commit guile1 for openSUSE:Factory

Wed, 19 Oct 2016 04:14:52 -0700 

Hello community,

here is the log from the commit of package guile1 for openSUSE:Factory checked 
in at 2016-10-19 13:13:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/guile1 (Old)
 and      /work/SRC/openSUSE:Factory/.guile1.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "guile1"

Changes:
--------
--- /work/SRC/openSUSE:Factory/guile1/guile1.changes    2015-03-16 
09:38:43.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.guile1.new/guile1.changes       2016-10-19 
13:14:23.000000000 +0200
@@ -1,0 +2,7 @@
+Mon Oct 17 13:36:19 UTC 2016 - pgaj...@suse.com
+
+- security update
+  * CVE-2016-8605 [bsc#1004221]
+    + guile1-CVE-2016-8605.patch
+
+-------------------------------------------------------------------

New:
----
  guile1-CVE-2016-8605.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ guile1.spec ++++++
--- /var/tmp/diff_new_pack.63xphw/_old  2016-10-19 13:14:24.000000000 +0200
+++ /var/tmp/diff_new_pack.63xphw/_new  2016-10-19 13:14:24.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package guile1
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,6 +35,7 @@
 Patch7:         guile-socket-test.patch
 # fix failures with texinfo 5.2
 Patch8:         guile-texinfo.patch
+Patch9:         guile1-CVE-2016-8605.patch
 BuildRequires:  automake
 BuildRequires:  gc-devel
 BuildRequires:  gmp-devel
@@ -157,6 +158,7 @@
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 # guile-1.8.1: The code is not so good for -Werror (unused results of write()).
 sed -i s/-Werror// configure.in configure
 


++++++ guile1-CVE-2016-8605.patch ++++++
--- a/libguile/filesys.c
+++ b/libguile/filesys.c
@@ -1255,26 +1255,21 @@ SCM_DEFINE (scm_getcwd, "getcwd", 0, 0, 0,
 SCM_DEFINE (scm_mkdir, "mkdir", 1, 1, 0,
             (SCM path, SCM mode),
            "Create a new directory named by @var{path}.  If @var{mode} is 
omitted\n"
-           "then the permissions of the directory file are set using the 
current\n"
-           "umask.  Otherwise they are set to the decimal value specified 
with\n"
-           "@var{mode}.  The return value is unspecified.")
+           "then the permissions of the directory are set to @code{#o777}\n"
+           "masked with the current umask (@pxref{Processes, @code{umask}}).\n"
+           "Otherwise they are set to the value specified with @var{mode}.\n"
+           "The return value is unspecified.")
 #define FUNC_NAME s_scm_mkdir
 {
   int rv;
-  mode_t mask;
+  mode_t c_mode;
 
-  if (SCM_UNBNDP (mode))
-    {
-      mask = umask (0);
-      umask (mask);
-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, 0777 ^ mask));
-    }
-  else
-    {
-      STRING_SYSCALL (path, c_path, rv = mkdir (c_path, scm_to_uint (mode)));
-    }
+  c_mode = SCM_UNBNDP (mode) ? 0777 : scm_to_uint (mode);
+
+  STRING_SYSCALL (path, c_path, rv = mkdir (c_path, c_mode));
   if (rv != 0)
     SCM_SYSERROR;
+
   return SCM_UNSPECIFIED;
 }
 #undef FUNC_NAME

Reply via email to