Mercurial > hg > octave-nkf > gnulib-hg
changeset 12827:d844fd639561
maint: add a syntax-check rule to check for vulnerable Makefile.in
* top/maint.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
author | Jim Meyering <meyering@redhat.com> |
---|---|
date | Thu, 28 Jan 2010 09:37:12 +0100 |
parents | 75c8335f4661 |
children | 6c20461f3ecf |
files | ChangeLog top/maint.mk |
diffstat | 2 files changed, 18 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2010-01-28 Jim Meyering <meyering@redhat.com> + + maint: add a syntax-check rule to check for vulnerable Makefile.in + * top/maint.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule. + 2010-01-27 Jim Meyering <meyering@redhat.com> ncftpput-ftp: clean up spaces
--- a/top/maint.mk +++ b/top/maint.mk @@ -726,6 +726,19 @@ @grep -Ei '^#define.*(yes|no|true|false)$$' '$(CONFIG_INCLUDE)' && \ { echo 'Use 0 or 1 for macro values' 1>&2; exit 1; } || : +sc_vulnerable_makefile_CVE-2009-4029: + @files=$$(find $(srcdir) -name Makefile.in); \ + if test -n "$$files"; then \ + grep -E \ + 'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \ + $$files && \ + { echo '$(ME): the above files are vulnerable; beware of' \ + 'running "make dist*" rules, and upgrade to fixed automake' \ + 'see http://bugzilla.redhat.com/542609 for details' \ + 1>&2; exit 1; } || :; \ + else :; \ + fi + vc-diff-check: (unset CDPATH; cd $(srcdir) && $(VC) diff) > vc-diffs || : if test -s vc-diffs; then \