debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1

To: debian-release@lists.debian.org
Cc: 681118@bugs.debian.org, jmw@debian.org
Subject: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
From: Eric Dorland <eric@debian.org>
Date: Sun, 29 Jul 2012 23:24:11 -0400
Message-id: <20120730032411.GH2917@gambit>
Mail-followup-to: debian-release@lists.debian.org, 681118@bugs.debian.org, jmw@debian.org

Proposed stable update for automake1.9.

-- 
Eric Dorland <eric@kuroneko.ca>
ICQ: #61138586, Jabber: hooty@jabber.com

diff -u automake1.9-1.9.6+nogfdl/Makefile.in automake1.9-1.9.6+nogfdl/Makefile.in
--- automake1.9-1.9.6+nogfdl/Makefile.in
+++ automake1.9-1.9.6+nogfdl/Makefile.in
@@ -408,7 +408,8 @@
 	      || exit 1; \
 	  fi; \
 	done
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
diff -u automake1.9-1.9.6+nogfdl/debian/changelog automake1.9-1.9.6+nogfdl/debian/changelog
--- automake1.9-1.9.6+nogfdl/debian/changelog
+++ automake1.9-1.9.6+nogfdl/debian/changelog
@@ -1,3 +1,12 @@
+automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fixed CVE-2009-4029: do not assign insecure permissions to directories in
+    build tree.
+
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 08 Mar 2010 23:29:32 +0100
+
 automake1.9 (1.9.6+nogfdl-3) unstable; urgency=low
 
   * debian/automake1.9.postinst: Bump the priority above automake1.10 at
only in patch2:
unchanged:
--- automake1.9-1.9.6+nogfdl.orig/lib/am/distdir.am
+++ automake1.9-1.9.6+nogfdl/lib/am/distdir.am
@@ -192,11 +192,7 @@
 endif %?DIST-TARGETS%
 ##
 ## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked.  It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
 ##
 ## Ignore return result from chmod, because it might give an error
 ## if we chmod a symlink.
@@ -209,7 +205,8 @@
 ## the file in place in the source tree.
 ##
 if %?TOPDIR_P%
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Freeze exception for texlive-extra 2012.20120611-2
Next by Date: Re: Bits from the nippy Release Team
Previous by thread: Freeze exception for texlive-extra 2012.20120611-2
Next by thread: Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
Index(es):
- Date
- Thread