diff -r 9f3b963d8baa -r eec41ee6c6ad components/automake/automake-1.9.6/patches/01-CVE-2012-3386.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/automake/automake-1.9.6/patches/01-CVE-2012-3386.patch	Tue Jul 10 06:17:26 2012 -0700
@@ -0,0 +1,28 @@
+--- automake-1.9.6/NEWS.orig	2012-07-10 06:12:38.489800299 -0700
++++ automake-1.9.6/NEWS	2012-07-10 06:14:03.125841286 -0700
+@@ -1,5 +1,14 @@
+ Bugs fixed in 1.9.6:
+ 
++* SECURITY VULNERABILITIES!
++
++  - The recipe of the 'distcheck' no longer grants anymore temporary
++    world-wide write permissions on the extracted distdir.  Even if such
++    rights were only granted for a vanishingly small time window, the
++    implied race condition proved to be enough to allow a local attacker
++    to run arbitrary code with the privileges of the user running "make
++    distcheck".  This is CVE-2012-3386.
++
+ * Longstanding bugs:
+ 
+   - Correctly diagnose `#' comments following trailing backslash.
+--- automake-1.9.6/lib/am/distdir.am.orig	2012-07-10 06:14:39.013442021 -0700
++++ automake-1.9.6/lib/am/distdir.am	2012-07-10 06:14:55.178227715 -0700
+@@ -323,7 +323,7 @@
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.