Security fix

2025-02-23 16:32:50 +00:00 · 2012-07-16 16:44:10 +04:00 · 2012-07-16 16:44:10 +04:00 · 318aa88b67
commit 318aa88b67
parent b05e0c03d9
2 changed files with 24 additions and 1 deletions
--- a/automake-1.11.1-CVE-2012-3386.diff
+++ b/automake-1.11.1-CVE-2012-3386.diff
@ -0,0 +1,14 @@
+
+http://thread.gmane.org/gmane.comp.sysutils.automake.patches/8572
+
+--- lib/am/distdir.am	2009-12-08 18:15:40.000000000 +0000
+++ lib/am/distdir.am.oden	2012-07-12 09:50:14.000000000 +0000
+@@ -441,7 +441,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.
--- a/automake.spec
+++ b/automake.spec
@ -1,5 +1,6 @@
 %define version 1.11.1
-%define release %mkrel 4
+%define subrel 1
+%define release %mkrel 5

 %define amversion 1.11

@ -13,6 +14,7 @@ Release:	%{release}
 License:	GPLv2+
 Group:		Development/Other
 Source0:	ftp://ftp.gnu.org/gnu/automake/automake-%{version}.tar.bz2
+Patch0:		automake-1.11.1-CVE-2012-3386.diff
 # Adds 'make dist-xz' target, backport from git
 URL:		http://sources.redhat.com/automake/
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
@ -53,6 +55,7 @@ Autoconf package.

 %prep
 %setup -q -n automake-%{version}
+%patch0 -p0 -b .CVE-2012-3386

 %build
 # (Abel) config* don't understand noarch-mandriva-linux-gnu arch
@ -121,6 +124,12 @@ fi


 %changelog
+* Mon Jul 16 2012 Danila Leontiev <danila.leontiev@rosalab.ru> 1.11.1-5.1
+- Rebuilded for ROSA
+
+* Thu Jul 12 2012 Oden Eriksson <oeriksson@mandriva.com> 1.11.1-3.1
+- P0: security fix for CVE-2012-3386
+
 * Mon May 02 2011 Oden Eriksson <oeriksson@mandriva.com> 1.11.1-3mdv2011.0
 + Revision: 662898
 - mass rebuild