From 7c25c996d1c7c212a5981aa0e9c4434b6f33f7b8 Mon Sep 17 00:00:00 2001 From: Reiner Herrmann Date: Fri, 15 Sep 2017 11:43:53 +0200 Subject: mdate-sh: Ensure reproducible time output This change fixes automake bug#20314. 'mdate-sh' pretty-prints the modification time of a file. But it's output can vary depending on the timezone of the caller. Someone in timezone GMT-12 will get a different result (day) than someone in timezone GMT+12. As this output is also used to create/update stamp files, which influence the further build process, the build result can vary. * lib/mdate-sh: Set 'TZ' to UTC which ensures reproducible output. * NEWS: Announce bug fix. Copyright-paperwork-exempt: yes --- lib/mdate-sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/mdate-sh') diff --git a/lib/mdate-sh b/lib/mdate-sh index f80075c04..b6a116f92 100755 --- a/lib/mdate-sh +++ b/lib/mdate-sh @@ -1,7 +1,7 @@ #!/bin/sh # Get modification time of a file or directory and pretty-print it. -scriptversion=2016-01-11.22; # UTC +scriptversion=2017-09-15.09; # UTC # Copyright (C) 1995-2017 Free Software Foundation, Inc. # written by Ulrich Drepper , June 1995 @@ -74,6 +74,10 @@ export LC_ALL LC_TIME=C export LC_TIME +# Use UTC to get reproducible result. +TZ=UTC +export TZ + # GNU ls changes its time format in response to the TIME_STYLE # variable. Since we cannot assume 'unset' works, revert this # variable to its documented default. -- cgit v1.2.1 From 3562e384f43bbd9d48598904a82a792039f4ce33 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 16 Sep 2017 13:03:36 -0700 Subject: Prefer https: URLs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In Gnulib, Emacs, etc. we are changing ftp: and http: URLs to use https:, to discourage man-in-the-middle attacks when downloading software. The attached patch propagates these changes upstream to Automake. This patch does not affect files that Automake is downstream of, which I'll patch separately. Althouth the resources are not secret, plain HTTP is vulnerable to malicious routers that tamper with responses from GNU servers, and this sort of thing is all too common when people in some other countries browse US-based websites. See, for example: Aceto G, Botta A, Pescapé A, Awan MF, Ahmad T, Qaisar S. Analyzing internet censorship in Pakistan. RTSI 2016. https://dx.doi.org/10.1109/RTSI.2016.7740626 HTTPS is not a complete solution here, but it can be a significant help. The GNU project regularly serves up code to users, so we should take some care here. --- lib/mdate-sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/mdate-sh') diff --git a/lib/mdate-sh b/lib/mdate-sh index b6a116f92..6dd5b21e7 100755 --- a/lib/mdate-sh +++ b/lib/mdate-sh @@ -1,7 +1,7 @@ #!/bin/sh # Get modification time of a file or directory and pretty-print it. -scriptversion=2017-09-15.09; # UTC +scriptversion=2017-09-19.11; # UTC # Copyright (C) 1995-2017 Free Software Foundation, Inc. # written by Ulrich Drepper , June 1995 @@ -17,7 +17,7 @@ scriptversion=2017-09-15.09; # UTC # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a -- cgit v1.2.1