~alpine/aports

1

[alpine-aports] [PATCH v3.2] main/guile: security fixes #6367

Details
Message ID
<1485164227-204-1-git-send-email-sergej.lukin@gmail.com>
Sender timestamp
1485164227
DKIM signature
missing
Download raw message
Patch: +73 -1
CVE-2016-8605: Thread-unsafe umask modification
---
 main/guile/APKBUILD            |  4 ++-
 main/guile/CVE-2016-8605.patch | 70 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 main/guile/CVE-2016-8605.patch

diff --git a/main/guile/APKBUILD b/main/guile/APKBUILD
index c4563e3..7fe67c8 100644
--- a/main/guile/APKBUILD
+++ b/main/guile/APKBUILD
@@ -1,7 +1,8 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=guile
pkgver=1.8.8
pkgrel=2
pkgrel=3
pkgdesc="Guile is a portable, embeddable Scheme implementation written in C"
url="http://www.gnu.org/software/guile/"
arch="all"
@@ -13,6 +14,7 @@ install=
source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz
	guile-1.8.7-gcc45.patch
	fix-defines.patch
	CVE-2016-8605.patch
	"

_builddir="$srcdir"/$pkgname-$pkgver
diff --git a/main/guile/CVE-2016-8605.patch b/main/guile/CVE-2016-8605.patch
new file mode 100644
index 0000000..0f179ce
--- /dev/null
+++ b/main/guile/CVE-2016-8605.patch
@@ -0,0 +1,70 @@
CVE-2016-8605: Thread-unsafe umask modification
https://bugs.alpinelinux.org/issues/6367
http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614

Remove 'umask' calls from 'mkdir'.
Fixes <http://bugs.gnu.org/24659>.

* libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
unbound; instead, use 0777 as the mode.  Update docstring to clarify
this.
* doc/ref/posix.texi (File System): Adjust accordingly.

diff -ru guile-1.8.8.orig/doc/ref/posix.texi guile-1.8.8/doc/ref/posix.texi
--- guile-1.8.8.orig/doc/ref/posix.texi
+++ guile-1.8.8/doc/ref/posix.texi
@@ -815,9 +815,10 @@
 @deffn {Scheme Procedure} mkdir path [mode]
 @deffnx {C Function} scm_mkdir (path, mode)
 Create a new directory named by @var{path}.  If @var{mode} is omitted
-then the permissions of the directory file are set using the current
-umask (@pxref{Processes}).  Otherwise they are set to the decimal
-value specified with @var{mode}.  The return value is unspecified.
+then the permissions of the directory are set to @code{#o777}
+masked with the current umask (@pxref{Processes, @code{umask}}).
+Otherwise they are set to the value specified with @var{mode}.
+The return value is unspecified.
 @end deffn
 
 @deffn {Scheme Procedure} rmdir path
diff -ru guile-1.8.8.orig/libguile/filesys.c guile-1.8.8/libguile/filesys.c
--- guile-1.8.8.orig/libguile/filesys.c
+++ guile-1.8.8/libguile/filesys.c
@@ -790,27 +790,22 @@
 #ifdef HAVE_MKDIR
 SCM_DEFINE (scm_mkdir, "mkdir", 1, 1, 0,
             (SCM path, SCM mode),
-	    "Create a new directory named by @var{path}.  If @var{mode} is omitted\n"
-	    "then the permissions of the directory file are set using the current\n"
-	    "umask.  Otherwise they are set to the decimal value specified with\n"
-	    "@var{mode}.  The return value is unspecified.")
+      "Create a new directory named by @var{path}.  If @var{mode} is omitted\n"
+      "then the permissions of the directory are set to @code{#o777}\n"
+      "masked with the current umask (@pxref{Processes, @code{umask}}).\n"
+      "Otherwise they are set to the value specified with @var{mode}.\n"
+      "The return value is unspecified.")
 #define FUNC_NAME s_scm_mkdir
 {
   int rv;
-  mode_t mask;
+  mode_t c_mode;
 
-  if (SCM_UNBNDP (mode))
-    {
-      mask = umask (0);
-      umask (mask);
-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, 0777 ^ mask));
-    }
-  else
-    {
-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, scm_to_uint (mode)));
-    }
+  c_mode = SCM_UNBNDP (mode) ? 0777 : scm_to_uint (mode);
+
+  STRING_SYSCALL (path, c_path, rv = mkdir (c_path, c_mode));
   if (rv != 0)
     SCM_SYSERROR;
+
   return SCM_UNSPECIFIED;
 }
 #undef FUNC_NAME
-- 
2.4.11



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20170123184853.1d80d3a2@ncopa-desktop.copa.dup.pw>
In-Reply-To
<1485164227-204-1-git-send-email-sergej.lukin@gmail.com> (view parent)
Sender timestamp
1485193733
DKIM signature
missing
Download raw message
On Mon, 23 Jan 2017 09:37:07 +0000
Sergei Lukin <sergej.lukin@gmail.com> wrote:

> CVE-2016-8605: Thread-unsafe umask modification
> ---
>  main/guile/APKBUILD            |  4 ++-
>  main/guile/CVE-2016-8605.patch | 70 ++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 73 insertions(+), 1 deletion(-)
>  create mode 100644 main/guile/CVE-2016-8605.patch

applied with some fixes:
- add checksum for the patch
- remove the texi hunk as it made the build fail

thanks!

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)