[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] maint: add a syntax-check rule to check for vulnerable Makefile.
|
From: |
Jim Meyering |
|
Subject: |
[PATCH] maint: add a syntax-check rule to check for vulnerable Makefile.in |
|
Date: |
Wed, 27 Jan 2010 22:42:29 +0100 |
I've just pushed this to coreutils.
I propose to move the rule to gnulib's maint.mk.
Why? Just noticed that Fedora 11 is still using a vulnerable
version of automake-1.11, and that some projects don't require
automake-1.11.1.
Any objections or suggestions?
>From 1b361e21d08b2e7252f137b40419ffa0a675a91c Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Wed, 27 Jan 2010 22:36:27 +0100
Subject: [PATCH] maint: add a syntax-check rule to check for vulnerable
Makefile.in
* cfg.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
---
cfg.mk | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/cfg.mk b/cfg.mk
index b5a21c3..6fc10ee 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -246,6 +246,19 @@ sc_prohibit_sleep:
msg='prefer xnanosleep over other sleep interfaces' \
$(_prohibit_regexp)
+sc_vulnerable_makefile_CVE-2009-4029:
+ @files=$$(find $(srcdir) -name Makefile.in); \
+ if test -n "$$files"; then \
+ grep -E \
+ 'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
+ $$files && \
+ { echo '$(ME): the above files are vulnerable; beware of' \
+ 'running "make dist*" rules, and upgrade to fixed automake' \
+ 'see http://bugzilla.redhat.com/542609 for details' \
+ 1>&2; exit 1; } || :; \
+ else :; \
+ fi
+
include $(srcdir)/dist-check.mk
update-copyright-env = \
--
1.7.0.rc0.158.g8f946
- [PATCH] maint: add a syntax-check rule to check for vulnerable Makefile.in,
Jim Meyering <=