As I wrote the original version of that rule, I realized that running it in the presence of a maliciously named sub-directory containing a .cvsignore file could result in arbitrary damage. This fixes it at the expense of embedding a Perl script in the Makefile. Rather ugly, when you take into account the original, doubled $$, and appended \n\ everywhere, but slightly better than having a separate script, I thought. Anyhow, most people will never run the rule, and even fewer will look at the sources in this file. From: Jim Meyering <meyering(a)redhat.com&gt; Date: Fri, 17 Oct 2008 14:03:21 +0200 Subject: [PATCH] Makefile.maint (sync-vcs-ignore-files): avoid risk of abuse * Makefile.maint (sync-vcs-ignore-files): Rewrite rule so that it won't misbehave even with maliciously-named sub-directories. --- ChangeLog | 4 ++++ Makefile.maint | 30 +++++++++++++++++++++++------- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 719b05c..3c678fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ Fri Oct 17 11:58:31 +0200 Jim Meyering <meyering(a)redhat.com&gt; + Makefile.maint (sync-vcs-ignore-files): avoid risk of abuse + * Makefile.maint (sync-vcs-ignore-files): Rewrite rule so that + it won't misbehave even with maliciously-named sub-directories. + generate .gitignore files from .cvsignore ones * Makefile.maint (sync-vcs-ignore-files): New target. Prompted by a patch from James Morris. diff --git a/Makefile.maint b/Makefile.maint index 441deac..d856469 100644 --- a/Makefile.maint +++ b/Makefile.maint @@ -608,11 +608,27 @@ my-distcheck: $(local-check) check echo "$(distdir).tar.gz is ready for distribution"; \ echo "========================" -gi=.gitignore +cvs-to-git = '\#!/usr/bin/perl\n\ +use warnings;\n\ +use strict;\n\ +use File::Find;\n\ +use File::Copy;\n\ +\n\ +find ({wanted =>\n\ + sub {$$_ eq q/.cvsignore/ or return;\n\ + my $$gi = q/.gitignore/;\n\ + unlink $$gi;\n\ + copy($$_, $$gi) or die qq/copy failed: $$_->$$gi: $$!\\n/;\n\ + chmod 0444, $$gi;\n\ + }},\n\ + q!.!);\n' + +.PHONY: sync-vcs-ignore-files +c2g = cvs-to-git sync-vcs-ignore-files: - find . -name .cvsignore \ - | sed \ - -e 's,\(.*\),cp -f \1 \1; chmod 444 \1,' \ - -e 's,\.cvsignore; ,$(gi); ,' \ - -e 's,\.cvsignore$$,$(gi),' \ - | $(SHELL) + rm -f $(c2g)-t $(c2g) + printf $(cvs-to-git) > $(c2g)-t + chmod a+x-w $(c2g)-t + mv $(c2g)-t $(c2g) + perl $(c2g) + rm -f $(c2g) -- 1.6.0.2.532.g84ed4c