X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65])
	by lists.alpinelinux.org (Postfix) with ESMTP id 2F2DA5C4560
	for <alpine-aports@lists.alpinelinux.org>; Thu,  8 Dec 2016 13:45:48 +0000 (GMT)
Received: by mail-lf0-f65.google.com with SMTP id o141so28361990lff.1
        for <alpine-aports@lists.alpinelinux.org>; Thu, 08 Dec 2016 05:45:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:to:cc:subject:date:message-id;
        bh=Mu+TfXJ6U8RR8TFVHoZeN5+bAB6Kuh+RO6Q/vuUUJZE=;
        b=C0Aqtx4oLcQbXbc2nBB4WTLuvFt8h/ttn1081DFIAGKw3HMPQq//jwHDiDyjTRzw22
         QrNkr1FERNuuRmp+J89Q7DHviu2OmSnyUFJXVTsXrajega4G9xJIPUhM4+IloMbxJK8v
         9O3USlog6VkkdX3cjagcGFI0kDrZBGM96j61a1hp+bOvXofVxbwJRwQ3Aep4x9eiRvrE
         zEYRNuUQk91a8RdHWOqiX2HRkz1AMbStJQ0gW/mN0/hZWMw5NbsmNhWv8fWphH968gIM
         LmqHi+IQxkph2Z8A+oQl3hN/GJAhY2URY16Nczp+FXNKZB9T16ZyUgcQaamzxbf4z5En
         XpqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=Mu+TfXJ6U8RR8TFVHoZeN5+bAB6Kuh+RO6Q/vuUUJZE=;
        b=JRM/pW7so3WpLYQwJq1hlHj/Ee3Kppe5UC6f4cwrCR8d++535CPORdTThWKmNzFFPo
         3kvEF+4rnYQXIC5dQTM+anAn70+NjeZ6sILFvRxzM2oAAD4sSDC1SkVf5PoLwZcn5C8I
         IxsZ4iLhP0/m+8Io+0bvbeYJaITXxrg/19HoQRxtNR2U8wYzLFmLv/rdA/dMGwBa60wB
         EJzIVwX01TnuoReZB+Iu871dLhKvrn0p4RPV8VWJE2pQczn/4EW6o1QaztXdb2Ur4qQm
         qiYyBHk96fccTUFQlgM6FENH4xTu+ZESQctGbrrU54W1Dv/M4ZCy175cYa6PLebXHXq5
         1FVA==
X-Gm-Message-State: AKaTC01NeMGTVFan3kDwYuJSaLQwB0/pTwSHswvB1GXcFSHOtjso19FsTcbKN7rbkK4MCw==
X-Received: by 10.46.13.9 with SMTP id 9mr14866325ljn.37.1481204747441;
        Thu, 08 Dec 2016 05:45:47 -0800 (PST)
Received: from v3-2.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id v9sm5689376lja.0.2016.12.08.05.45.46
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Thu, 08 Dec 2016 05:45:46 -0800 (PST)
From: Sergey Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergey Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.2] /guile: security upgrade - fixes #6367
Date: Thu,  8 Dec 2016 13:45:35 +0000
Message-Id: <1481204735-247-1-git-send-email-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.4.11
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2016-8605
guile-1.8.8 is not affected by CVE-2016-8606 (repl server was introduced in 2.0)
---
 main/guile/APKBUILD            | 13 +++++---
 main/guile/CVE-2016-8605.patch | 70 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 5 deletions(-)
 create mode 100644 main/guile/CVE-2016-8605.patch

diff --git a/main/guile/APKBUILD b/main/guile/APKBUILD
index c4563e3..d3dc029 100644
--- a/main/guile/APKBUILD
+++ b/main/guile/APKBUILD
@@ -1,7 +1,8 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+# Contributer: Sergey Lukin <sergej.lukin@gmail.com>
 pkgname=guile
 pkgver=1.8.8
-pkgrel=2
+pkgrel=3
 pkgdesc="Guile is a portable, embeddable Scheme implementation written in C"
 url="http://www.gnu.org/software/guile/"
 arch="all"
@@ -13,11 +14,13 @@ install=
 source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz
 	guile-1.8.7-gcc45.patch
 	fix-defines.patch
+	CVE-2016-8605.patch
 	"
+# guile-1.8.8 is not affected by CVE-2016-8606 (repl server introduced in 2.0)
 
-_builddir="$srcdir"/$pkgname-$pkgver
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
-	cd "$_builddir"
+	cd "$builddir"
 	update_config_sub || return 1
 	for i in $source; do
 		case "$i" in
@@ -30,7 +33,7 @@ prepare() {
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -41,7 +44,7 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	rm "$pkgdir"/usr/lib/*.la
 }
diff --git a/main/guile/CVE-2016-8605.patch b/main/guile/CVE-2016-8605.patch
new file mode 100644
index 0000000..0f179ce
--- /dev/null
+++ b/main/guile/CVE-2016-8605.patch
@@ -0,0 +1,70 @@
+CVE-2016-8605: Thread-unsafe umask modification
+https://bugs.alpinelinux.org/issues/6367
+http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614
+
+Remove 'umask' calls from 'mkdir'.
+Fixes <http://bugs.gnu.org/24659>.
+
+* libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
+unbound; instead, use 0777 as the mode.  Update docstring to clarify
+this.
+* doc/ref/posix.texi (File System): Adjust accordingly.
+
+diff -ru guile-1.8.8.orig/doc/ref/posix.texi guile-1.8.8/doc/ref/posix.texi
+--- guile-1.8.8.orig/doc/ref/posix.texi
++++ guile-1.8.8/doc/ref/posix.texi
+@@ -815,9 +815,10 @@
+ @deffn {Scheme Procedure} mkdir path [mode]
+ @deffnx {C Function} scm_mkdir (path, mode)
+ Create a new directory named by @var{path}.  If @var{mode} is omitted
+-then the permissions of the directory file are set using the current
+-umask (@pxref{Processes}).  Otherwise they are set to the decimal
+-value specified with @var{mode}.  The return value is unspecified.
++then the permissions of the directory are set to @code{#o777}
++masked with the current umask (@pxref{Processes, @code{umask}}).
++Otherwise they are set to the value specified with @var{mode}.
++The return value is unspecified.
+ @end deffn
+ 
+ @deffn {Scheme Procedure} rmdir path
+diff -ru guile-1.8.8.orig/libguile/filesys.c guile-1.8.8/libguile/filesys.c
+--- guile-1.8.8.orig/libguile/filesys.c
++++ guile-1.8.8/libguile/filesys.c
+@@ -790,27 +790,22 @@
+ #ifdef HAVE_MKDIR
+ SCM_DEFINE (scm_mkdir, "mkdir", 1, 1, 0,
+             (SCM path, SCM mode),
+-	    "Create a new directory named by @var{path}.  If @var{mode} is omitted\n"
+-	    "then the permissions of the directory file are set using the current\n"
+-	    "umask.  Otherwise they are set to the decimal value specified with\n"
+-	    "@var{mode}.  The return value is unspecified.")
++      "Create a new directory named by @var{path}.  If @var{mode} is omitted\n"
++      "then the permissions of the directory are set to @code{#o777}\n"
++      "masked with the current umask (@pxref{Processes, @code{umask}}).\n"
++      "Otherwise they are set to the value specified with @var{mode}.\n"
++      "The return value is unspecified.")
+ #define FUNC_NAME s_scm_mkdir
+ {
+   int rv;
+-  mode_t mask;
++  mode_t c_mode;
+ 
+-  if (SCM_UNBNDP (mode))
+-    {
+-      mask = umask (0);
+-      umask (mask);
+-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, 0777 ^ mask));
+-    }
+-  else
+-    {
+-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, scm_to_uint (mode)));
+-    }
++  c_mode = SCM_UNBNDP (mode) ? 0777 : scm_to_uint (mode);
++
++  STRING_SYSCALL (path, c_path, rv = mkdir (c_path, c_mode));
+   if (rv != 0)
+     SCM_SYSERROR;
++
+   return SCM_UNSPECIFIED;
+ }
+ #undef FUNC_NAME
-- 
2.4.11



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---