From fdd22bbdd25429dfda4b7550ba8ee43edbfcd904 Mon Sep 17 00:00:00 2001
From: Alexandre Duret-Lutz <adl@gnu.org>
Date: Sun, 29 Feb 2004 16:26:12 +0000
Subject: [PATCH] Fix for PR/413: * lib/am/distdir.am (distcheck): Create
 $dc_destdir with `umask 077 && mkdir' instead of `$(mkdir_p)'.  This prevents
 possible symlink attacks reported by Stefan Nordhausen.

---
 ChangeLog         | 7 +++++++
 Makefile.in       | 2 +-
 THANKS            | 1 +
 lib/am/distdir.am | 5 +++--
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 979cfef8..a9071376 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-29  Alexandre Duret-Lutz  <adl@gnu.org>
+
+	Fix for PR/413:
+	* lib/am/distdir.am (distcheck): Create $dc_destdir with `umask
+	077 && mkdir' instead of `$(mkdir_p)'.  This prevents possible
+	symlink attacks reported by Stefan Nordhausen.
+
 2004-02-16  Alexandre Duret-Lutz  <adl@gnu.org>
 
 	* doc/automake.texi (Multiple Outputs): More text, based on
diff --git a/Makefile.in b/Makefile.in
index d0637081..de8722e3 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -450,7 +450,7 @@ distcheck: dist
 	        distuninstallcheck \
 	  && chmod -R a-w "$$dc_install_base" \
 	  && ({ \
-	       (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
diff --git a/THANKS b/THANKS
index 1a2b8965..cbdf7dd6 100644
--- a/THANKS
+++ b/THANKS
@@ -225,6 +225,7 @@ Shuhei Amakawa		sa264@cam.ac.uk
 Shigio Yamaguchi	shigio@tamacom.com
 Simon Josefsson		jas@extundo.com
 Simon Richter		sjr@debian.org
+Stefan Nordhausen	nordhaus@informatik.hu-berlin.de
 Stepan Kasal		kasal@math.cas.cz
 Steve M. Robbins	steve@nyongwa.montreal.qc.ca
 Sven Verdoolaege	skimo@kotnet.org
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index 71ee7769..49311d35 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -357,8 +357,9 @@ distcheck: dist
 ## $(distdir) is).
 	  && ({ \
 ## Build the directory, so we can cd into it even if `make install'
-## didn't create it.
-	       (cd ../.. && $(mkdir_p) "$$dc_destdir") \
+## didn't create it.  Use mkdir, not $(mkdir_p) because we want to
+## fail if the directory already exists (PR/413).
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
 	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
-- 
2.43.5