+2012-07-09 Jim Meyering <meyering@redhat.com>
+
+ maint.mk: _sc_search_regexp, sc_vulnerable_makefile_CVE-2009-4029: fix
+ Bugs in both of those conspired to make the
+ sc_vulnerable_makefile_CVE-2009-4029 rule 99% useless.
+ _sc_search_regexp's handling of non-empty $in_files would filter
+ out any offending file names. sc_vulnerable_makefile_CVE-2009-4029's
+ choice of in_files value meant there would be no match in most
+ projects, due to the presence of two or more Makefile.in files.
+ * top/maint.mk (_sc_search_regexp) [in_vc_files,in_files]: Clarify.
+ Fix a bug in how a non-empty $$in_files was processed:
+ (sc_vulnerable_makefile_CVE-2009-4029): Fix erroneous use of in_files:
+ in spite of the name, it's a regexp, not a list of file names.
+
2012-07-09 Paul Eggert <eggert@cs.ucla.edu>
getloadavg, getopt: fix commentary re configure.in
#
# in_vc_files | in_files
#
-# grep-E-style regexp denoting the files to check. If no files
-# are specified the default are all the files that are under
-# version control.
+# grep-E-style regexp selecting the files to check. For in_vc_files,
+# the regexp is used to select matching files from the list of all
+# version-controlled files; for in_files, it's from the names printed
+# by "find $(srcdir)". When neither is specified, use all files that
+# are under version control.
#
# containing | non_containing
#
: Filter by file name; \
if test -n "$$in_files"; then \
files=$$(find $(srcdir) | grep -E "$$in_files" \
- | grep -Ev '$(exclude_file_name_regexp--$@)'); \
+ | grep -Ev '$(_sc_excl)'); \
else \
files=$$($(VC_LIST_EXCEPT)); \
if test -n "$$in_vc_files"; then \
sc_vulnerable_makefile_CVE-2009-4029:
@prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
- in_files=$$(find $(srcdir) -name Makefile.in) \
+ in_files=(^\|/)Makefile\\.in$$ \
halt=$$(printf '%s\n' \
'the above files are vulnerable; beware of running' \
' "make dist*" rules, and upgrade to fixed automake' \