Mail archive
alpine-aports

[alpine-aports] [PATCH v3.3] main/guile: security upgrade - fixes #6366

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Wed, 7 Dec 2016 07:56:49 +0000

CVE-2016-8605, CVE-2016-8606
---
 main/guile/APKBUILD                                            | 10 +++++++++-
 .../guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch |  1 +
 ...REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch |  1 +
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 120000 main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch
 create mode 120000 main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
diff --git a/main/guile/APKBUILD b/main/guile/APKBUILD
index d401afd..ffbc028 100644
--- a/main/guile/APKBUILD
+++ b/main/guile/APKBUILD
_at_@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=guile
 pkgver=2.0.11
-pkgrel=2
+pkgrel=3
 pkgdesc="Guile is a portable, embeddable Scheme implementation written in C"
 url="http://www.gnu.org/software/guile/"
 arch="all"
_at_@ -22,6 +22,8 @@ source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz
 	0013-Handle-p-in-format-warnings.patch
 	0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch
 	0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch
+	CVE-2016-8605-Thread-unsafe-umask-modification.patch
+	CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
 
 	strtol_l.patch
 	"
_at_@ -68,6 +70,8 @@ f140776c944bacc6cc14919f83902696  0003-Recognize-more-ARM-targets.patch
 9e7b0d2d52e22b253ac314c6cb317bb4  0013-Handle-p-in-format-warnings.patch
 9bb62ca4bd913b5ba6a94868a2d33464  0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch
 04012be1e50736374564b14440e410f6  0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch
+8e214ebdc5edaf0aa56d134eb7ce66c8  CVE-2016-8605-Thread-unsafe-umask-modification.patch
+55248664c36c2cc4b1348f57a38eb23b  CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
 54b76be46ecc9333e2a57cc0906c1927  strtol_l.patch"
 sha256sums="e6786c934346fa2e38e46d8d81a622bb1c16d130153523f6129fcd79ef1fb040  guile-2.0.11.tar.gz
 760355a63be9b756607a03352ceb916dfba02da917fa00c6bc07253d0f7c75f6  0002-Mark-mutex-with-owner-not-retained-threads-test-as-u.patch
_at_@ -79,6 +83,8 @@ b7b3425c807d227dccf0ada653d3edd6d343d6c9d7ee648140bd13812f7776e7  0011-Fix-shrin
 3557178fec43d58c62a505a3199054d4f32da97cfafaa969a8e9b90616bc603f  0013-Handle-p-in-format-warnings.patch
 4ded8227e4b93a5205ddcf43f01e0e8c7684396669192b2e95b2c710573b6395  0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch
 d28837b89c1653d9addf80573934dc97128a0c464b531f64fc58b1577f60340a  0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch
+3f42410655221fb48cb5d9031d3a9ef28c4b6d3227ea0e67ea88d5d094e5236f  CVE-2016-8605-Thread-unsafe-umask-modification.patch
+343c8b420cfab0d04babb34d58b367a91fc2036028055f75ef9569a3a8bb1880  CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
 2ba49adb27db50f5ec33779ce2f002cafde99a04038ca689bee7d2098296ce33  strtol_l.patch"
 sha512sums="dc1a30d44e6d432fab2407d72385e959af863f6feba6cca5813b4de24c92200c78b44f336d1f4fa8c7b4058dea880982787c69888c91a2236fd2fb1d313137fd  guile-2.0.11.tar.gz
 b1c309cc07830ff1741ef88857f8099187b449580e8d57862886abc367ef1accc5a35636d81eee09247f13d3a751cdc8909fdea05368d3d509bd2039ce06d078  0002-Mark-mutex-with-owner-not-retained-threads-test-as-u.patch
_at_@ -90,4 +96,6 @@ b283ac11ca5d01a4ab102258ff896fb3fb6cb053144ea31ae0d43c0229c9b9509c4eadc90d757b23
 8484e882723d68ea1e658a86c7be5006de1af7d457f7f9a37a99b427460db8420980174efdcaff8fbfa49346ba01252d2e6183c8b5e323bd228d223ed011655b  0013-Handle-p-in-format-warnings.patch
 5f450e57968f2f0592a0de6beaa02db315d668a31a85330e3aa44d87995c82f866828fceb71012c123f5dd3b3b5c3ec944c8011ba09658ad00e8ce1c6f958a87  0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch
 f55e514534fd1aba547ed8d4350fbeeaef77d634d7f1915a0108244a9bef5afe7074f3292b9f74bdccd0c56cddc60e222e9ccd2519ba337b6f156123e632ec26  0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch
+95e022ee0bf0c622f8f3fe95218dea10720c1006b8f607906dbc890836390b81e807c9393447c5f9364325b8d63c0d557e889e23492150bfa6e6f72812e31619  CVE-2016-8605-Thread-unsafe-umask-modification.patch
+27043f994c4654ac8df40398f7a9631ece1e63de00a31be6fdf49abd5092d26aaa4dd3e51339395405e3ac56459ee5942639c572441a50d7a2fdaab251c8d2db  CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
 596efb03c65df98ea9afd932cb67e5b436e35fbf2442630e8a1854818f246b5a24eb920e3502ba28b882f0afb27c5148f1ff509c29baa91a7f37b3ecdc28c000  strtol_l.patch"
diff --git a/main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch b/main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch
new file mode 120000
index 0000000..001b2d7
--- /dev/null
+++ b/main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch
_at_@ -0,0 +1 @@
+/p/CVE-2016-8605-Thread-unsafe-umask-modification.patch
\ No newline at end of file
diff --git a/main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch b/main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
new file mode 120000
index 0000000..7a3dbe8
--- /dev/null
+++ b/main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
_at_@ -0,0 +1 @@
+/p/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch
\ No newline at end of file
-- 
2.6.6
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed Dec 07 2016 - 07:56:49 GMT