guile-1.8: fix CVE-2016-8605

Backports 245608911698adb3472803856019bdd5670b6614 from guile.git
Fixes https://github.com/NixOS/nixpkgs/issues/73648

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
This commit is contained in:
Masanori Ogino 2021-02-23 16:53:01 +09:00 committed by Masanori Ogino
parent c670db33d7
commit 8d213e1ff9
2 changed files with 63 additions and 1 deletions

View file

@ -37,7 +37,10 @@ stdenv.mkDerivation rec {
libtool
];
patches = [ ./cpp-4.5.patch ];
patches = [
./cpp-4.5.patch
./CVE-2016-8605.patch
];
preBuild = ''
sed -e '/lt_dlinit/a lt_dladdsearchdir("'$out/lib'");' -i libguile/dynl.c

View file

@ -0,0 +1,59 @@
commit d514e3fc42eb14a1bc5846b27ef89f50ba3a5d48
Author: Ludovic Courtès <ludo@gnu.org>
Date: Tue Oct 11 10:14:26 2016 +0200
Remove 'umask' calls from 'mkdir'.
Fixes <http://bugs.gnu.org/24659>.
* libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
unbound; instead, use 0777 as the mode. Update docstring to clarify
this.
diff --git a/libguile/filesys.c b/libguile/filesys.c
index c8acb13ef..921f765f1 100644
--- a/libguile/filesys.c
+++ b/libguile/filesys.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1996,1997,1998,1999,2000,2001, 2002, 2004, 2006, 2008 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2004, 2006,
+ * 2009, 2010, 2011, 2012, 2013, 2014, 2016 Free Software Foundation, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -791,26 +792,21 @@ SCM_DEFINE (scm_delete_file, "delete-file", 1, 0, 0,
SCM_DEFINE (scm_mkdir, "mkdir", 1, 1, 0,
(SCM path, SCM mode),
"Create a new directory named by @var{path}. If @var{mode} is omitted\n"
- "then the permissions of the directory file are set using the current\n"
- "umask. Otherwise they are set to the decimal value specified with\n"
- "@var{mode}. The return value is unspecified.")
+ "then the permissions of the directory are set to @code{#o777}\n"
+ "masked with the current umask (@pxref{Processes, @code{umask}}).\n"
+ "Otherwise they are set to the value specified with @var{mode}.\n"
+ "The return value is unspecified.")
#define FUNC_NAME s_scm_mkdir
{
int rv;
- mode_t mask;
+ mode_t c_mode;
- if (SCM_UNBNDP (mode))
- {
- mask = umask (0);
- umask (mask);
- STRING_SYSCALL (path, c_path, rv = mkdir (c_path, 0777 ^ mask));
- }
- else
- {
- STRING_SYSCALL (path, c_path, rv = mkdir (c_path, scm_to_uint (mode)));
- }
+ c_mode = SCM_UNBNDP (mode) ? 0777 : scm_to_uint (mode);
+
+ STRING_SYSCALL (path, c_path, rv = mkdir (c_path, c_mode));
if (rv != 0)
SCM_SYSERROR;
+
return SCM_UNSPECIFIED;
}
#undef FUNC_NAME