Hello community, here is the log from the commit of package rocksndiamonds for openSUSE:12.2 checked in at 2012-07-31 14:05:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/rocksndiamonds (Old) and /work/SRC/openSUSE:12.2/.rocksndiamonds.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rocksndiamonds", Maintainer is "nadvornik@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.2/rocksndiamonds/rocksndiamonds.changes 2012-06-25 15:52:01.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.rocksndiamonds.new/rocksndiamonds.changes 2012-07-31 14:18:17.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Jul 13 06:53:24 UTC 2012 - meissner@suse.com + +- do not create ~/.rocksndiamonds/ world writeable. + bnc#736261 / CVE-2011-4606 + +------------------------------------------------------------------- New: ---- rocksndiamonds-CVE-2011-4606.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rocksndiamonds.spec ++++++ --- /var/tmp/diff_new_pack.nDRC9L/_old 2012-07-31 14:18:34.000000000 +0200 +++ /var/tmp/diff_new_pack.nDRC9L/_new 2012-07-31 14:18:34.000000000 +0200 @@ -39,6 +39,7 @@ Source3: %{name}.desktop Source4: Contributions-1.2.0.tar.bz2 Patch: %{name}-%{version}-smpeg.patch +Patch1: %{name}-CVE-2011-4606.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -77,6 +78,7 @@ if [ ! -f /usr/%_lib/libsmpeg.a ] ; then %patch -p1 fi +%patch1 -p1 cp %{S:2} %{S:3} . pushd levels tar -xjf %{S:4} ++++++ rocksndiamonds-CVE-2011-4606.patch ++++++ diff -up rocksndiamonds-3.3.0.1/src/libgame/setup.c.CVE-2011-4606 rocksndiamonds-3.3.0.1/src/libgame/setup.c --- rocksndiamonds-3.3.0.1/src/libgame/setup.c.CVE-2011-4606 2011-12-12 14:28:30.083078680 -0500 +++ rocksndiamonds-3.3.0.1/src/libgame/setup.c 2011-12-12 14:34:36.758744753 -0500 @@ -1293,11 +1293,14 @@ void sortTreeInfo(TreeInfo **node_first) #define MODE_W_ALL (S_IWUSR | S_IWGRP | S_IWOTH) #define MODE_X_ALL (S_IXUSR | S_IXGRP | S_IXOTH) +#define MODE_R_PRIVATE (S_IRUSR) #define MODE_W_PRIVATE (S_IWUSR) +#define MODE_X_PRIVATE (S_IXUSR) + #define MODE_W_PUBLIC (S_IWUSR | S_IWGRP) #define MODE_W_PUBLIC_DIR (S_IWUSR | S_IWGRP | S_ISGID) -#define DIR_PERMS_PRIVATE (MODE_R_ALL | MODE_X_ALL | MODE_W_PRIVATE) +#define DIR_PERMS_PRIVATE (MODE_R_PRIVATE | MODE_X_PRIVATE | MODE_W_PRIVATE) #define DIR_PERMS_PUBLIC (MODE_R_ALL | MODE_X_ALL | MODE_W_PUBLIC_DIR) #define FILE_PERMS_PRIVATE (MODE_R_ALL | MODE_W_PRIVATE) @@ -1456,7 +1459,8 @@ void createDirectory(char *dir, char *te if (running_setgid) posix_umask(last_umask & group_umask); else - dir_mode |= MODE_W_ALL; + if (permission_class == PERMS_PUBLIC) + dir_mode |= MODE_W_ALL; if (!fileExists(dir)) if (posix_mkdir(dir, dir_mode) != 0) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org