aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-07-28 07:37:42 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-07-28 08:01:40 -0300
commit2eb46eec7d4837f046d433bb8c9b2740a96297b5 (patch)
tree7e885d2183fdb5603d00cc1c942a604cce94a1ec
parentf7c8b9a88d8fc85dd0ac3f74b836428250469238 (diff)
downloadaports-2eb46eec7d4837f046d433bb8c9b2740a96297b5.tar.gz
aports-2eb46eec7d4837f046d433bb8c9b2740a96297b5.tar.bz2
aports-2eb46eec7d4837f046d433bb8c9b2740a96297b5.tar.xz
main/hylafaxplus: fix CVE-2020-15396 and CVE-2020-15397
-rw-r--r--main/hylafaxplus/APKBUILD12
-rw-r--r--main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch68
2 files changed, 77 insertions, 3 deletions
diff --git a/main/hylafaxplus/APKBUILD b/main/hylafaxplus/APKBUILD
index 0893f6d839..c87cb8e847 100644
--- a/main/hylafaxplus/APKBUILD
+++ b/main/hylafaxplus/APKBUILD
@@ -3,7 +3,7 @@
pkgname=hylafaxplus
_pkgname=hylafax
pkgver=7.0.0
-pkgrel=3
+pkgrel=4
pkgdesc="Making the Premier Open-Source Fax Management System Even Better"
url="http://hylafax.sourceforge.net"
arch="all"
@@ -20,9 +20,15 @@ source="https://downloads.sourceforge.net/hylafax/${_pkgname}-${pkgver}.tar.gz
common-functions-busybox-awk.patch
no-locale.patch
utf8-dictionary.patch
+ CVE-2020-15396-CVE-2020-15397.patch
"
builddir="$srcdir"/$_pkgname-$pkgver
+# secfixes:
+# 7.0.0-r4:
+# - CVE-2020-15396
+# - CVE-2020-15397
+
build() {
cd "$builddir"
# the configure script does not handle ccache or distcc
@@ -90,10 +96,10 @@ package(){
install -D -m644 "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/$pkgname
}
-
sha512sums="c63fdbff79c2ced29e03907c2e401c95a739e343414840a25b9582e3f4db880eaf4622295035e4728a9d1f224f97985007944397f28c9b29595aeec157bc2031 hylafax-7.0.0.tar.gz
54025c3ee3683476fa947f1e29cda7cc61027e2cbb0be1d400c7f715b4087a5c7693e0e3f8fdb1a8ecf56f48c03e4f0d82d12a2d6ae93707b13d08569510c917 hylafaxplus.initd
a2117eddc8f0ff70a23a90f2001dcb88c5bddee46ffa021d6d1701cc5cfc3bcb0362ead2b1b1ce2b288992728053c5947466d08916649f45e7dfb1876576e50f hylafaxplus.confd
41ae2055a7781d83fc275aafe18ced0fe75ba79d3ad7d5096eabaeae3a514b564723185dd33820268577174f6c53bfcfddb30922ba50754b15c5c3b0abbec837 common-functions-busybox-awk.patch
4a1243daff9904e6395c3e28aa4a78a74de99f5aa9dbf5055a3781acfcd9b1b3db42b1569409b27e3ef9b0e55272dc99122436a79a08c9a1c140c2547c5a2c15 no-locale.patch
-f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch"
+f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch
+ed6a717eb54d9ead7e2122cb2ecb9871343adcbbb615c0b63dfde5c23883c0f10bb2f0d3ae0ea73906522026f73bf743e2abcb54f08f2c75d61a5b87b933bbb8 CVE-2020-15396-CVE-2020-15397.patch"
diff --git a/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch
new file mode 100644
index 0000000000..b3af03d18a
--- /dev/null
+++ b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch
@@ -0,0 +1,68 @@
+Upstream: Adapted from upstream, SourceForge has no raw diffs
+diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in
+index dc39917..c4d3ff1 100644
+--- a/etc/faxaddmodem.sh.in
++++ b/etc/faxaddmodem.sh.in
+@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then
+ fi
+
+ # security
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+- TMPDIR=/tmp/.faxaddmodem$$
++ echo "Failed to create temporary directory. Cannot continue."
++ exit 1
+ fi
+-@RM@ -rf $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+
+ SH=$SCRIPT_SH # shell for use below
+ CPATH=$SPOOL/etc/config # prefix of configuration file
+diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in
+index 556eef5..794d3d9 100644
+--- a/etc/faxsetup.sh.in
++++ b/etc/faxsetup.sh.in
+@@ -922,12 +922,14 @@ if onServer; then
+ #
+
+ # Setup TMPDIR before anything can trap and rm it
++ o="`umask`"
++ umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null`
++ umask "$o"
+ if test x$TMPDIR = x; then
+- TMPDIR=/tmp/.faxsetup$$
+- fi
+- $RM -rf $TMPDIR
+- (umask 077 ; mkdir $TMPDIR) || exit 1
++ echo "Failed to create temporary directory. Cannot continue."
+++ exit 1
+++ fi
+
+ JUNK="etc/setup.tmp"
+ trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15
+diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in
+index 55b5d9b..269c886 100644
+--- a/etc/probemodem.sh.in
++++ b/etc/probemodem.sh.in
+@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || {
+ . $SPOOL/etc/setup.cache # common configuration stuff
+ . $SPOOL/etc/setup.modem # modem-specific stuff
+
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+- TMPDIR=/tmp/.probemodem$$
++ echo "Failed to create temporary directory. Cannot continue."
++ exit 1
+ fi
+-@RM@ -fr $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+
+ SH=$SCRIPT_SH # shell for use below
+ OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded