--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/automake/automake-1.9.6/patches/01-CVE-2012-3386.patch Tue Jul 10 06:17:26 2012 -0700
@@ -0,0 +1,28 @@
+--- automake-1.9.6/NEWS.orig 2012-07-10 06:12:38.489800299 -0700
++++ automake-1.9.6/NEWS 2012-07-10 06:14:03.125841286 -0700
+@@ -1,5 +1,14 @@
+ Bugs fixed in 1.9.6:
+
++* SECURITY VULNERABILITIES!
++
++ - The recipe of the 'distcheck' no longer grants anymore temporary
++ world-wide write permissions on the extracted distdir. Even if such
++ rights were only granted for a vanishingly small time window, the
++ implied race condition proved to be enough to allow a local attacker
++ to run arbitrary code with the privileges of the user running "make
++ distcheck". This is CVE-2012-3386.
++
+ * Longstanding bugs:
+
+ - Correctly diagnose `#' comments following trailing backslash.
+--- automake-1.9.6/lib/am/distdir.am.orig 2012-07-10 06:14:39.013442021 -0700
++++ automake-1.9.6/lib/am/distdir.am 2012-07-10 06:14:55.178227715 -0700
+@@ -323,7 +323,7 @@
+ ## Make the new source tree read-only. Distributions ought to work in
+ ## this case. However, make the top-level directory writable so we
+ ## can make our new subdirs.
+- chmod -R a-w $(distdir); chmod a+w $(distdir)
++ chmod -R a-w $(distdir); chmod u+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ ## Undo the write access.