Bug#681118: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1

Sun, 29 Jul 2012 20:39:18 -0700 

Proposed stable update for automake1.9.

-- 
Eric Dorland <e...@kuroneko.ca>
ICQ: #61138586, Jabber: ho...@jabber.com


diff -u automake1.9-1.9.6+nogfdl/Makefile.in 
automake1.9-1.9.6+nogfdl/Makefile.in
--- automake1.9-1.9.6+nogfdl/Makefile.in
+++ automake1.9-1.9.6+nogfdl/Makefile.in
@@ -408,7 +408,8 @@
              || exit 1; \
          fi; \
        done
-       -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+       -find "$(distdir)" -type d ! -perm -755 \
+               -exec chmod u+rwx,go+rx {} \; -o \
          ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} 
\; \
diff -u automake1.9-1.9.6+nogfdl/debian/changelog 
automake1.9-1.9.6+nogfdl/debian/changelog
--- automake1.9-1.9.6+nogfdl/debian/changelog
+++ automake1.9-1.9.6+nogfdl/debian/changelog
@@ -1,3 +1,12 @@
+automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fixed CVE-2009-4029: do not assign insecure permissions to directories in
+    build tree.
+
+
+ -- Giuseppe Iuculano <iucul...@debian.org>  Mon, 08 Mar 2010 23:29:32 +0100
+
 automake1.9 (1.9.6+nogfdl-3) unstable; urgency=low
 
   * debian/automake1.9.postinst: Bump the priority above automake1.10 at
only in patch2:
unchanged:
--- automake1.9-1.9.6+nogfdl.orig/lib/am/distdir.am
+++ automake1.9-1.9.6+nogfdl/lib/am/distdir.am
@@ -192,11 +192,7 @@
 endif %?DIST-TARGETS%
 ##
 ## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked.  It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
 ##
 ## Ignore return result from chmod, because it might give an error
 ## if we chmod a symlink.
@@ -209,7 +205,8 @@
 ## the file in place in the source tree.
 ##
 if %?TOPDIR_P%
-       -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+       -find "$(distdir)" -type d ! -perm -755 \
+               -exec chmod u+rwx,go+rx {} \; -o \
          ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
          ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} 
\; \

Attachment: signature.asc
Description: Digital signature

Reply via email to