From: Jim Meyering <meyering@redhat.com>
Date: Sat, 28 Nov 2009 20:05:33 +0000 (+0100)
Subject: do not put world-writable directories in distribution tarballs
X-Git-Tag: v1.11.1~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efb6899421e6a581445c3ed9ee7ff768975489ef;p=thirdparty%2Fautomake.git

do not put world-writable directories in distribution tarballs

* lib/am/distdir.am (distdir): Do not make all directories
group- or world-writable.  Instead, use 755.
* tests/subpkg4.test (test-distdir-is-readable): Check for new,
more restricted permissions.
---

diff --git a/ChangeLog b/ChangeLog
index 37168e59c..ca526c80b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-11-28  Jim Meyering  <meyering@redhat.com>
+
+	do not put world-writable directories in distribution tarballs
+	* lib/am/distdir.am (distdir): Do not make all directories
+	group- or world-writable.  Instead, use 755.
+	* tests/subpkg4.test (test-distdir-is-readable): Check for new,
+	more restricted permissions.
+
 2009-11-29  Karl Berry  <karl@freefriends.org>
 
 	Rewrite `gnupload --help' examples.
diff --git a/Makefile.in b/Makefile.in
index 6db5f7d74..1e626b1c4 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -570,7 +570,8 @@ distdir: $(DISTFILES)
 	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
 	  dist-hook
 	-test -n "$(am__skip_mode_fix)" \
-	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	|| find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index e3294fbbc..dcaed5ef0 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -279,11 +279,7 @@ if %?DIST-TARGETS%
 endif %?DIST-TARGETS%
 ##
 ## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked.  It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
 ##
 ## Ignore return result from chmod, because it might give an error
 ## if we chmod a symlink.
@@ -301,7 +297,8 @@ endif %?DIST-TARGETS%
 ##
 if %?TOPDIR_P%
 	-test -n "$(am__skip_mode_fix)" \
-	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	|| find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
diff --git a/tests/subpkg4.test b/tests/subpkg4.test
index 8e8371bae..1a6835a91 100755
--- a/tests/subpkg4.test
+++ b/tests/subpkg4.test
@@ -24,7 +24,7 @@ set -e
 cat >Makefile.am <<'END'
 SUBDIRS = subpkg
 test-distdir-is-readable:
-	bad_dirs=`find $(distdir) -type d ! -perm -777 -print`; \
+	bad_dirs=`find $(distdir) -type d ! -perm -755 -print`; \
 	if test -n "$$bad_dirs"; then \
 	  echo "directories not permissive: $$bad_dirs" >&2; \
 	  exit 1; \