new file mode 100644

@@ -0,0 +1,13 @@

+diff -uNr systemd-228/src/basic/fs-util.c systemd-228-new/src/basic/fs-util.c

+--- systemd-228/src/basic/fs-util.c	2017-02-07 23:47:47.432666702 +0000

+@@ -327,7 +327,8 @@

+         if (parents)

+                 mkdir_parents(path, 0755);

+ 

+-        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644);

++        fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY,

++                        (mode == 0 || mode == MODE_INVALID) ? 0644 : mode);

+         if (fd < 0)

+                 return -errno;

+ 

@@ -1,7 +1,7 @@

 Summary:          Systemd-228

 Name:             systemd

 Version:          228

-Release:          33%{?dist}

+Release:          34%{?dist}

 License:          LGPLv2+ and GPLv2+ and MIT

 URL:              http://www.freedesktop.org/wiki/Software/systemd/

 Group:            System Environment/Security

@@ -35,6 +35,7 @@ Patch19:          02-install-general-aliases.patch

 Patch20:          systemd-228-CVE-notify-socket-DOS-fix.patch

 Patch21:          systemd-macros.patch

 Patch22:          systemd-228-vm-watchdog-timer.patch

+Patch23:          systemd-228-CVE-2016-10156-suid-fix.patch

 Requires:         Linux-PAM

 Requires:         libcap

 Requires:         xz

@@ -90,6 +91,7 @@ sed -i "s:blkid/::" $(grep -rl "blkid/blkid.h")

 %patch20 -p1

 %patch21 -p1

 %patch22 -p1

+%patch23 -p1

 sed -i "s#\#DefaultTasksMax=512#DefaultTasksMax=infinity#g" src/core/system.conf

 %build

@@ -199,6 +201,8 @@ rm -rf %{buildroot}/*

 %dir %{_localstatedir}/log/journal

 %changelog

+*    Sat Jan 22 2017 Vinay Kulkarni <kulkarniv@vmware.com>  228-34

+-    Fix for CVE-2016-10156.

 *    Sat Jan 21 2017 Vinay Kulkarni <kulkarniv@vmware.com>  228-33

 -    Arm watchdog timer more frequently for virtual machine env.

 *    Thu Nov 3 2016 Divya Thaluru <dthaluru@vmware.com>  228-32