From f5b4fc0ceb0e5a2be5f3a19f63ad936897a3ac26 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dcleal@redhat.com>
Date: Mon, 2 Dec 2013 17:49:35 +0000
Subject: [PATCH] Fix umask handling when creating new files

  * src/transform.c (transform_save): faulty umask arithmetic would cause
    overly-open file modes when the umask contains "7", as the umask was
    incorrectly subtracted from the target file mode

Fixes CVE-2013-6412, RHBZ#1034261
---
 src/transform.c   |  2 +-
 tests/test-save.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/src/transform.c b/src/transform.c
index 9f7653e..1026912 100644
--- a/src/transform.c
+++ b/src/transform.c
@@ -1144,7 +1144,7 @@ int transform_save(struct augeas *aug, struct tree *xfm,
         mode_t curumsk = umask(022);
         umask(curumsk);
 
-        if (fchmod(fileno(fp), 0666 - curumsk) < 0) {
+        if (fchmod(fileno(fp), 0666 & ~curumsk) < 0) {
             err_status = "create_chmod";
             return -1;
         }
-- 
1.8.5.1

The test/test-save.c hunk didnt apply so it was removed