From 2eb5a8a0ff8348149a9ca985e2ccbfb03bc8de53 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Thu, 28 Jan 2010 09:37:12 +0100
Subject: [PATCH] maint: add a syntax-check rule to check for vulnerable
 Makefile.in

* top/maint.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
---
 ChangeLog    |  5 +++++
 top/maint.mk | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 25159f142..8b5597f0d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-01-28  Jim Meyering  <meyering@redhat.com>
+
+	maint: add a syntax-check rule to check for vulnerable Makefile.in
+	* top/maint.mk (sc_vulnerable_makefile_CVE-2009-4029): New rule.
+
 2010-01-27  Jim Meyering  <meyering@redhat.com>
 
 	ncftpput-ftp: clean up spaces
diff --git a/top/maint.mk b/top/maint.mk
index d384ca62b..f9eed6aa5 100644
--- a/top/maint.mk
+++ b/top/maint.mk
@@ -726,6 +726,19 @@ sc_Wundef_boolean:
 	@grep -Ei '^#define.*(yes|no|true|false)$$' '$(CONFIG_INCLUDE)' && \
 	  { echo 'Use 0 or 1 for macro values' 1>&2; exit 1; } || :
 
+sc_vulnerable_makefile_CVE-2009-4029:
+	@files=$$(find $(srcdir) -name Makefile.in);			\
+	if test -n "$$files"; then					\
+	  grep -E							\
+	    'perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)'	\
+	    $$files &&							\
+	  { echo '$(ME): the above files are vulnerable; beware of'	\
+	    'running "make dist*" rules, and upgrade to fixed automake'	\
+	    'see http://bugzilla.redhat.com/542609 for details'		\
+		1>&2; exit 1; } || :;					\
+	else :;								\
+	fi
+
 vc-diff-check:
 	(unset CDPATH; cd $(srcdir) && $(VC) diff) > vc-diffs || :
 	if test -s vc-diffs; then				\
-- 
2.11.0