[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Automake-commit] [SCM] GNU Automake branch, branch-1-7, updated. Releas
|
From: |
Ralf Wildenhues |
|
Subject: |
[Automake-commit] [SCM] GNU Automake branch, branch-1-7, updated. Release-1-7-9-6-g2615316 |
|
Date: |
Tue, 08 Dec 2009 22:12:27 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Automake".
http://git.sv.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=2615316a65e5bccf923ede6269d9898d0379be25
The branch, branch-1-7 has been updated
via 2615316a65e5bccf923ede6269d9898d0379be25 (commit)
via 39a251ea236c055aa93781bf90ebc526c2345217 (commit)
from 49be1ea55bf360b5cf671da0b5a59eb3acb9b2c3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2615316a65e5bccf923ede6269d9898d0379be25
Author: Ralf Wildenhues <address@hidden>
Date: Tue Dec 8 22:33:21 2009 +0100
Update NEWS.
* NEWS: Update.
Signed-off-by: Ralf Wildenhues <address@hidden>
commit 39a251ea236c055aa93781bf90ebc526c2345217
Author: Jim Meyering <address@hidden>
Date: Tue Dec 1 22:07:45 2009 +0100
do not put world-writable directories in distribution tarballs
* lib/am/distdir.am (distdir): Do not make all directories
group- or world-writable. Instead, use 755.
* NEWS: Update.
Signed-off-by: Ralf Wildenhues <address@hidden>
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 11 +++++++++++
Makefile.in | 3 ++-
NEWS | 6 ++++++
lib/am/distdir.am | 9 +++------
4 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 3fdd60f..a061b45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2009-12-08 Ralf Wildenhues <address@hidden>
+
+ * NEWS: Update.
+
+2009-11-28 Jim Meyering <address@hidden>
+
+ do not put world-writable directories in distribution tarballs
+ * lib/am/distdir.am (distdir): Do not make all directories
+ group- or world-writable. Instead, use 755.
+ * NEWS: Update.
+
2003-11-19 Alexandre Duret-Lutz <address@hidden>
* lib/am/configure.am (%MAKEFILE%): Remove %MAINTAINER-MODE%,
diff --git a/Makefile.in b/Makefile.in
index a377d77..03c38bc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -472,7 +472,8 @@ distdir: $(DISTFILES)
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$(top_distdir)" distdir="$(distdir)" \
dist-info
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ -find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {}
\; \
diff --git a/NEWS b/NEWS
index d0593d3..11eab23 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,9 @@
+Bugs fixed in 1.7.9a:
+* The distribution is tarred up with mode 755 now by the `dist*' targets.
+ This fixes a race condition where untrusted users could modify files
+ in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel
+ build directory was world-searchable. This is CVE-2009-4029.
+�
Bugs fixed in 1.7.9:
* Fix install-strip to work with nobase_ binaries.
* Fix renaming of #line directives in ylwrap.
diff --git a/lib/am/distdir.am b/lib/am/distdir.am
index 3fa7074..d27467c 100644
--- a/lib/am/distdir.am
+++ b/lib/am/distdir.am
@@ -181,11 +181,7 @@ if %?DIST-TARGETS%
endif %?DIST-TARGETS%
##
## This complex find command will try to avoid changing the modes of
-## links into the source tree, in case they're hard-linked. It will
-## also make directories writable by everybody, because some
-## brain-dead tar implementations change ownership and permissions of
-## a directory before extracting the files, thus becoming unable to
-## extract them.
+## links into the source tree, in case they're hard-linked.
##
## Ignore return result from chmod, because it might give an error
## if we chmod a symlink.
@@ -198,7 +194,8 @@ endif %?DIST-TARGETS%
## the file in place in the source tree.
##
if %?TOPDIR_P%
- -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+ -find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {}
\; \
hooks/post-receive
--
GNU Automake
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Automake-commit] [SCM] GNU Automake branch, branch-1-7, updated. Release-1-7-9-6-g2615316,
Ralf Wildenhues <=