trousers: 0.3.14 -> 0.3.15

Fix CVE-2020-24332, CVE-2020-24330 and CVE-2020-24331.

2 files changed, 6 insertions, 8 deletions

diff --git a/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
index 774a14f72babe..391eb1ad589dd 100644
--- a/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
+++ b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
@@ -7,10 +7,10 @@ diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/
  
 +#ifndef ALLOW_NON_TSS_CONFIG_FILE
  	/* make sure user/group TSS owns the conf file */
- 	if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
+ 	if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
  		LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
 @@ -775,6 +776,7 @@
- 		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
+ 		LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
  		return TCSERR(TSS_E_INTERNAL_ERROR);
  	}
 +#endif
diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix
index c7a11e16f3908..16536409b5e6f 100644
--- a/pkgs/tools/security/trousers/default.nix
+++ b/pkgs/tools/security/trousers/default.nix
@@ -1,17 +1,15 @@
-{ lib, stdenv, fetchurl, openssl, pkg-config }:
+{ lib, stdenv, fetchurl, openssl, pkg-config, autoreconfHook }:
 
 stdenv.mkDerivation rec {
   pname = "trousers";
-  version = "0.3.14";
+  version = "0.3.15";
 
   src = fetchurl {
     url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz";
-    sha256 = "0iwgsbrbb7nfqgl61x8aailwxm8akxh9gkcwxhsvf50x4qx72l6f";
+    sha256 = "0zy7r9cnr2gvwr2fb1q4fc5xnvx405ymcbrdv7qsqwl3a4zfjnqy";
   };
 
-  sourceRoot = ".";
-
-  nativeBuildInputs = [ pkg-config ];
+  nativeBuildInputs = [ pkg-config autoreconfHook ];
   buildInputs = [ openssl ];
 
   patches = [ ./allow-non-tss-config-file-owner.patch ];