Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
On Thu, 2012-08-09 at 02:29 -0400, Eric Dorland wrote: * Cyril Brulebois (k...@debian.org) wrote: Adam D. Barratt a...@adam-barratt.org.uk (31/07/2012): On 31.07.2012 04:12, Eric Dorland wrote: Thanks. Please go ahead. Regards, Adam I haven't seen a diff in p-u-NEW, hence this ping. ;) Sorry my main Debian box had a hard drive failure and I'm just piecing things back together from backups. I'll upload in the next couple of days. For the record, that was uploaded and has now been accepted in to p-u; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1344805401.2978.80.ca...@jacala.jungle.funky-badger.org
Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
* Cyril Brulebois (k...@debian.org) wrote: Hello Eric, not sure you got that mail (at least M-F-T said you didn't want a copy): Adam D. Barratt a...@adam-barratt.org.uk (31/07/2012): On 31.07.2012 04:12, Eric Dorland wrote: * Adam D. Barratt (a...@adam-barratt.org.uk) wrote: On Sun, 2012-07-29 at 23:24 -0400, Eric Dorland wrote: Proposed stable update for automake1.9. This looks like the patches that are already in stable? +automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high Err whoops, attached the wrong diff. Here's the right one. Thanks. Please go ahead. Regards, Adam I haven't seen a diff in p-u-NEW, hence this ping. ;) Sorry my main Debian box had a hard drive failure and I'm just piecing things back together from backups. I'll upload in the next couple of days. -- Eric Dorland e...@kuroneko.ca ICQ: #61138586, Jabber: ho...@jabber.com signature.asc Description: Digital signature
Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
Hello Eric, not sure you got that mail (at least M-F-T said you didn't want a copy): Adam D. Barratt a...@adam-barratt.org.uk (31/07/2012): On 31.07.2012 04:12, Eric Dorland wrote: * Adam D. Barratt (a...@adam-barratt.org.uk) wrote: On Sun, 2012-07-29 at 23:24 -0400, Eric Dorland wrote: Proposed stable update for automake1.9. This looks like the patches that are already in stable? +automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high Err whoops, attached the wrong diff. Here's the right one. Thanks. Please go ahead. Regards, Adam I haven't seen a diff in p-u-NEW, hence this ping. ;) Mraw, KiBi. signature.asc Description: Digital signature
Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
On 31.07.2012 04:12, Eric Dorland wrote: * Adam D. Barratt (a...@adam-barratt.org.uk) wrote: On Sun, 2012-07-29 at 23:24 -0400, Eric Dorland wrote: Proposed stable update for automake1.9. This looks like the patches that are already in stable? +automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high Err whoops, attached the wrong diff. Here's the right one. Thanks. Please go ahead. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2d9847362cc29eefc7595b912a215...@mail.adsl.funky-badger.org
Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
On Sun, 2012-07-29 at 23:24 -0400, Eric Dorland wrote: Proposed stable update for automake1.9. This looks like the patches that are already in stable? +automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1343671134.23068.8.ca...@jacala.jungle.funky-badger.org
Re: debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
* Adam D. Barratt (a...@adam-barratt.org.uk) wrote: On Sun, 2012-07-29 at 23:24 -0400, Eric Dorland wrote: Proposed stable update for automake1.9. This looks like the patches that are already in stable? +automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high Err whoops, attached the wrong diff. Here's the right one. -- Eric Dorland e...@kuroneko.ca ICQ: #61138586, Jabber: ho...@jabber.com diff -u automake1.9-1.9.6+nogfdl/debian/changelog automake1.9-1.9.6+nogfdl/debian/changelog --- automake1.9-1.9.6+nogfdl/debian/changelog +++ automake1.9-1.9.6+nogfdl/debian/changelog @@ -1,3 +1,10 @@ +automake1.9 (1.9.6+nogfdl-3.1+squeeze1) stable; urgency=low + + * lib/am/distdir.am: Backport fix for CVE-2012-3386 Temporary worldwide +write permissions during make distcheck. (Closes: #681118) + + -- Eric Dorland e...@debian.org Sun, 29 Jul 2012 22:59:38 -0400 + automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. diff -u automake1.9-1.9.6+nogfdl/lib/am/distdir.am automake1.9-1.9.6+nogfdl/lib/am/distdir.am --- automake1.9-1.9.6+nogfdl/lib/am/distdir.am +++ automake1.9-1.9.6+nogfdl/lib/am/distdir.am @@ -323,7 +323,7 @@ ## Make the new source tree read-only. Distributions ought to work in ## this case. However, make the top-level directory writable so we ## can make our new subdirs. - chmod -R a-w $(distdir); chmod a+w $(distdir) + chmod -R a-w $(distdir); chmod u+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst ## Undo the write access. signature.asc Description: Digital signature
debdiff for automake1.9_1.9.6+nogfdl-3.1+squeeze1
Proposed stable update for automake1.9. -- Eric Dorland e...@kuroneko.ca ICQ: #61138586, Jabber: ho...@jabber.com diff -u automake1.9-1.9.6+nogfdl/Makefile.in automake1.9-1.9.6+nogfdl/Makefile.in --- automake1.9-1.9.6+nogfdl/Makefile.in +++ automake1.9-1.9.6+nogfdl/Makefile.in @@ -408,7 +408,8 @@ || exit 1; \ fi; \ done - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + -find $(distdir) -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ diff -u automake1.9-1.9.6+nogfdl/debian/changelog automake1.9-1.9.6+nogfdl/debian/changelog --- automake1.9-1.9.6+nogfdl/debian/changelog +++ automake1.9-1.9.6+nogfdl/debian/changelog @@ -1,3 +1,12 @@ +automake1.9 (1.9.6+nogfdl-3.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-4029: do not assign insecure permissions to directories in +build tree. + + + -- Giuseppe Iuculano iucul...@debian.org Mon, 08 Mar 2010 23:29:32 +0100 + automake1.9 (1.9.6+nogfdl-3) unstable; urgency=low * debian/automake1.9.postinst: Bump the priority above automake1.10 at only in patch2: unchanged: --- automake1.9-1.9.6+nogfdl.orig/lib/am/distdir.am +++ automake1.9-1.9.6+nogfdl/lib/am/distdir.am @@ -192,11 +192,7 @@ endif %?DIST-TARGETS% ## ## This complex find command will try to avoid changing the modes of -## links into the source tree, in case they're hard-linked. It will -## also make directories writable by everybody, because some -## brain-dead tar implementations change ownership and permissions of -## a directory before extracting the files, thus becoming unable to -## extract them. +## links into the source tree, in case they're hard-linked. ## ## Ignore return result from chmod, because it might give an error ## if we chmod a symlink. @@ -209,7 +205,8 @@ ## the file in place in the source tree. ## if %?TOPDIR_P% - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + -find $(distdir) -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ signature.asc Description: Digital signature