aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-07-28 07:37:42 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-07-28 08:00:59 -0300
commit7f053636d6a5e50dfda6224f8e621678e9a0e026 (patch)
treeeb60cfc1df4123f89653451cec8ff6b20b15a96d
parentffad7770f763fe8d1f7348be9880724c2db31af2 (diff)
downloadaports-7f053636d6a5e50dfda6224f8e621678e9a0e026.tar.gz
aports-7f053636d6a5e50dfda6224f8e621678e9a0e026.tar.bz2
aports-7f053636d6a5e50dfda6224f8e621678e9a0e026.tar.xz
main/hylafaxplus: fix CVE-2020-15396 and CVE-2020-15397
-rw-r--r--main/hylafaxplus/APKBUILD12
-rw-r--r--main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch68
2 files changed, 77 insertions, 3 deletions
diff --git a/main/hylafaxplus/APKBUILD b/main/hylafaxplus/APKBUILD
index 1f9a9c1668..8eb66b5640 100644
--- a/main/hylafaxplus/APKBUILD
+++ b/main/hylafaxplus/APKBUILD
@@ -3,7 +3,7 @@
pkgname=hylafaxplus
_pkgname=hylafax
pkgver=7.0.1
-pkgrel=1
+pkgrel=2
pkgdesc="Making the Premier Open-Source Fax Management System Even Better"
url="http://hylafax.sourceforge.net"
arch="all"
@@ -21,9 +21,15 @@ source="https://downloads.sourceforge.net/hylafax/${_pkgname}-${pkgver}.tar.gz
no-locale.patch
utf8-dictionary.patch
libtiff-41-compatibility.patch
+ CVE-2020-15396-CVE-2020-15397.patch
"
builddir="$srcdir"/$_pkgname-$pkgver
+# secfixes:
+# 7.0.1-r2:
+# - CVE-2020-15396
+# - CVE-2020-15397
+
build() {
cd "$builddir"
# the configure script does not handle ccache or distcc
@@ -91,11 +97,11 @@ package(){
install -D -m644 "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/$pkgname
}
-
sha512sums="2930cf19a83e7826ac8c6ee9e7d58789fd7e8202cb80cc4a953e67e1e600e76caaa281c173fc78df645cd1e308123c34279f158f0f065880853b908ed708f57f hylafax-7.0.1.tar.gz
54025c3ee3683476fa947f1e29cda7cc61027e2cbb0be1d400c7f715b4087a5c7693e0e3f8fdb1a8ecf56f48c03e4f0d82d12a2d6ae93707b13d08569510c917 hylafaxplus.initd
a2117eddc8f0ff70a23a90f2001dcb88c5bddee46ffa021d6d1701cc5cfc3bcb0362ead2b1b1ce2b288992728053c5947466d08916649f45e7dfb1876576e50f hylafaxplus.confd
41ae2055a7781d83fc275aafe18ced0fe75ba79d3ad7d5096eabaeae3a514b564723185dd33820268577174f6c53bfcfddb30922ba50754b15c5c3b0abbec837 common-functions-busybox-awk.patch
4a1243daff9904e6395c3e28aa4a78a74de99f5aa9dbf5055a3781acfcd9b1b3db42b1569409b27e3ef9b0e55272dc99122436a79a08c9a1c140c2547c5a2c15 no-locale.patch
f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch
-2776a3585bfe5cbd06c44600e20ce041f69d96d8a12782c824f6be8d8dd0de983d6dbf12d5077a8abf4f999a5616ab7847d35367ee600e4eec1a02e02063ff4e libtiff-41-compatibility.patch"
+2776a3585bfe5cbd06c44600e20ce041f69d96d8a12782c824f6be8d8dd0de983d6dbf12d5077a8abf4f999a5616ab7847d35367ee600e4eec1a02e02063ff4e libtiff-41-compatibility.patch
+ed6a717eb54d9ead7e2122cb2ecb9871343adcbbb615c0b63dfde5c23883c0f10bb2f0d3ae0ea73906522026f73bf743e2abcb54f08f2c75d61a5b87b933bbb8 CVE-2020-15396-CVE-2020-15397.patch"
diff --git a/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch
new file mode 100644
index 0000000000..b3af03d18a
--- /dev/null
+++ b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch
@@ -0,0 +1,68 @@
+Upstream: Adapted from upstream, SourceForge has no raw diffs
+diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in
+index dc39917..c4d3ff1 100644
+--- a/etc/faxaddmodem.sh.in
++++ b/etc/faxaddmodem.sh.in
+@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then
+ fi
+
+ # security
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+- TMPDIR=/tmp/.faxaddmodem$$
++ echo "Failed to create temporary directory. Cannot continue."
++ exit 1
+ fi
+-@RM@ -rf $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+
+ SH=$SCRIPT_SH # shell for use below
+ CPATH=$SPOOL/etc/config # prefix of configuration file
+diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in
+index 556eef5..794d3d9 100644
+--- a/etc/faxsetup.sh.in
++++ b/etc/faxsetup.sh.in
+@@ -922,12 +922,14 @@ if onServer; then
+ #
+
+ # Setup TMPDIR before anything can trap and rm it
++ o="`umask`"
++ umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null`
++ umask "$o"
+ if test x$TMPDIR = x; then
+- TMPDIR=/tmp/.faxsetup$$
+- fi
+- $RM -rf $TMPDIR
+- (umask 077 ; mkdir $TMPDIR) || exit 1
++ echo "Failed to create temporary directory. Cannot continue."
+++ exit 1
+++ fi
+
+ JUNK="etc/setup.tmp"
+ trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15
+diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in
+index 55b5d9b..269c886 100644
+--- a/etc/probemodem.sh.in
++++ b/etc/probemodem.sh.in
+@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || {
+ . $SPOOL/etc/setup.cache # common configuration stuff
+ . $SPOOL/etc/setup.modem # modem-specific stuff
+
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+- TMPDIR=/tmp/.probemodem$$
++ echo "Failed to create temporary directory. Cannot continue."
++ exit 1
+ fi
+-@RM@ -fr $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+
+ SH=$SCRIPT_SH # shell for use below
+ OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded