;
- $tar_cmd = "/bin/tar --to-stdout -x -f $upload_file --wildcards '*/Makefile.in'";
+ ftp_syslog('debug', "($log_style) DEBUG: found Makefile.in, testing for CVE-2009-4029 and CVE-2012-3386") if $DEBUG;
+ $tar_cmd = "/bin/tar --to-stdout -x -f $upload_file 'Makefile.in' --wildcards '*/Makefile.in' 2>/dev/null";
open (TAR, "$tar_cmd|")
or &fatal("failed to run command: $tar_cmd",1);
- my $found_bad = 0;
+ my $found_cve_2009_4029 = 0;
+ my $found_cve_2012_3386 = 0;
+ my $error_string = '';
while (defined (my $line = <TAR>)) {
if ($line =~ /perm -777 -exec chmod a\+rwx|chmod 777 \$\(distdir\)/) {
- $found_bad = 1;
- last;
+ $found_cve_2009_4029 = 1;
+ }
+ if ($line =~ /chmod a\+w \$\(distdir\)/) {
+ $found_cve_2012_3386 = 1;
}
}
close(TAR); # We don't care about errors here; the pipe can cause non-zero exit codes when tar is unhappy that it's asked to stop
- $found_bad
- and &fatal("upload rejected: $upload_file contains a vulnerable "
+
+ # Because CVE-2012-3386 was not fixed until 1.11.6 / 1.12.2, we point people to that version instead
+ # of 1.11.1, which fixes CVE-2009-4029. Ward, 2012-07-20
+ $found_cve_2009_4029 and $error_string .= "upload rejected: $upload_file contains a vulnerable "
. "Makefile.in (CVE-2009-4029);\n"
- . "Regenerate it with automake 1.11.1 or newer.",1,'',3);
+ . "Regenerate it with automake 1.11.6 / 1.12.2 or newer.\n\n";
+
+ $found_cve_2012_3386 and $error_string .= "upload rejected: $upload_file contains a vulnerable "
+ . "Makefile.in (CVE-2012-3386);\n"
+ . "Regenerate it with automake 1.11.6 / 1.12.2 or newer.\n\n";
+
+ ($found_cve_2009_4029 or $found_cve_2012_3386) and &fatal($error_string,1,'',3);
+
}
- ftp_syslog('debug', "($log_style) DEBUG: tested negative for CVE-2009-4029") if $DEBUG;
+ ftp_syslog('debug', "($log_style) DEBUG: tested negative for CVE-2009-4029 and CVE-2012-3386") if $DEBUG;
}
projects / gatekeeper.git / commitdiff