calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ad3969e749'
${ noResults }
gentoo-overlay/sys-devel/automake/files/automake-1.8.5-CVE-2009-402...

61 lines
2.2 KiB
Raw Blame History

http://bugs.gentoo.org/295357
From 4331fc7423036e68a9e480fb0ff56934b5d2be0e Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 1 Dec 2009 22:07:45 +0100
Subject: [PATCH 1/1] do not put world-writable directories in distribution tarballs
* lib/am/distdir.am (distdir): Do not make all directories
group- or world-writable. Instead, use 755.
Signed-off-by: Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
---
Makefile.in | 3 ++-
lib/am/distdir.am | 9 +++------
4 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/Makefile.in b/Makefile.in
index f6971b4..c753eaa 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -389,7 +389,8 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ -find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index 0ed0593..91dbe6b 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -190,11 +190,7 @@ if %?DIST-TARGETS%
endif %?DIST-TARGETS%
##
## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked. It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
##
## Ignore return result from chmod, because it might give an error
## if we chmod a symlink.
@@ -207,7 +203,8 @@ endif %?DIST-TARGETS%
## the file in place in the source tree.
##
if %?TOPDIR_P%
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ -find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
--
1.6.5.4
Reference in new issue View Git Blame Copy Permalink