diff options
Diffstat (limited to 'main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch')
| -rw-r--r-- | main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch new file mode 100644 index 00000000000..b3af03d18a1 --- /dev/null +++ b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch @@ -0,0 +1,68 @@ +Upstream: Adapted from upstream, SourceForge has no raw diffs +diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in +index dc39917..c4d3ff1 100644 +--- a/etc/faxaddmodem.sh.in ++++ b/etc/faxaddmodem.sh.in +@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then + fi + + # security ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.faxaddmodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -rf $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + CPATH=$SPOOL/etc/config # prefix of configuration file +diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in +index 556eef5..794d3d9 100644 +--- a/etc/faxsetup.sh.in ++++ b/etc/faxsetup.sh.in +@@ -922,12 +922,14 @@ if onServer; then + # + + # Setup TMPDIR before anything can trap and rm it ++ o="`umask`" ++ umask 077 + TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null` ++ umask "$o" + if test x$TMPDIR = x; then +- TMPDIR=/tmp/.faxsetup$$ +- fi +- $RM -rf $TMPDIR +- (umask 077 ; mkdir $TMPDIR) || exit 1 ++ echo "Failed to create temporary directory. Cannot continue." +++ exit 1 +++ fi + + JUNK="etc/setup.tmp" + trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15 +diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in +index 55b5d9b..269c886 100644 +--- a/etc/probemodem.sh.in ++++ b/etc/probemodem.sh.in +@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || { + . $SPOOL/etc/setup.cache # common configuration stuff + . $SPOOL/etc/setup.modem # modem-specific stuff + ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.probemodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -fr $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded |