commit rocksndiamonds for openSUSE:12.2

h_root Tue, 31 Jul 2012 05:18:46 -0700

Hello community,

here is the log from the commit of package rocksndiamonds for openSUSE:12.2 
checked in at 2012-07-31 14:05:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2/rocksndiamonds (Old)
 and      /work/SRC/openSUSE:12.2/.rocksndiamonds.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "rocksndiamonds", Maintainer is "nadvor...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:12.2/rocksndiamonds/rocksndiamonds.changes       
2012-06-25 15:52:01.000000000 +0200
+++ /work/SRC/openSUSE:12.2/.rocksndiamonds.new/rocksndiamonds.changes  
2012-07-31 14:18:17.000000000 +0200
@@ -1,0 +2,6 @@
+Fri Jul 13 06:53:24 UTC 2012 - meiss...@suse.com
+
+- do not create ~/.rocksndiamonds/ world writeable.
+  bnc#736261 / CVE-2011-4606
+
+-------------------------------------------------------------------

New:
----
  rocksndiamonds-CVE-2011-4606.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rocksndiamonds.spec ++++++
--- /var/tmp/diff_new_pack.nDRC9L/_old  2012-07-31 14:18:34.000000000 +0200
+++ /var/tmp/diff_new_pack.nDRC9L/_new  2012-07-31 14:18:34.000000000 +0200
@@ -39,6 +39,7 @@
 Source3:        %{name}.desktop
 Source4:        Contributions-1.2.0.tar.bz2
 Patch:          %{name}-%{version}-smpeg.patch
+Patch1:         %{name}-CVE-2011-4606.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -77,6 +78,7 @@
 if [ ! -f /usr/%_lib/libsmpeg.a ] ; then
 %patch -p1
 fi
+%patch1 -p1
 cp %{S:2} %{S:3} .
 pushd levels
 tar -xjf %{S:4}

++++++ rocksndiamonds-CVE-2011-4606.patch ++++++
diff -up rocksndiamonds-3.3.0.1/src/libgame/setup.c.CVE-2011-4606 
rocksndiamonds-3.3.0.1/src/libgame/setup.c
--- rocksndiamonds-3.3.0.1/src/libgame/setup.c.CVE-2011-4606    2011-12-12 
14:28:30.083078680 -0500
+++ rocksndiamonds-3.3.0.1/src/libgame/setup.c  2011-12-12 14:34:36.758744753 
-0500
@@ -1293,11 +1293,14 @@ void sortTreeInfo(TreeInfo **node_first)
 #define MODE_W_ALL             (S_IWUSR | S_IWGRP | S_IWOTH)
 #define MODE_X_ALL             (S_IXUSR | S_IXGRP | S_IXOTH)
 
+#define MODE_R_PRIVATE         (S_IRUSR)
 #define MODE_W_PRIVATE         (S_IWUSR)
+#define MODE_X_PRIVATE         (S_IXUSR)
+
 #define MODE_W_PUBLIC          (S_IWUSR | S_IWGRP)
 #define MODE_W_PUBLIC_DIR      (S_IWUSR | S_IWGRP | S_ISGID)
 
-#define DIR_PERMS_PRIVATE      (MODE_R_ALL | MODE_X_ALL | MODE_W_PRIVATE)
+#define DIR_PERMS_PRIVATE      (MODE_R_PRIVATE | MODE_X_PRIVATE | 
MODE_W_PRIVATE)
 #define DIR_PERMS_PUBLIC       (MODE_R_ALL | MODE_X_ALL | MODE_W_PUBLIC_DIR)
 
 #define FILE_PERMS_PRIVATE     (MODE_R_ALL | MODE_W_PRIVATE)
@@ -1456,7 +1459,8 @@ void createDirectory(char *dir, char *te
   if (running_setgid)
     posix_umask(last_umask & group_umask);
   else
-    dir_mode |= MODE_W_ALL;
+    if (permission_class == PERMS_PUBLIC)
+      dir_mode |= MODE_W_ALL;
 
   if (!fileExists(dir))
     if (posix_mkdir(dir, dir_mode) != 0)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit rocksndiamonds for openSUSE:12.2

Reply via email to