maint: add a syntax-check rule to check for vulnerable Makefile.in

* cfg.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
2026-03-18 02:45:23 +02:00 · 2010-01-27 22:36:27 +01:00
parent aad0bde0b5
commit c7ecdb0fcb
1 changed files with 13 additions and 0 deletions
--- a/cfg.mk
+++ b/cfg.mk
@@ -246,6 +246,19 @@ sc_prohibit_sleep:
 	msg='prefer xnanosleep over other sleep interfaces'		\
 	  $(_prohibit_regexp)

+sc_vulnerable_makefile_CVE-2009-4029:
+	@files=$$(find $(srcdir) -name Makefile.in);			\
+	if test -n "$$files"; then					\
+	  grep -E							\
+	    'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)'	\
+	    $$files &&							\
+	  { echo '$(ME): the above files are vulnerable; beware of'	\
+	    'running "make dist*" rules, and upgrade to fixed automake'	\
+	    'see http://bugzilla.redhat.com/542609 for details'		\
+		1>&2; exit 1; } || :;					\
+	else :;								\
+	fi
+
 include $(srcdir)/dist-check.mk

 update-copyright-env = \