Makefile.maint (sync-vcs-ignore-files): avoid risk of abuse

* Makefile.maint (sync-vcs-ignore-files): Rewrite rule so that it won't misbehave even with maliciously-named sub-directories.
2024-07-11 04:15:49 +00:00 · 2008-10-17 12:04:27 +00:00 · 2008-10-17 12:04:27 +00:00 · 444efaa4a7
commit 444efaa4a7
parent 164fbbd6e6
2 changed files with 27 additions and 7 deletions
--- a/4
+++ b/4
@ -1,5 +1,9 @@
 Fri Oct 17 11:58:31 +0200 Jim Meyering <meyering@redhat.com>

+	Makefile.maint (sync-vcs-ignore-files): avoid risk of abuse
+	* Makefile.maint (sync-vcs-ignore-files): Rewrite rule so that
+	it won't misbehave even with maliciously-named sub-directories.
+
 	generate .gitignore files from .cvsignore ones
 	* Makefile.maint (sync-vcs-ignore-files): New target.
 	Prompted by a patch from James Morris.
--- a/Makefile.maint
+++ b/Makefile.maint
@ -608,11 +608,27 @@ my-distcheck: $(local-check) check
 	echo "$(distdir).tar.gz is ready for distribution"; \
 	echo "========================"

-gi=.gitignore
+cvs-to-git = '\#!/usr/bin/perl\n\
+use warnings;\n\
+use strict;\n\
+use File::Find;\n\
+use File::Copy;\n\
+\n\
+find ({wanted =>\n\
+       sub {$$_ eq q/.cvsignore/ or return;\n\
+	    my $$gi = q/.gitignore/;\n\
+	    unlink $$gi;\n\
+	    copy($$_, $$gi) or die qq/copy failed: $$_->$$gi: $$!\\n/;\n\
+	    chmod 0444, $$gi;\n\
+	    }},\n\
+      q!.!);\n'
+
+.PHONY: sync-vcs-ignore-files
+c2g = cvs-to-git
 sync-vcs-ignore-files:
-	find . -name .cvsignore				\
-	  | sed						\
-	    -e 's,\(.*\),cp -f \1 \1; chmod 444 \1,'	\
-	    -e 's,\.cvsignore; ,$(gi); ,'		\
-	    -e 's,\.cvsignore$$,$(gi),'			\
-	  | $(SHELL)
+	rm -f $(c2g)-t $(c2g)
+	printf $(cvs-to-git) > $(c2g)-t
+	chmod a+x-w $(c2g)-t
+	mv $(c2g)-t $(c2g)
+	perl $(c2g)
+	rm -f $(c2g)