Mercurial > hg > octave-lojdl > gnulib-hg

changeset 12827:d844fd639561

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
maint: add a syntax-check rule to check for vulnerable Makefile.in * top/maint.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
author Jim Meyering <meyering@redhat.com>
date Thu, 28 Jan 2010 09:37:12 +0100
parents 75c8335f4661
children 6c20461f3ecf
files ChangeLog top/maint.mk
diffstat 2 files changed, 18 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-28  Jim Meyering  <meyering@redhat.com>
+
+	maint: add a syntax-check rule to check for vulnerable Makefile.in
+	* top/maint.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
+
 2010-01-27  Jim Meyering  <meyering@redhat.com>
 
 	ncftpput-ftp: clean up spaces
--- a/top/maint.mk
+++ b/top/maint.mk
@@ -726,6 +726,19 @@
 	@grep -Ei '^#define.*(yes|no|true|false)$$' '$(CONFIG_INCLUDE)' && \
 	  { echo 'Use 0 or 1 for macro values' 1>&2; exit 1; } || :
 
+sc_vulnerable_makefile_CVE-2009-4029:
+	@files=$$(find $(srcdir) -name Makefile.in);			\
+	if test -n "$$files"; then					\
+	  grep -E							\
+	    'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)'	\
+	    $$files &&							\
+	  { echo '$(ME): the above files are vulnerable; beware of'	\
+	    'running "make dist*" rules, and upgrade to fixed automake'	\
+	    'see http://bugzilla.redhat.com/542609 for details'		\
+		1>&2; exit 1; } || :;					\
+	else :;								\
+	fi
+
 vc-diff-check:
 	(unset CDPATH; cd $(srcdir) && $(VC) diff) > vc-diffs || :
 	if test -s vc-diffs; then				\