As I wrote the original version of that rule, I realized that running
it in the presence of a maliciously named sub-directory containing a
.cvsignore file could result in arbitrary damage. This fixes it at
the expense of embedding a Perl script in the Makefile. Rather ugly,
when you take into account the original, doubled $$, and appended \n\
everywhere, but slightly better than having a separate script, I thought.
Anyhow, most people will never run the rule, and even fewer will
look at the sources in this file.
>From f27c8d4e76e153356a1283462295b0d3ddac4f5c Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@xxxxxxxxxx>
Date: Fri, 17 Oct 2008 14:03:21 +0200
Subject: [PATCH] Makefile.maint (sync-vcs-ignore-files): avoid risk of abuse
* Makefile.maint (sync-vcs-ignore-files): Rewrite rule so that
it won't misbehave even with maliciously-named sub-directories.
---
ChangeLog | 4 ++++
Makefile.maint | 30 +++++++++++++++++++++++-------
2 files changed, 27 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 719b05c..3c678fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
Fri Oct 17 11:58:31 +0200 Jim Meyering <meyering@xxxxxxxxxx>
+ Makefile.maint (sync-vcs-ignore-files): avoid risk of abuse
+ * Makefile.maint (sync-vcs-ignore-files): Rewrite rule so that
+ it won't misbehave even with maliciously-named sub-directories.
+
generate .gitignore files from .cvsignore ones
* Makefile.maint (sync-vcs-ignore-files): New target.
Prompted by a patch from James Morris.
diff --git a/Makefile.maint b/Makefile.maint
index 441deac..d856469 100644
--- a/Makefile.maint
+++ b/Makefile.maint
@@ -608,11 +608,27 @@ my-distcheck: $(local-check) check
echo "$(distdir).tar.gz is ready for distribution"; \
echo "========================"
-gi=.gitignore
+cvs-to-git = '\#!/usr/bin/perl\n\
+use warnings;\n\
+use strict;\n\
+use File::Find;\n\
+use File::Copy;\n\
+\n\
+find ({wanted =>\n\
+ sub {$$_ eq q/.cvsignore/ or return;\n\
+ my $$gi = q/.gitignore/;\n\
+ unlink $$gi;\n\
+ copy($$_, $$gi) or die qq/copy failed: $$_->$$gi: $$!\\n/;\n\
+ chmod 0444, $$gi;\n\
+ }},\n\
+ q!.!);\n'
+
+.PHONY: sync-vcs-ignore-files
+c2g = cvs-to-git
sync-vcs-ignore-files:
- find . -name .cvsignore \
- | sed \
- -e 's,\(.*\),cp -f \1 \1; chmod 444 \1,' \
- -e 's,\.cvsignore; ,$(gi); ,' \
- -e 's,\.cvsignore$$,$(gi),' \
- | $(SHELL)
+ rm -f $(c2g)-t $(c2g)
+ printf $(cvs-to-git) > $(c2g)-t
+ chmod a+x-w $(c2g)-t
+ mv $(c2g)-t $(c2g)
+ perl $(c2g)
+ rm -f $(c2g)
--
1.6.0.2.532.g84ed4c
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list