From 3cf7c3ef441822c889356fd1812ebf2944a59851 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 25 Aug 2020 10:45:55 +0100 Subject: gentoo resync : 25.08.2020 --- .../hylafaxplus/files/hylafax-cryptglibc.patch | 98 ------------------ .../files/hylafaxplus-CVE-2020-1539x.patch | 110 +++++++++++++++++++++ 2 files changed, 110 insertions(+), 98 deletions(-) delete mode 100644 net-misc/hylafaxplus/files/hylafax-cryptglibc.patch create mode 100644 net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch (limited to 'net-misc/hylafaxplus/files') diff --git a/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch b/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch deleted file mode 100644 index dbfc8bac5393..000000000000 --- a/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch +++ /dev/null @@ -1,98 +0,0 @@ -diff -urN hylafax-5.5.4/hfaxd/Login.c++ hylafax-5.5.4-libc217/hfaxd/Login.c++ ---- hylafax-5.5.4/hfaxd/Login.c++ 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/hfaxd/Login.c++ 2013-11-13 12:56:02.000000000 +0100 -@@ -30,9 +30,6 @@ - #include - #include - #include --#if HAS_CRYPT_H --#include --#endif - - void - HylaFAXServer::loginRefused(const char* why) -@@ -434,7 +431,7 @@ - /* - * Check hosts.hfaxd first, then PAM, and last, LDAP - */ -- if (pass[0] == '\0' || !(strcmp(crypt(pass, passWd), passWd) == 0 || -+ if (pass[0] == '\0' || !(strcmp(Sys::crypt(pass, passWd), passWd) == 0 || - pamCheck(the_user, pass) || - ldapCheck(the_user,pass))) - { -@@ -513,7 +510,7 @@ - { - fxAssert(IS(LOGGEDIN), "ADMIN command permitted when not logged in"); - // NB: null adminWd is permitted -- if ((strcmp(crypt(pass, adminWd), adminWd) != 0) && !pamIsAdmin()) { -+ if ((strcmp(Sys::crypt(pass, adminWd), adminWd) != 0) && !pamIsAdmin()) { - if (++adminAttempts >= maxAdminAttempts) { - reply(530, "Password incorrect (closing connection)."); - logNotice("Repeated admin failures from %s [%s]" -diff -urN hylafax-5.5.4/hfaxd/SNPPServer.c++ hylafax-5.5.4-libc217/hfaxd/SNPPServer.c++ ---- hylafax-5.5.4/hfaxd/SNPPServer.c++ 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/hfaxd/SNPPServer.c++ 2013-11-13 12:55:42.000000000 +0100 -@@ -36,9 +36,6 @@ - #include "RE.h" - - #include --#if HAS_CRYPT_H --#include --#endif - - extern "C" { - #include -@@ -1003,7 +1000,7 @@ - - if (checkUser(loginID)) { - if (passWd != "") { -- if (pass[0] == '\0' || !(streq(crypt(pass, passWd), passWd) || pamCheck(the_user, pass))) { -+ if (pass[0] == '\0' || !(streq(Sys::crypt(pass, passWd), passWd) || pamCheck(the_user, pass))) { - if (++loginAttempts >= maxLoginAttempts) { - reply(421, "Login incorrect (closing connection)."); - logNotice("Repeated SNPP login failures for user %s from %s [%s]" -diff -urN hylafax-5.5.4/hfaxd/User.c++ hylafax-5.5.4-libc217/hfaxd/User.c++ ---- hylafax-5.5.4/hfaxd/User.c++ 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/hfaxd/User.c++ 2013-11-13 12:55:19.000000000 +0100 -@@ -30,9 +30,6 @@ - - #include - #include --#if HAS_CRYPT_H --#include --#endif - #include - - #ifndef CHAR_BIT -@@ -374,7 +371,7 @@ - #else - to64(&salt[0], random(), 2); - #endif -- result = crypt(pass, salt); -+ result = Sys::crypt(pass, salt); - return (true); - } - -diff -urN hylafax-5.5.4/util/Sys.h hylafax-5.5.4-libc217/util/Sys.h ---- hylafax-5.5.4/util/Sys.h 2013-08-07 01:23:35.000000000 +0200 -+++ hylafax-5.5.4-libc217/util/Sys.h 2013-11-13 12:56:26.000000000 +0100 -@@ -44,6 +44,10 @@ - #include - #endif - -+#if HAS_CRYPT_H -+#include -+#endif -+ - /* - * Wrapper functions for C library calls. - * -@@ -140,5 +144,8 @@ - { return ::fopen(filename, mode); } - - static int getOpenMax(); -+ -+ static const char* crypt(const char* key, const char* salt) -+ { const char* enc = ::crypt(key, salt); return enc ? enc : ""; } - }; - #endif /* _Sys_ */ diff --git a/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch b/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch new file mode 100644 index 000000000000..6c484590c468 --- /dev/null +++ b/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch @@ -0,0 +1,110 @@ +commit e8f8196230ae15f6f7d7104ded3e2633002506e4 +Author: faxguy +Date: Sat Jun 13 23:46:33 2020 +0000 + + Johannes Segitz reported two issues: + + 1) faxaddmodem, faxsetup, and probemodem create temporary directories in a way that is not secure due to a race condition. + + 2) The HylaFAX spool directory bin and etc subdirectories are not secure against uucp deleting and recreating scripts that root runs. + + These changes address these two issues. + + + + git-svn-id: https://svn.code.sf.net/p/hylafax/HylaFAX+@2534 5505949e-d877-4686-9e03-c53b7a51b376 + +diff --git a/CONTRIBUTORS b/CONTRIBUTORS +index 057739f..a9d4f21 100644 +--- a/CONTRIBUTORS ++++ b/CONTRIBUTORS +@@ -203,6 +203,7 @@ following for their contributions: + Travis Schafer LogSend and LogRecv modem config options, documentation fixes + Sven Schmidt + Steven Schoch faxrcvd faxinfo text parsing ++ Johannes Segitz code security audit + John Sellens + Chris Severance documentation fixes, scripting improvements + Simon +diff --git a/Makefile.in b/Makefile.in +index 1ee4d76..ec0cda7 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -208,7 +208,10 @@ makeServerDirs:: + -idb hylafax.sw.server -root ${INSTALLROOT} -dir ${SPOOL} + -${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m ${DIRMODE} \ + -idb hylafax.sw.server -dir \ +- -root ${INSTALLROOT} -F ${SPOOL} bin client config dev etc info log recvq status ++ -root ${INSTALLROOT} -F ${SPOOL} client config dev info log recvq status ++ -${INSTALL} -u root -g root -m ${DIRMODE} \ ++ -idb hylafax.sw.server -dir \ ++ -root ${INSTALLROOT} -F ${SPOOL} bin etc + -${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m 700 \ + -idb hylafax.sw.server -dir \ + -root ${INSTALLROOT} -F ${SPOOL} sendq doneq docq tmp pollq archive +diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in +index dc39917..c4d3ff1 100644 +--- a/etc/faxaddmodem.sh.in ++++ b/etc/faxaddmodem.sh.in +@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then + fi + + # security ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.faxaddmodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -rf $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + CPATH=$SPOOL/etc/config # prefix of configuration file +diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in +index 556eef5..b4aae40 100644 +--- a/etc/faxsetup.sh.in ++++ b/etc/faxsetup.sh.in +@@ -922,12 +922,14 @@ if onServer; then + # + + # Setup TMPDIR before anything can trap and rm it ++ o="`umask`" ++ umask 077 + TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null` ++ umask "$o" + if test x$TMPDIR = x; then +- TMPDIR=/tmp/.faxsetup$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +- $RM -rf $TMPDIR +- (umask 077 ; mkdir $TMPDIR) || exit 1 + + JUNK="etc/setup.tmp" + trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15 +diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in +index 55b5d9b..c0abf15 100644 +--- a/etc/probemodem.sh.in ++++ b/etc/probemodem.sh.in +@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || { + . $SPOOL/etc/setup.cache # common configuration stuff + . $SPOOL/etc/setup.modem # modem-specific stuff + ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.probemodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -fr $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded -- cgit v1.2.3