Apply patches for two security issues:

- Fix insecure permissions for directories in distfile build tree. CVE-2009-4029
- Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386

This was already tested in a bulk build by me as part of a larger diff

from brad
ok aja@ sthen@ espie@

devel/automake/1.10/patches/patch-lib_am_distdir_am

@@ -0,0 +1,15 @@
+$OpenBSD: patch-lib_am_distdir_am,v 1.1 2012/07/20 12:03:50 jasper Exp $
+
+Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
+
+--- lib/am/distdir.am.orig	Thu Jul 19 15:05:14 2012
++++ lib/am/distdir.am	Thu Jul 19 15:06:44 2012
+@@ -362,7 +362,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.

devel/automake/1.11/Makefile

@@ -1,10 +1,9 @@
-# $OpenBSD: Makefile,v 1.10 2012/06/26 20:31:47 matthieu Exp $
+# $OpenBSD: Makefile,v 1.11 2012/07/20 12:03:50 jasper Exp $
 
 VERSION=	1.11
 DISTNAME=	automake-${VERSION}.5
-REVISION=	0
+REVISION=	1
 PKGSPEC=	automake->=${VERSION},<1.12
-REVISION =	0
 
 MODULES=		lang/python
 

devel/automake/1.11/patches/patch-lib_am_distdir_am

@@ -0,0 +1,15 @@
+$OpenBSD: patch-lib_am_distdir_am,v 1.1 2012/07/20 12:03:50 jasper Exp $
+
+Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
+
+--- lib/am/distdir.am.orig	Thu Jul 19 15:41:03 2012
++++ lib/am/distdir.am	Thu Jul 19 15:41:09 2012
+@@ -451,7 +451,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.

devel/automake/1.12/Makefile

@@ -1,10 +1,9 @@
-# $OpenBSD: Makefile,v 1.3 2012/06/26 20:31:47 matthieu Exp $
+# $OpenBSD: Makefile,v 1.4 2012/07/20 12:03:50 jasper Exp $
 
 VERSION=	1.12
 DISTNAME=	automake-${VERSION}
-REVISION=	0
+REVISION=	1
 PKGSPEC=	automake->=${VERSION},<1.13
-REVISION =	0
 
 MODULES=		lang/python
 

devel/automake/1.12/patches/patch-lib_am_distdir_am

@@ -0,0 +1,15 @@
+$OpenBSD: patch-lib_am_distdir_am,v 1.1 2012/07/20 12:03:50 jasper Exp $
+
+Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
+
+--- lib/am/distdir.am.orig	Thu Jul 19 15:39:48 2012
++++ lib/am/distdir.am	Thu Jul 19 15:39:57 2012
+@@ -449,7 +449,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.

devel/automake/1.4/Makefile

@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.11 2012/06/25 15:45:14 espie Exp $
+# $OpenBSD: Makefile,v 1.12 2012/07/20 12:03:50 jasper Exp $
 
 VERSION=	1.4
 DISTNAME=	automake-${VERSION}-p6
 PKGNAME=	automake-1.4.6
-PKGSPEC =	automake->=${VERSION},<1.5
-REVISION=	0
+REVISION=	1
+PKGSPEC=	automake->=${VERSION},<1.5
 
 MAINTAINER=	Jason Ish <ish@openbsd.org>
 

devel/automake/1.4/patches/patch-automake_in

@@ -1,6 +1,9 @@
-$OpenBSD: patch-automake_in,v 1.1.1.1 2005/01/11 07:11:00 sturm Exp $
---- automake.in.orig	Sun Jul 15 12:47:28 2001
-+++ automake.in	Fri Aug 17 12:47:25 2001
+$OpenBSD: patch-automake_in,v 1.2 2012/07/20 12:03:50 jasper Exp $
+
+Fix insecure permissions for directories in distfile build tree. CVE-2009-4029
+
+--- automake.in.orig	Sat Jul 27 16:55:58 2002
++++ automake.in	Thu Jul 19 16:04:18 2012
 @@ -2012,7 +2012,7 @@ sub handle_texinfo
  	# dependency list.
  	@texi_deps = ();
@@ -10,3 +13,21 @@ $OpenBSD: patch-automake_in,v 1.1.1.1 2005/01/11 07:11:00 sturm Exp $
  
  	# Canonicalize name first.
  	($canonical = $infobase) =~ tr/A-Za-z0-9_/_/c;
+@@ -2336,7 +2336,7 @@ sub handle_dist_worker
+ 	# Create dist directory.
+ 	$output_rules .= ("\t-rm -rf \$(distdir)\n"
+ 			  . "\tmkdir \$(distdir)\n"
+-			  . "\t-chmod 777 \$(distdir)\n");
++			  . "\t-chmod 755 \$(distdir)\n");
+     }
+ 
+     # Only run automake in `dist' target if --include-deps and
+@@ -2468,7 +2468,7 @@ sub handle_dist_worker
+ 	     . "\t" . '    test -d $(distdir)/$$subdir ' . "\\\n"
+ 	     . "\t" . '    || mkdir $(distdir)/$$subdir ' . "\\\n"
+ 	     . "\t" . '    || exit 1; ' . "\\\n"
+-	     . "\t" . '    chmod 777 $(distdir)/$$subdir; ' . "\\\n"
++	     . "\t" . '    chmod 755 $(distdir)/$$subdir; ' . "\\\n"
+ 	     . "\t" . '    (cd $$subdir'
+ 	     . ' && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$('
+ 	     . (($relative_dir eq '.') ? 'distdir' : 'top_distdir')

devel/automake/1.8/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.15 2012/06/25 15:45:14 espie Exp $
+# $OpenBSD: Makefile,v 1.16 2012/07/20 12:03:50 jasper Exp $
 
 VERSION=	1.8
 DISTNAME=	automake-${VERSION}.5
-REVISION=	6
-PKGSPEC =	automake->=${VERSION},<1.9
+REVISION=	7
+PKGSPEC=	automake->=${VERSION},<1.9
 
 AUTOCONF_VERSION=	2.59
 

devel/automake/1.8/patches/patch-lib_am_distdir_am

@@ -0,0 +1,38 @@
+$OpenBSD: patch-lib_am_distdir_am,v 1.1 2012/07/20 12:03:50 jasper Exp $
+
+- Fix insecure permissions for directories in distfile build tree. CVE-2009-4029
+- Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
+
+--- lib/am/distdir.am.orig	Thu Jul 19 15:12:01 2012
++++ lib/am/distdir.am	Thu Jul 19 15:37:07 2012
+@@ -190,11 +190,7 @@ if %?DIST-TARGETS%
+ endif %?DIST-TARGETS%
+ ##
+ ## This complex find command will try to avoid changing the modes of
+-## links into the source tree, in case they're hard-linked.  It will
+-## also make directories writable by everybody, because some
+-## brain-dead tar implementations change ownership and permissions of
+-## a directory before extracting the files, thus becoming unable to
+-## extract them.
++## links into the source tree, in case they're hard-linked.
+ ##
+ ## Ignore return result from chmod, because it might give an error
+ ## if we chmod a symlink.
+@@ -207,7 +203,7 @@ endif %?DIST-TARGETS%
+ ## the file in place in the source tree.
+ ##
+ if %?TOPDIR_P%
+-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
++	-find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
+ 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+@@ -318,7 +314,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.

devel/automake/1.9/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.23 2012/06/25 15:45:14 espie Exp $
+# $OpenBSD: Makefile,v 1.24 2012/07/20 12:03:50 jasper Exp $
 
 VERSION=	1.9
 DISTNAME=	automake-${VERSION}.6
-REVISION=	9
-PKGSPEC =	automake->=${VERSION},<1.10
+REVISION=	10
+PKGSPEC=	automake->=${VERSION},<1.10
 
 MODULES=		lang/python
 

devel/automake/1.9/patches/patch-lib_am_distdir_am

@@ -0,0 +1,38 @@
+$OpenBSD: patch-lib_am_distdir_am,v 1.1 2012/07/20 12:03:50 jasper Exp $
+
+- Fix insecure permissions for directories in distfile build tree. CVE-2009-4029
+- Fix insecure permissions used for the top of the distfile build tree. CVE-2012-3386
+
+--- lib/am/distdir.am.orig	Thu Jul 19 15:09:52 2012
++++ lib/am/distdir.am	Thu Jul 19 15:35:08 2012
+@@ -192,11 +192,7 @@ if %?DIST-TARGETS%
+ endif %?DIST-TARGETS%
+ ##
+ ## This complex find command will try to avoid changing the modes of
+-## links into the source tree, in case they're hard-linked.  It will
+-## also make directories writable by everybody, because some
+-## brain-dead tar implementations change ownership and permissions of
+-## a directory before extracting the files, thus becoming unable to
+-## extract them.
++## links into the source tree, in case they're hard-linked.
+ ##
+ ## Ignore return result from chmod, because it might give an error
+ ## if we chmod a symlink.
+@@ -209,7 +205,7 @@ endif %?DIST-TARGETS%
+ ## the file in place in the source tree.
+ ##
+ if %?TOPDIR_P%
+-	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
++	-find $(distdir) -type d ! -perm -755 -exec chmod u+rwx,go+rx {} \; -o \
+ 	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ 	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ 	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+@@ -326,7 +322,7 @@ distcheck: dist
+ ## Make the new source tree read-only.  Distributions ought to work in
+ ## this case.  However, make the top-level directory writable so we
+ ## can make our new subdirs.
+-	chmod -R a-w $(distdir); chmod a+w $(distdir)
++	chmod -R a-w $(distdir); chmod u+w $(distdir)
+ 	mkdir $(distdir)/_build
+ 	mkdir $(distdir)/_inst
+ ## Undo the write access.