From: Jim Meyering <meyering@redhat.com>
Date: Mon, 9 Jul 2012 14:24:00 +0000 (+0200)
Subject: maint.mk: add sc_vulnerable_makefile_CVE-2012-3386
X-Git-Tag: v0.1~549
X-Git-Url: http://erislabs.net/gitweb/?p=gnulib.git;a=commitdiff_plain;h=48fe477c9008efadab8cf8c0c3240d824c12a8b9

maint.mk: add sc_vulnerable_makefile_CVE-2012-3386

* top/maint.mk (sc_vulnerable_makefile_CVE-2012-3386): New rule.
---

diff --git a/ChangeLog b/ChangeLog
index c3da46bfd..c64223043 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2012-07-09  Jim Meyering  <meyering@redhat.com>
 
+	maint.mk: add sc_vulnerable_makefile_CVE-2012-3386
+	* top/maint.mk (sc_vulnerable_makefile_CVE-2012-3386): New rule.
+
 	maint.mk: _sc_search_regexp, sc_vulnerable_makefile_CVE-2009-4029: fix
 	Bugs in both of those conspired to make the
 	sc_vulnerable_makefile_CVE-2009-4029 rule 99% useless.
diff --git a/top/maint.mk b/top/maint.mk
index 2361d00a0..002398975 100644
--- a/top/maint.mk
+++ b/top/maint.mk
@@ -1223,6 +1223,15 @@ sc_vulnerable_makefile_CVE-2009-4029:
 	  '  see http://bugzilla.redhat.com/542609 for details')	\
 	  $(_sc_search_regexp)
 
+sc_vulnerable_makefile_CVE-2012-3386:
+	@prohibit='chmod a\+w \$$\(distdir\)'				\
+	in_files=(^\|/)Makefile\\.in$$					\
+	halt=$$(printf '%s\n'						\
+	  'the above files are vulnerable; beware of running'		\
+	  '  "make distcheck", and upgrade to fixed automake'		\
+	  '  see http://bugzilla.redhat.com/CVE-2012-3386 for details')	\
+	  $(_sc_search_regexp)
+
 vc-diff-check:
 	(unset CDPATH; cd $(srcdir) && $(VC) diff) > vc-diffs || :
 	if test -s vc-diffs; then				\