Accepting request 435751 from home:pgajdos

- security update * CVE-2016-8605 [bsc#1004221] + guile-CVE-2016-8605.patch OBS-URL: https://build.opensuse.org/request/show/435751 OBS-URL: https://build.opensuse.org/package/show/devel:languages:misc/guile1?expand=0&rev=28
2016-10-17 14:53:01 +00:00 · 2016-10-17 14:53:01 +00:00 · 33b81c8c9f
commit 33b81c8c9f
parent 73c0f75d73
3 changed files with 48 additions and 1 deletions
--- a/guile1-CVE-2016-8605.patch
+++ b/guile1-CVE-2016-8605.patch
@ -0,0 +1,38 @@
+--- a/libguile/filesys.c
+++ b/libguile/filesys.c
+@@ -1255,26 +1255,21 @@ SCM_DEFINE (scm_getcwd, "getcwd", 0, 0, 0,
+ SCM_DEFINE (scm_mkdir, "mkdir", 1, 1, 0,
+             (SCM path, SCM mode),
+ 	    "Create a new directory named by @var{path}.  If @var{mode} is omitted\n"
+-	    "then the permissions of the directory file are set using the current\n"
+-	    "umask.  Otherwise they are set to the decimal value specified with\n"
+-	    "@var{mode}.  The return value is unspecified.")
+	    "then the permissions of the directory are set to @code{#o777}\n"
+	    "masked with the current umask (@pxref{Processes, @code{umask}}).\n"
+	    "Otherwise they are set to the value specified with @var{mode}.\n"
+	    "The return value is unspecified.")
+ #define FUNC_NAME s_scm_mkdir
+ {
+   int rv;
+-  mode_t mask;
+  mode_t c_mode;
+ 
+-  if (SCM_UNBNDP (mode))
+-    {
+-      mask = umask (0);
+-      umask (mask);
+-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, 0777 ^ mask));
+-    }
+-  else
+-    {
+-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, scm_to_uint (mode)));
+-    }
+  c_mode = SCM_UNBNDP (mode) ? 0777 : scm_to_uint (mode);
+
+  STRING_SYSCALL (path, c_path, rv = mkdir (c_path, c_mode));
+   if (rv != 0)
+     SCM_SYSERROR;
+
+   return SCM_UNSPECIFIED;
+ }
+ #undef FUNC_NAME
--- a/guile1.changes
+++ b/guile1.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Oct 17 13:36:19 UTC 2016 - pgajdos@suse.com
+
+- security update
+  * CVE-2016-8605 [bsc#1004221]
+    + guile-CVE-2016-8605.patch
+
 -------------------------------------------------------------------
 Sat Mar 14 11:20:43 UTC 2015 - mpluskal@suse.com

--- a/guile1.spec
+++ b/guile1.spec
@ -1,7 +1,7 @@
 #
 # spec file for package guile1
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -35,6 +35,7 @@ Patch6:         guile-automake-1.13.patch
 Patch7:         guile-socket-test.patch
 # fix failures with texinfo 5.2
 Patch8:         guile-texinfo.patch
+Patch9:         guile1-CVE-2016-8605.patch
 BuildRequires:  automake
 BuildRequires:  gc-devel
 BuildRequires:  gmp-devel
@ -157,6 +158,7 @@ contains the files necessary to link against the guile libraries.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 # guile-1.8.1: The code is not so good for -Werror (unused results of write()).
 sed -i s/-Werror// configure.in configure