diff options
| author | Tomo <68489118+Tomodachi94@users.noreply.github.com> | 2024-05-14 21:18:36 -0700 |
|---|---|---|
| committer | Winter <winter@winter.cafe> | 2024-05-20 07:16:35 -0400 |
| commit | 4327aa9525a207eac709e6ecf9cb111522ad7b8c (patch) | |
| tree | c192f9584d55203369d5dc78aa7c88732e288f07 | |
| parent | 5980e560cc0bc476d108d119f1d13d6199099224 (diff) | |
mpack: patch CVE-2011-4919
More information available here: https://www.openwall.com/lists/oss-security/2011/12/31/1 The original patch is by Sebastian Pipping and is available here: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f We copy the patch in-tree, as the original source of the patch did not have the "raw" diff made available. Closes #90905 (cherry picked from commit 0184e92fa5d70df75f5824f96c0f77d158d46f31)
| -rw-r--r-- | pkgs/tools/networking/mpack/CVE-2011-4919.patch | 23 | ||||
| -rw-r--r-- | pkgs/tools/networking/mpack/default.nix | 2 |
2 files changed, 24 insertions, 1 deletions
diff --git a/pkgs/tools/networking/mpack/CVE-2011-4919.patch b/pkgs/tools/networking/mpack/CVE-2011-4919.patch new file mode 100644 index 0000000000000..10b9a1116ef39 --- /dev/null +++ b/pkgs/tools/networking/mpack/CVE-2011-4919.patch @@ -0,0 +1,23 @@ +commit 0c87201f64491575350b18d04c62ec142e119d1f +Author: Sebastian Pipping <sebastian@pipping.org> +Date: Sat, 31 Dec 2011 19:17:20 +0000 (20:17 +0100) +Source: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f + + Fix permissions + +diff --git a/unixos.c b/unixos.c +index fa6d0a7..0e2f469 100644 (file) +--- a/unixos.c ++++ b/unixos.c +@@ -134,9 +134,9 @@ FILE *os_createnewfile(char *fname) + FILE *ret; + + #ifdef O_EXCL +- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644); ++ fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600); + #else +- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644); ++ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600); + #endif + + if (fd == -1) diff --git a/pkgs/tools/networking/mpack/default.nix b/pkgs/tools/networking/mpack/default.nix index 2c9bf4ff2d308..669ef500c4556 100644 --- a/pkgs/tools/networking/mpack/default.nix +++ b/pkgs/tools/networking/mpack/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0k590z96509k96zxmhv72gkwhrlf55jkmyqlzi72m61r7axhhh97"; }; - patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ]; + patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ./CVE-2011-4919.patch ]; postPatch = '' for f in *.{c,man,pl,unix} ; do |