bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: maintainer-makefile: quoting

From: Simon Josefsson
Subject: Re: maintainer-makefile: quoting
Date: Tue, 07 Aug 2012 08:49:31 +0200
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) 
Jim Meyering <address@hidden> writes:

> Adding quotes is the solution, but you must then remove
> one layer of backslash quoting:

Of course, thank you.  What I was mostly surprised about was that nobody
else had run into this.  I suppose bash doesn't trigger the problem.  So
is this a problem with dash, or was the code assuming non-POSIX
behaviour?

I'll push the patch shortly, if you haven't done so.

/Simon

> diff --git a/top/maint.mk b/top/maint.mk
> index f42c199..a2b0b8d 100644
> --- a/top/maint.mk
> +++ b/top/maint.mk
> @@ -1222,7 +1222,7 @@ sc_prohibit_path_max_allocation:
>
>  sc_vulnerable_makefile_CVE-2009-4029:
>       @prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
> -     in_files=(^\|/)Makefile\\.in$$                                  \
> +     in_files='(^|/)Makefile\.in$$'                                  \
>       halt=$$(printf '%s\n'                                           \
>         'the above files are vulnerable; beware of running'           \
>         '  "make dist*" rules, and upgrade to fixed automake'         \
> @@ -1231,7 +1231,7 @@ sc_vulnerable_makefile_CVE-2009-4029:
>
>  sc_vulnerable_makefile_CVE-2012-3386:
>       @prohibit='chmod a\+w \$$\(distdir\)'                           \
> -     in_files=(^\|/)Makefile\\.in$$                                  \
> +     in_files='(^|/)Makefile\.in$$'                                  \
>       halt=$$(printf '%s\n'                                           \
>         'the above files are vulnerable; beware of running'           \
>         '  "make distcheck", and upgrade to fixed automake'           \
reply via email to
[Prev in Thread] Current Thread [Next in Thread]