civodul pushed a commit to branch stable-2.0 in repository guile. commit 606cf7f7f42c072b96b941e5074338c01811b5ea Author: Ludovic Courtès <l...@gnu.org> Date: Wed Oct 12 10:12:26 2016 +0200
Update 'NEWS'. --- NEWS | 48 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 96c5c2a..22dda2e 100644 --- a/NEWS +++ b/NEWS @@ -7,17 +7,38 @@ Please send Guile bug reports to bug-gu...@gnu.org. Changes in 2.0.13 (since 2.0.12): -* Notable changes -* New interfaces -** mkstemp! takes optional "mode" argument +* Security fixes -See "File System" in the manual, for more. +** CVE-2016-8606: REPL server now protects against HTTP inter-protocol + attacks -** New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions +Guile 2.x provides a "REPL server" started by the '--listen' +command-line option or equivalent API (see "REPL Servers" in the +manual). -* Bug fixes +The REPL server is vulnerable to the HTTP inter-protocol attack as +described at +<https://en.wikipedia.org/wiki/Inter-protocol_exploitation>, notably the +HTML form protocol attack described at +<https://www.jochentopf.com/hfpa/hfpa.pdf>. A "DNS rebinding attack" +can be combined with this attack and allow an attacker to send arbitrary +Guile code to the REPL server through web pages accessed by the +developer, even though the REPL server is listening to a loopback device +("localhost"). This was demonstrated in an article entitled "How to +steal any developer's local database" available at +<http://bouk.co/blog/hacking-developers/>. + +The REPL server in Guile 2.0.13 now detects attempts to exploit this +vulnerability. It immediately closes the connection when it receives a +line that looks like an HTTP request. + +Nevertheless, we recommend binding the REPL server to a Unix-domain +socket, for instance by running: -** 'mkdir' procedure no longer calls umask(2) (<http://bugs.gnu.org/24659>) + guile --listen=/tmp/guile-socket + +** CVE-2016-8605: 'mkdir' procedure no longer calls umask(2) + (<http://bugs.gnu.org/24659>) When the second argument to the 'mkdir' procedure was omitted, it would call umask(0) followed by umask(previous_umask) and apply the umask to @@ -28,9 +49,22 @@ applications: during a small window the process' umask was set to zero, so other threads calling mkdir(2) or open(2) could end up creating world-readable/writable/executable directories or files. +* New interfaces + +** mkstemp! takes optional "mode" argument + +See "File System" in the manual, for more. + +** New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions + +* Bug fixes + ** Fix optimizer bug when compiling fixpoint operator ** Fix build error on MinGW ** Update 'uname' implementation on MinGW +** 'port-encoding' and 'set-port-encoding!' ensure they are passed an + open port +** (system base target) now recognizes Alpha as a cross-compilation target Changes in 2.0.12 (since 2.0.11):