Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-devel/automake/files/automake-1.5-CVE-2009-4029.patch
blob: d91139b30178e87763a7ae9f643676bb3c4f7d3e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

http://bugs.gentoo.org/295357

From b1c42762931e9cd03aee3e4b4284dc2920c9eabc Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 1 Dec 2009 22:48:15 +0100
Subject: [PATCH 1/1] do not put world-writable directories in distribution tarballs

* lib/am/distdir.am (distdir): Do not make all directories
group- or world-writable.  Instead, use 755.

Signed-off-by: Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
---
 Makefile.in       |    3 ++-
 lib/am/distdir.am |    9 +++------
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index ebbfd2f..76991db 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -379,7 +379,8 @@ distdir: $(DISTFILES)
 	$(MAKE) $(AM_MAKEFLAGS) \
 	  top_distdir="${top_distdir}" distdir="$(distdir)" \
 	  dist-info
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index e808966..0a01c4e 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -127,11 +127,7 @@ if %?DIST-TARGETS%
 endif %?DIST-TARGETS%
 ##
 ## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked.  It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
 ##
 ## Ignore return result from chmod, because it might give an error
 ## if we chmod a symlink.
@@ -144,7 +140,8 @@ endif %?DIST-TARGETS%
 ## the file in place in the source tree.
 ##
 if %?TOPDIR_P%
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
-- 
1.6.5.4