diff options
Diffstat (limited to 'net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch')
| -rw-r--r-- | net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch b/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch deleted file mode 100644 index 6c484590c468..000000000000 --- a/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch +++ /dev/null @@ -1,110 +0,0 @@ -commit e8f8196230ae15f6f7d7104ded3e2633002506e4 -Author: faxguy <faxguy@5505949e-d877-4686-9e03-c53b7a51b376> -Date: Sat Jun 13 23:46:33 2020 +0000 - - Johannes Segitz reported two issues: - - 1) faxaddmodem, faxsetup, and probemodem create temporary directories in a way that is not secure due to a race condition. - - 2) The HylaFAX spool directory bin and etc subdirectories are not secure against uucp deleting and recreating scripts that root runs. - - These changes address these two issues. - - - - git-svn-id: https://svn.code.sf.net/p/hylafax/HylaFAX+@2534 5505949e-d877-4686-9e03-c53b7a51b376 - -diff --git a/CONTRIBUTORS b/CONTRIBUTORS -index 057739f..a9d4f21 100644 ---- a/CONTRIBUTORS -+++ b/CONTRIBUTORS -@@ -203,6 +203,7 @@ following for their contributions: - Travis Schafer LogSend and LogRecv modem config options, documentation fixes - Sven Schmidt - Steven Schoch faxrcvd faxinfo text parsing -+ Johannes Segitz code security audit - John Sellens - Chris Severance documentation fixes, scripting improvements - Simon <iahnl@iah.nl> -diff --git a/Makefile.in b/Makefile.in -index 1ee4d76..ec0cda7 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -208,7 +208,10 @@ makeServerDirs:: - -idb hylafax.sw.server -root ${INSTALLROOT} -dir ${SPOOL} - -${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m ${DIRMODE} \ - -idb hylafax.sw.server -dir \ -- -root ${INSTALLROOT} -F ${SPOOL} bin client config dev etc info log recvq status -+ -root ${INSTALLROOT} -F ${SPOOL} client config dev info log recvq status -+ -${INSTALL} -u root -g root -m ${DIRMODE} \ -+ -idb hylafax.sw.server -dir \ -+ -root ${INSTALLROOT} -F ${SPOOL} bin etc - -${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m 700 \ - -idb hylafax.sw.server -dir \ - -root ${INSTALLROOT} -F ${SPOOL} sendq doneq docq tmp pollq archive -diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in -index dc39917..c4d3ff1 100644 ---- a/etc/faxaddmodem.sh.in -+++ b/etc/faxaddmodem.sh.in -@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then - fi - - # security -+o="`umask`" -+umask 077 - TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null` -+umask "$o" - if test X$TMPDIR = X; then -- TMPDIR=/tmp/.faxaddmodem$$ -+ echo "Failed to create temporary directory. Cannot continue." -+ exit 1 - fi --@RM@ -rf $TMPDIR --(umask 077 ; mkdir $TMPDIR) || exit 1 - - SH=$SCRIPT_SH # shell for use below - CPATH=$SPOOL/etc/config # prefix of configuration file -diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in -index 556eef5..b4aae40 100644 ---- a/etc/faxsetup.sh.in -+++ b/etc/faxsetup.sh.in -@@ -922,12 +922,14 @@ if onServer; then - # - - # Setup TMPDIR before anything can trap and rm it -+ o="`umask`" -+ umask 077 - TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null` -+ umask "$o" - if test x$TMPDIR = x; then -- TMPDIR=/tmp/.faxsetup$$ -+ echo "Failed to create temporary directory. Cannot continue." -+ exit 1 - fi -- $RM -rf $TMPDIR -- (umask 077 ; mkdir $TMPDIR) || exit 1 - - JUNK="etc/setup.tmp" - trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15 -diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in -index 55b5d9b..c0abf15 100644 ---- a/etc/probemodem.sh.in -+++ b/etc/probemodem.sh.in -@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || { - . $SPOOL/etc/setup.cache # common configuration stuff - . $SPOOL/etc/setup.modem # modem-specific stuff - -+o="`umask`" -+umask 077 - TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null` -+umask "$o" - if test X$TMPDIR = X; then -- TMPDIR=/tmp/.probemodem$$ -+ echo "Failed to create temporary directory. Cannot continue." -+ exit 1 - fi --@RM@ -fr $TMPDIR --(umask 077 ; mkdir $TMPDIR) || exit 1 - - SH=$SCRIPT_SH # shell for use below - OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded |