--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/automake/automake-1.9.6/patches/00-CVE-2009-4029.patch Sun Mar 13 16:12:25 2011 -0700
@@ -0,0 +1,41 @@
+diff --git a/Makefile.in b/Makefile.in
+index 68d236d..b7aa318 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -415,7 +415,8 @@ distdir: $(DISTFILES)
+ || exit 1; \
+ fi; \
+ done
+- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
++ -find "$(distdir)" -type d ! -perm -755 \
++ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+diff --git a/lib/am/distdir.am b/lib/am/distdir.am
+index 151f5f0..b64b2de 100644
+--- a/lib/am/distdir.am
++++ b/lib/am/distdir.am
+@@ -192,11 +192,7 @@ if %?DIST-TARGETS%
+ endif %?DIST-TARGETS%
+ ##
+ ## This complex find command will try to avoid changing the modes of
+-## links into the source tree, in case they're hard-linked. It will
+-## also make directories writable by everybody, because some
+-## brain-dead tar implementations change ownership and permissions of
+-## a directory before extracting the files, thus becoming unable to
+-## extract them.
++## links into the source tree, in case they're hard-linked.
+ ##
+ ## Ignore return result from chmod, because it might give an error
+ ## if we chmod a symlink.
+@@ -209,7 +205,8 @@ endif %?DIST-TARGETS%
+ ## the file in place in the source tree.
+ ##
+ if %?TOPDIR_P%
+- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
++ -find "$(distdir)" -type d ! -perm -755 \
++ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \