diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-07-28 07:37:42 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-07-28 08:01:40 -0300 |
| commit | 2eb46eec7d4837f046d433bb8c9b2740a96297b5 (patch) | |
| tree | 7e885d2183fdb5603d00cc1c942a604cce94a1ec | |
| parent | f7c8b9a88d8fc85dd0ac3f74b836428250469238 (diff) | |
main/hylafaxplus: fix CVE-2020-15396 and CVE-2020-15397
| -rw-r--r-- | main/hylafaxplus/APKBUILD | 12 | ||||
| -rw-r--r-- | main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch | 68 |
2 files changed, 77 insertions, 3 deletions
diff --git a/main/hylafaxplus/APKBUILD b/main/hylafaxplus/APKBUILD index 0893f6d839c..c87cb8e847f 100644 --- a/main/hylafaxplus/APKBUILD +++ b/main/hylafaxplus/APKBUILD @@ -3,7 +3,7 @@ pkgname=hylafaxplus _pkgname=hylafax pkgver=7.0.0 -pkgrel=3 +pkgrel=4 pkgdesc="Making the Premier Open-Source Fax Management System Even Better" url="http://hylafax.sourceforge.net" arch="all" @@ -20,9 +20,15 @@ source="https://downloads.sourceforge.net/hylafax/${_pkgname}-${pkgver}.tar.gz common-functions-busybox-awk.patch no-locale.patch utf8-dictionary.patch + CVE-2020-15396-CVE-2020-15397.patch " builddir="$srcdir"/$_pkgname-$pkgver +# secfixes: +# 7.0.0-r4: +# - CVE-2020-15396 +# - CVE-2020-15397 + build() { cd "$builddir" # the configure script does not handle ccache or distcc @@ -90,10 +96,10 @@ package(){ install -D -m644 "$srcdir"/$pkgname.confd \ "$pkgdir"/etc/conf.d/$pkgname } - sha512sums="c63fdbff79c2ced29e03907c2e401c95a739e343414840a25b9582e3f4db880eaf4622295035e4728a9d1f224f97985007944397f28c9b29595aeec157bc2031 hylafax-7.0.0.tar.gz 54025c3ee3683476fa947f1e29cda7cc61027e2cbb0be1d400c7f715b4087a5c7693e0e3f8fdb1a8ecf56f48c03e4f0d82d12a2d6ae93707b13d08569510c917 hylafaxplus.initd a2117eddc8f0ff70a23a90f2001dcb88c5bddee46ffa021d6d1701cc5cfc3bcb0362ead2b1b1ce2b288992728053c5947466d08916649f45e7dfb1876576e50f hylafaxplus.confd 41ae2055a7781d83fc275aafe18ced0fe75ba79d3ad7d5096eabaeae3a514b564723185dd33820268577174f6c53bfcfddb30922ba50754b15c5c3b0abbec837 common-functions-busybox-awk.patch 4a1243daff9904e6395c3e28aa4a78a74de99f5aa9dbf5055a3781acfcd9b1b3db42b1569409b27e3ef9b0e55272dc99122436a79a08c9a1c140c2547c5a2c15 no-locale.patch -f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch" +f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch +ed6a717eb54d9ead7e2122cb2ecb9871343adcbbb615c0b63dfde5c23883c0f10bb2f0d3ae0ea73906522026f73bf743e2abcb54f08f2c75d61a5b87b933bbb8 CVE-2020-15396-CVE-2020-15397.patch" diff --git a/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch new file mode 100644 index 00000000000..b3af03d18a1 --- /dev/null +++ b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch @@ -0,0 +1,68 @@ +Upstream: Adapted from upstream, SourceForge has no raw diffs +diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in +index dc39917..c4d3ff1 100644 +--- a/etc/faxaddmodem.sh.in ++++ b/etc/faxaddmodem.sh.in +@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then + fi + + # security ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.faxaddmodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -rf $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + CPATH=$SPOOL/etc/config # prefix of configuration file +diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in +index 556eef5..794d3d9 100644 +--- a/etc/faxsetup.sh.in ++++ b/etc/faxsetup.sh.in +@@ -922,12 +922,14 @@ if onServer; then + # + + # Setup TMPDIR before anything can trap and rm it ++ o="`umask`" ++ umask 077 + TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null` ++ umask "$o" + if test x$TMPDIR = x; then +- TMPDIR=/tmp/.faxsetup$$ +- fi +- $RM -rf $TMPDIR +- (umask 077 ; mkdir $TMPDIR) || exit 1 ++ echo "Failed to create temporary directory. Cannot continue." +++ exit 1 +++ fi + + JUNK="etc/setup.tmp" + trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15 +diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in +index 55b5d9b..269c886 100644 +--- a/etc/probemodem.sh.in ++++ b/etc/probemodem.sh.in +@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || { + . $SPOOL/etc/setup.cache # common configuration stuff + . $SPOOL/etc/setup.modem # modem-specific stuff + ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.probemodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -fr $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded |