rpms/automake17/devel automake-1.7.9-CVE-2009-4029.patch, NONE, 1.1 automake17.spec, 1.17, 1.18

Tue Feb 16 13:01:36 UTC 2010

Author: karsten

Update of /cvs/extras/rpms/automake17/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6046

Modified Files:
	automake17.spec 
Added Files:
	automake-1.7.9-CVE-2009-4029.patch 
Log Message:
- add fix for CVE-2009-4029

automake-1.7.9-CVE-2009-4029.patch:
 Makefile.in       |    2 +-
 lib/am/distdir.am |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE automake-1.7.9-CVE-2009-4029.patch ---
diff -urN automake-1.7.9.old/lib/am/distdir.am automake-1.7.9/lib/am/distdir.am
--- automake-1.7.9.old/lib/am/distdir.am	2003-06-04 21:23:26.000000000 +0200
+++ automake-1.7.9/lib/am/distdir.am	2010-02-16 14:04:04.000000000 +0100
@@ -198,7 +198,7 @@
 ## the file in place in the source tree.
 ##
 if %?TOPDIR_P%
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
diff -urN automake-1.7.9.old/Makefile.in automake-1.7.9/Makefile.in
--- automake-1.7.9.old/Makefile.in	2010-02-16 14:02:50.000000000 +0100
+++ automake-1.7.9/Makefile.in	2010-02-16 14:03:42.000000000 +0100
@@ -472,7 +472,7 @@
 	$(MAKE) $(AM_MAKEFLAGS) \
 	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
 	  dist-info
-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \


Index: automake17.spec
===================================================================
RCS file: /cvs/extras/rpms/automake17/devel/automake17.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -p -r1.17 -r1.18
--- automake17.spec	24 Jul 2009 17:38:50 -0000	1.17
+++ automake17.spec	16 Feb 2010 13:01:36 -0000	1.18
@@ -3,7 +3,7 @@
 Summary:    A GNU tool for automatically creating Makefiles
 Name:       automake17
 Version:    %{api_version}.9
-Release:    13
+Release:    13%{?dist}.1
 License:    GPLv2+ and MIT and OFSFDL
 Group:      Development/Tools
 Source:     ftp://ftp.gnu.org/gnu/automake/automake-%{version}.tar.bz2
@@ -12,6 +12,7 @@ Source11:   filter-requires-automake.sh
 #Patch0:     automake-1.7.9-dvi.patch
 Patch1:     automake-1.7.9-check.patch
 Patch2:     automake-1.7.9-info.patch
+Patch3:     automake-1.7.9-CVE-2009-4029.patch
 URL:        http://sources.redhat.com/automake
 Conflicts:  automake < 1.8
 Obsoletes:  automake < 1.8
@@ -45,6 +46,7 @@ has not yet been updated to work with la
 #patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 rm -f automake.info*
 mv automake.texi automake17.texi
 
@@ -95,6 +97,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %dir %{_datadir}/aclocal
 
 %changelog
+* Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.7.9-13.1
+- fix CVE-2009-4029
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.9-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 

