[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: maintainer-makefile: quoting
From: |
Simon Josefsson |
Subject: |
Re: maintainer-makefile: quoting |
Date: |
Tue, 07 Aug 2012 08:49:31 +0200 |
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
Jim Meyering <address@hidden> writes:
> Adding quotes is the solution, but you must then remove
> one layer of backslash quoting:
Of course, thank you. What I was mostly surprised about was that nobody
else had run into this. I suppose bash doesn't trigger the problem. So
is this a problem with dash, or was the code assuming non-POSIX
behaviour?
I'll push the patch shortly, if you haven't done so.
/Simon
> diff --git a/top/maint.mk b/top/maint.mk
> index f42c199..a2b0b8d 100644
> --- a/top/maint.mk
> +++ b/top/maint.mk
> @@ -1222,7 +1222,7 @@ sc_prohibit_path_max_allocation:
>
> sc_vulnerable_makefile_CVE-2009-4029:
> @prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
> - in_files=(^\|/)Makefile\\.in$$ \
> + in_files='(^|/)Makefile\.in$$' \
> halt=$$(printf '%s\n' \
> 'the above files are vulnerable; beware of running' \
> ' "make dist*" rules, and upgrade to fixed automake' \
> @@ -1231,7 +1231,7 @@ sc_vulnerable_makefile_CVE-2009-4029:
>
> sc_vulnerable_makefile_CVE-2012-3386:
> @prohibit='chmod a\+w \$$\(distdir\)' \
> - in_files=(^\|/)Makefile\\.in$$ \
> + in_files='(^|/)Makefile\.in$$' \
> halt=$$(printf '%s\n' \
> 'the above files are vulnerable; beware of running' \
> ' "make distcheck", and upgrade to fixed automake' \