maint.mk: add sc_vulnerable_makefile_CVE-2012-3386

* top/maint.mk (sc_vulnerable_makefile_CVE-2012-3386): New rule.

diff --git a/ChangeLog b/ChangeLog
index c3da46b..c642230 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2012-07-09  Jim Meyering  <meyering@redhat.com>
 
+       maint.mk: add sc_vulnerable_makefile_CVE-2012-3386
+       * top/maint.mk (sc_vulnerable_makefile_CVE-2012-3386): New rule.
+
        maint.mk: _sc_search_regexp, sc_vulnerable_makefile_CVE-2009-4029: fix
        Bugs in both of those conspired to make the
        sc_vulnerable_makefile_CVE-2009-4029 rule 99% useless.

diff --git a/top/maint.mk b/top/maint.mk
index 2361d00..0023989 100644 (file)
--- a/top/maint.mk
+++ b/top/maint.mk
@@ -1223,6 +1223,15 @@ sc_vulnerable_makefile_CVE-2009-4029:
          '  see http://bugzilla.redhat.com/542609 for details')        \
          $(_sc_search_regexp)
 
+sc_vulnerable_makefile_CVE-2012-3386:
+       @prohibit='chmod a\+w \$$\(distdir\)'                           \
+       in_files=(^\|/)Makefile\\.in$$                                  \
+       halt=$$(printf '%s\n'                                           \
+         'the above files are vulnerable; beware of running'           \
+         '  "make distcheck", and upgrade to fixed automake'           \
+         '  see http://bugzilla.redhat.com/CVE-2012-3386 for details') \
+         $(_sc_search_regexp)
+
 vc-diff-check:
        (unset CDPATH; cd $(srcdir) && $(VC) diff) > vc-diffs || :
        if test -s vc-diffs; then                               \