SecBSD's official ports repository

2023-08-16 22:26:55 +00:00 · 2023-08-16 22:26:55 +00:00 · 2c0afcbbf3
commit 2c0afcbbf3
64331 changed files with 5339189 additions and 0 deletions
--- a/devel/automake/1.9/patches/patch-lib_am_distdir_am
+++ b/devel/automake/1.9/patches/patch-lib_am_distdir_am
@ -0,0 +1,36 @@
+- Fix insecure permissions for directories in distfile build tree. CVE-2009-4029
+- Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
+
+--- lib/am/distdir.am.orig	Thu Jul 19 15:09:52 2012
+++ lib/am/distdir.am	Thu Jul 19 15:35:08 2012
+@@ -192,11 +192,7 @@ if %?DIST-TARGETS%
+ endif %?DIST-TARGETS%
+ ##
+ ## This complex find command will try to avoid changing the modes of
+-## links into the source tree, in case they're hard-linked.  It will
+-## also make directories writable by everybody, because some
+-## brain-dead tar implementations change ownership and permissions of
+-## a directory before extracting the files, thus becoming unable to
+-## extract them.
+## links into the source tree, in case they're hard-linked.
+ ##
+ ## Ignore return result from chmod, because it might give an error
+ ## if we chmod a symlink.
+@@ -209,7 +205,7 @@ endif %?DIST-TARGETS%
+ ## the file in place in the source tree.
+ ##
+ if %?TOPDIR_P%
+-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	-find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
+ 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+@@ -326,7 +322,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.