PSARC/2016/217 Smartcard Reintroduction
PSARC/2016/232 CACkey Smartcard PKCS#11 provider
22822476 Add CACKey v0.7.4 to Userland consolidation
--- automake-1.11.2/NEWS.orig 2012-07-10 05:55:08.774803866 -0700
+++ automake-1.11.2/NEWS 2012-07-10 05:55:40.618794747 -0700
@@ -90,6 +90,15 @@
- The AM_COND_IF macro also works if the shell expression for the
conditional is no longer valid for the condition.
+* SECURITY VULNERABILITIES!
+
+ - The recipe of the 'distcheck' no longer grants anymore temporary
+ world-wide write permissions on the extracted distdir. Even if such
+ rights were only granted for a vanishingly small time window, the
+ implied race condition proved to be enough to allow a local attacker
+ to run arbitrary code with the privileges of the user running "make
+ distcheck". This is CVE-2012-3386.
+
* Long-standing bugs:
- The order of Yacc and Lex flags is fixed to be consistent with other
--- automake-1.11.2/lib/am/distdir.am.orig 2012-07-10 05:57:02.481964158 -0700
+++ automake-1.11.2/lib/am/distdir.am 2012-07-10 05:57:54.509361759 -0700
@@ -441,7 +441,7 @@
## Make the new source tree read-only. Distributions ought to work in
## this case. However, make the top-level directory writable so we
## can make our new subdirs.
- chmod -R a-w $(distdir); chmod a+w $(distdir)
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
mkdir $(distdir)/_build
mkdir $(distdir)/_inst
## Undo the write access.