mpack: patch CVE-2011-4919

More information available here: https://www.openwall.com/lists/oss-security/2011/12/31/1 The original patch is by Sebastian Pipping and is available here: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f We copy the patch in-tree, as the original source of the patch did not have the "raw" diff made available. Closes #90905
2024-10-06 12:39:54 +03:00 · 2024-05-14 21:18:36 -07:00 · 2024-05-14 21:18:36 -07:00 · f5f7da678b
commit f5f7da678b
parent bd9b1718a9
2 changed files with 24 additions and 1 deletions
--- a/pkgs/tools/networking/mpack/CVE-2011-4919.patch
+++ b/pkgs/tools/networking/mpack/CVE-2011-4919.patch
@ -0,0 +1,23 @@
+commit 0c87201f64491575350b18d04c62ec142e119d1f
+Author: Sebastian Pipping <sebastian@pipping.org>
+Date:   Sat, 31 Dec 2011 19:17:20 +0000 (20:17 +0100)
+Source: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f
+
+    Fix permissions
+
+diff --git a/unixos.c b/unixos.c
+index fa6d0a7..0e2f469 100644 (file)
+--- a/unixos.c
+++ b/unixos.c
+@@ -134,9 +134,9 @@ FILE *os_createnewfile(char *fname)
+     FILE *ret;
+      
+ #ifdef O_EXCL
+-    fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
+    fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
+ #else
+-    fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
+    fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+ 
+     if (fd == -1)
--- a/pkgs/tools/networking/mpack/default.nix
+++ b/pkgs/tools/networking/mpack/default.nix
@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
    sha256 = "0k590z96509k96zxmhv72gkwhrlf55jkmyqlzi72m61r7axhhh97";
  };

-  patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ];
+  patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ./CVE-2011-4919.patch ];

  postPatch = ''
    for f in *.{c,man,pl,unix} ; do