X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-wj0-f172.google.com (mail-wj0-f172.google.com [209.85.210.172]) by lists.alpinelinux.org (Postfix) with ESMTP id 467675C454D for ; Wed, 7 Dec 2016 07:57:01 +0000 (GMT) Received: by mail-wj0-f172.google.com with SMTP id tg4so96671600wjb.1 for ; Tue, 06 Dec 2016 23:57:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=ZoGzGSw5F4VA5paOWPMm0GiS/G3QfyKeSpHB64RHkG8=; b=YAMIoqVSuyzIpy2trnMoxtRAr8JuC5EIyRN1S63MSVQ76swZCH2eNAw1x0oaw6qvYe hJY8VziV8CU4p6RSO2DMpCGvYT6sPvtvfeOBdvxxFpaz604uMSSH6aA7DDNK2doEy58Q 53zIs5rQzZD9UAKxrXlCUaoN5PAmc1Lwie99/+d5lT+tpA6Q1lFfkZq5G19HcNzWhnfx iK4rdsC2PXnsMvGIXosX9htjAR3jkcRl5MHMA8r/J7ogWayjZKcju7DKyvYKkC7i0/bh MxQT8UwKcAJU+eESBm/bZx1f/zH4SJjtylfGAxcicSpyRgzkI3o+ioQ/ZyUrLNPawBk4 7Faw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ZoGzGSw5F4VA5paOWPMm0GiS/G3QfyKeSpHB64RHkG8=; b=dN5lE8zm9ZcYwRiHsFfESoWYaVXxgfWCgDe558uIxJAdUswAz6NzhoDuU3W7SvRTxr yesiCMMT5dL0babKJCLyXG5AIlH7QkjjtrkaiyfHmimDZ1MQUHSDoKojPP/2xzk7TvPH XhSC8eJfPHxN5dZvri07fH9iFoNWfCsW1GlPpK3Pnv9uzwBLkOJxGy10jsEPYuEye2mA kkhLJkMIHzlPwov0opATD9dC7gmZaYJ2OrLmdS+kpk4E7jegFwaNrV/j9U7rcb9yNW4F NTwJqCClCz7bHURjklJVUdbwIWruOHqqQZuWfgsmR81y2qpbV+HXpr0ay61goTMpwOgZ w0dA== X-Gm-Message-State: AKaTC01kCLWhMPvbB1ZQkXURX9q5G4Wth9w7mrdzmxIcsR42/xtneO2iKWeoXWVYP7byCw== X-Received: by 10.25.203.148 with SMTP id b142mr19377806lfg.145.1481097420639; Tue, 06 Dec 2016 23:57:00 -0800 (PST) Received: from v3-3.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id k94sm4502659lfi.5.2016.12.06.23.56.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 06 Dec 2016 23:56:59 -0800 (PST) From: Sergey Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergey Lukin Subject: [alpine-aports] [PATCH v3.3] main/guile: security upgrade - fixes #6366 Date: Wed, 7 Dec 2016 07:56:49 +0000 Message-Id: <1481097409-704-1-git-send-email-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.6.6 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-8605, CVE-2016-8606 --- main/guile/APKBUILD | 10 +++++++++- .../guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch | 1 + ...REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) create mode 120000 main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch create mode 120000 main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch diff --git a/main/guile/APKBUILD b/main/guile/APKBUILD index d401afd..ffbc028 100644 --- a/main/guile/APKBUILD +++ b/main/guile/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=guile pkgver=2.0.11 -pkgrel=2 +pkgrel=3 pkgdesc="Guile is a portable, embeddable Scheme implementation written in C" url="http://www.gnu.org/software/guile/" arch="all" @@ -22,6 +22,8 @@ source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz 0013-Handle-p-in-format-warnings.patch 0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch 0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch + CVE-2016-8605-Thread-unsafe-umask-modification.patch + CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch strtol_l.patch " @@ -68,6 +70,8 @@ f140776c944bacc6cc14919f83902696 0003-Recognize-more-ARM-targets.patch 9e7b0d2d52e22b253ac314c6cb317bb4 0013-Handle-p-in-format-warnings.patch 9bb62ca4bd913b5ba6a94868a2d33464 0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch 04012be1e50736374564b14440e410f6 0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch +8e214ebdc5edaf0aa56d134eb7ce66c8 CVE-2016-8605-Thread-unsafe-umask-modification.patch +55248664c36c2cc4b1348f57a38eb23b CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch 54b76be46ecc9333e2a57cc0906c1927 strtol_l.patch" sha256sums="e6786c934346fa2e38e46d8d81a622bb1c16d130153523f6129fcd79ef1fb040 guile-2.0.11.tar.gz 760355a63be9b756607a03352ceb916dfba02da917fa00c6bc07253d0f7c75f6 0002-Mark-mutex-with-owner-not-retained-threads-test-as-u.patch @@ -79,6 +83,8 @@ b7b3425c807d227dccf0ada653d3edd6d343d6c9d7ee648140bd13812f7776e7 0011-Fix-shrin 3557178fec43d58c62a505a3199054d4f32da97cfafaa969a8e9b90616bc603f 0013-Handle-p-in-format-warnings.patch 4ded8227e4b93a5205ddcf43f01e0e8c7684396669192b2e95b2c710573b6395 0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch d28837b89c1653d9addf80573934dc97128a0c464b531f64fc58b1577f60340a 0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch +3f42410655221fb48cb5d9031d3a9ef28c4b6d3227ea0e67ea88d5d094e5236f CVE-2016-8605-Thread-unsafe-umask-modification.patch +343c8b420cfab0d04babb34d58b367a91fc2036028055f75ef9569a3a8bb1880 CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch 2ba49adb27db50f5ec33779ce2f002cafde99a04038ca689bee7d2098296ce33 strtol_l.patch" sha512sums="dc1a30d44e6d432fab2407d72385e959af863f6feba6cca5813b4de24c92200c78b44f336d1f4fa8c7b4058dea880982787c69888c91a2236fd2fb1d313137fd guile-2.0.11.tar.gz b1c309cc07830ff1741ef88857f8099187b449580e8d57862886abc367ef1accc5a35636d81eee09247f13d3a751cdc8909fdea05368d3d509bd2039ce06d078 0002-Mark-mutex-with-owner-not-retained-threads-test-as-u.patch @@ -90,4 +96,6 @@ b283ac11ca5d01a4ab102258ff896fb3fb6cb053144ea31ae0d43c0229c9b9509c4eadc90d757b23 8484e882723d68ea1e658a86c7be5006de1af7d457f7f9a37a99b427460db8420980174efdcaff8fbfa49346ba01252d2e6183c8b5e323bd228d223ed011655b 0013-Handle-p-in-format-warnings.patch 5f450e57968f2f0592a0de6beaa02db315d668a31a85330e3aa44d87995c82f866828fceb71012c123f5dd3b3b5c3ec944c8011ba09658ad00e8ce1c6f958a87 0015-Fix-SCM_SMOB_OBJECT-_-_0_-_1_-_2_-_3_-LOC.patch f55e514534fd1aba547ed8d4350fbeeaef77d634d7f1915a0108244a9bef5afe7074f3292b9f74bdccd0c56cddc60e222e9ccd2519ba337b6f156123e632ec26 0016-peval-Handle-optional-argument-inits-that-refer-to-p.patch +95e022ee0bf0c622f8f3fe95218dea10720c1006b8f607906dbc890836390b81e807c9393447c5f9364325b8d63c0d557e889e23492150bfa6e6f72812e31619 CVE-2016-8605-Thread-unsafe-umask-modification.patch +27043f994c4654ac8df40398f7a9631ece1e63de00a31be6fdf49abd5092d26aaa4dd3e51339395405e3ac56459ee5942639c572441a50d7a2fdaab251c8d2db CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch 596efb03c65df98ea9afd932cb67e5b436e35fbf2442630e8a1854818f246b5a24eb920e3502ba28b882f0afb27c5148f1ff509c29baa91a7f37b3ecdc28c000 strtol_l.patch" diff --git a/main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch b/main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch new file mode 120000 index 0000000..001b2d7 --- /dev/null +++ b/main/guile/CVE-2016-8605-Thread-unsafe-umask-modification.patch @@ -0,0 +1 @@ +/p/CVE-2016-8605-Thread-unsafe-umask-modification.patch \ No newline at end of file diff --git a/main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch b/main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch new file mode 120000 index 0000000..7a3dbe8 --- /dev/null +++ b/main/guile/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch @@ -0,0 +1 @@ +/p/CVE-2016-8606-REPL-server-vulnerable-to-HTTP-inter-protocol-attacks.patch \ No newline at end of file -- 2.6.6 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---