equal
deleted
inserted
replaced
|
1 --- automake-1.11.2/NEWS.orig 2012-07-10 05:55:08.774803866 -0700 |
|
2 +++ automake-1.11.2/NEWS 2012-07-10 05:55:40.618794747 -0700 |
|
3 @@ -90,6 +90,15 @@ |
|
4 - The AM_COND_IF macro also works if the shell expression for the |
|
5 conditional is no longer valid for the condition. |
|
6 |
|
7 +* SECURITY VULNERABILITIES! |
|
8 + |
|
9 + - The recipe of the 'distcheck' no longer grants anymore temporary |
|
10 + world-wide write permissions on the extracted distdir. Even if such |
|
11 + rights were only granted for a vanishingly small time window, the |
|
12 + implied race condition proved to be enough to allow a local attacker |
|
13 + to run arbitrary code with the privileges of the user running "make |
|
14 + distcheck". This is CVE-2012-3386. |
|
15 + |
|
16 * Long-standing bugs: |
|
17 |
|
18 - The order of Yacc and Lex flags is fixed to be consistent with other |
|
19 --- automake-1.11.2/lib/am/distdir.am.orig 2012-07-10 05:57:02.481964158 -0700 |
|
20 +++ automake-1.11.2/lib/am/distdir.am 2012-07-10 05:57:54.509361759 -0700 |
|
21 @@ -441,7 +441,7 @@ |
|
22 ## Make the new source tree read-only. Distributions ought to work in |
|
23 ## this case. However, make the top-level directory writable so we |
|
24 ## can make our new subdirs. |
|
25 - chmod -R a-w $(distdir); chmod a+w $(distdir) |
|
26 + chmod -R a-w $(distdir); chmod u+w $(distdir) |
|
27 mkdir $(distdir)/_build |
|
28 mkdir $(distdir)/_inst |
|
29 ## Undo the write access. |