gentoo resync : 25.08.2020

2 files changed, 110 insertions, 98 deletions

diff --git a/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch b/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch
deleted file mode 100644
index dbfc8bac5393..000000000000
--- a/net-misc/hylafaxplus/files/hylafax-cryptglibc.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-diff -urN hylafax-5.5.4/hfaxd/Login.c++ hylafax-5.5.4-libc217/hfaxd/Login.c++
---- hylafax-5.5.4/hfaxd/Login.c++	2013-08-07 01:23:35.000000000 +0200
-+++ hylafax-5.5.4-libc217/hfaxd/Login.c++	2013-11-13 12:56:02.000000000 +0100
-@@ -30,9 +30,6 @@
- #include <ctype.h>
- #include <fcntl.h>
- #include <pwd.h>
--#if HAS_CRYPT_H
--#include <crypt.h>
--#endif
- 
- void
- HylaFAXServer::loginRefused(const char* why)
-@@ -434,7 +431,7 @@
-     /*
-      * Check hosts.hfaxd first, then PAM, and last, LDAP
-      */
--    if (pass[0] == '\0' || !(strcmp(crypt(pass, passWd), passWd) == 0 || 
-+    if (pass[0] == '\0' || !(strcmp(Sys::crypt(pass, passWd), passWd) == 0 || 
- 			     pamCheck(the_user, pass) || 
- 			     ldapCheck(the_user,pass)))
-     {
-@@ -513,7 +510,7 @@
- {
-     fxAssert(IS(LOGGEDIN), "ADMIN command permitted when not logged in");
-     // NB: null adminWd is permitted
--    if ((strcmp(crypt(pass, adminWd), adminWd) != 0) && !pamIsAdmin()) {
-+    if ((strcmp(Sys::crypt(pass, adminWd), adminWd) != 0) && !pamIsAdmin()) {
- 	if (++adminAttempts >= maxAdminAttempts) {
- 	    reply(530, "Password incorrect (closing connection).");
- 	    logNotice("Repeated admin failures from %s [%s]"
-diff -urN hylafax-5.5.4/hfaxd/SNPPServer.c++ hylafax-5.5.4-libc217/hfaxd/SNPPServer.c++
---- hylafax-5.5.4/hfaxd/SNPPServer.c++	2013-08-07 01:23:35.000000000 +0200
-+++ hylafax-5.5.4-libc217/hfaxd/SNPPServer.c++	2013-11-13 12:55:42.000000000 +0100
-@@ -36,9 +36,6 @@
- #include "RE.h"
- 
- #include <ctype.h>
--#if HAS_CRYPT_H
--#include <crypt.h>
--#endif
- 
- extern "C" {
- #include <netdb.h>
-@@ -1003,7 +1000,7 @@
- 
-     if (checkUser(loginID)) {
- 	if (passWd != "") {
--	    if (pass[0] == '\0' || !(streq(crypt(pass, passWd), passWd) || pamCheck(the_user, pass))) {
-+	    if (pass[0] == '\0' || !(streq(Sys::crypt(pass, passWd), passWd) || pamCheck(the_user, pass))) {
- 		if (++loginAttempts >= maxLoginAttempts) {
- 		    reply(421, "Login incorrect (closing connection).");
- 		    logNotice("Repeated SNPP login failures for user %s from %s [%s]"
-diff -urN hylafax-5.5.4/hfaxd/User.c++ hylafax-5.5.4-libc217/hfaxd/User.c++
---- hylafax-5.5.4/hfaxd/User.c++	2013-08-07 01:23:35.000000000 +0200
-+++ hylafax-5.5.4-libc217/hfaxd/User.c++	2013-11-13 12:55:19.000000000 +0100
-@@ -30,9 +30,6 @@
- 
- #include <ctype.h>
- #include <pwd.h>
--#if HAS_CRYPT_H
--#include <crypt.h>
--#endif
- #include <math.h>
- 
- #ifndef CHAR_BIT
-@@ -374,7 +371,7 @@
- #else
-     to64(&salt[0], random(), 2);
- #endif
--    result = crypt(pass, salt);
-+    result = Sys::crypt(pass, salt);
-     return (true);
- }
- 
-diff -urN hylafax-5.5.4/util/Sys.h hylafax-5.5.4-libc217/util/Sys.h
---- hylafax-5.5.4/util/Sys.h	2013-08-07 01:23:35.000000000 +0200
-+++ hylafax-5.5.4-libc217/util/Sys.h	2013-11-13 12:56:26.000000000 +0100
-@@ -44,6 +44,10 @@
- #include <osfcn.h>
- #endif
- 
-+#if HAS_CRYPT_H
-+#include <crypt.h>
-+#endif
-+
- /*
-  * Wrapper functions for C library calls.
-  *
-@@ -140,5 +144,8 @@
- 	{ return ::fopen(filename, mode); }
- 
-     static int getOpenMax();
-+
-+    static const char* crypt(const char* key, const char* salt)
-+	{ const char* enc = ::crypt(key, salt); return enc ? enc : ""; }
- };
- #endif /* _Sys_ */
diff --git a/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch b/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch
new file mode 100644
index 000000000000..6c484590c468
--- /dev/null
+++ b/net-misc/hylafaxplus/files/hylafaxplus-CVE-2020-1539x.patch
@@ -0,0 +1,110 @@
+commit e8f8196230ae15f6f7d7104ded3e2633002506e4
+Author: faxguy <faxguy@5505949e-d877-4686-9e03-c53b7a51b376>
+Date:   Sat Jun 13 23:46:33 2020 +0000
+
+    Johannes Segitz reported two issues:
+    
+    1) faxaddmodem, faxsetup, and probemodem create temporary directories in a way that is not secure due to a race condition.
+    
+    2) The HylaFAX spool directory bin and etc subdirectories are not secure against uucp deleting and recreating scripts that root runs.
+    
+    These changes address these two issues.
+    
+    
+    
+    git-svn-id: https://svn.code.sf.net/p/hylafax/HylaFAX+@2534 5505949e-d877-4686-9e03-c53b7a51b376
+
+diff --git a/CONTRIBUTORS b/CONTRIBUTORS
+index 057739f..a9d4f21 100644
+--- a/CONTRIBUTORS
++++ b/CONTRIBUTORS
+@@ -203,6 +203,7 @@ following for their contributions:
+   Travis Schafer			LogSend and LogRecv modem config options, documentation fixes
+   Sven Schmidt
+   Steven Schoch				faxrcvd faxinfo text parsing
++  Johannes Segitz			code security audit
+   John Sellens
+   Chris Severance			documentation fixes, scripting improvements
+   Simon <iahnl@iah.nl>
+diff --git a/Makefile.in b/Makefile.in
+index 1ee4d76..ec0cda7 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -208,7 +208,10 @@ makeServerDirs::
+ 	    -idb hylafax.sw.server -root ${INSTALLROOT} -dir ${SPOOL}
+ 	-${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m ${DIRMODE} \
+ 	    -idb hylafax.sw.server -dir \
+-	    -root ${INSTALLROOT} -F ${SPOOL} bin client config dev etc info log recvq status
++	    -root ${INSTALLROOT} -F ${SPOOL} client config dev info log recvq status
++	-${INSTALL} -u root -g root -m ${DIRMODE} \
++	    -idb hylafax.sw.server -dir \
++	    -root ${INSTALLROOT} -F ${SPOOL} bin etc
+ 	-${INSTALL} -u ${FAXUSER} -g ${FAXGROUP} -m 700 \
+ 	    -idb hylafax.sw.server -dir \
+ 	    -root ${INSTALLROOT} -F ${SPOOL} sendq doneq docq tmp pollq archive
+diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in
+index dc39917..c4d3ff1 100644
+--- a/etc/faxaddmodem.sh.in
++++ b/etc/faxaddmodem.sh.in
+@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then
+ fi
+ 
+ # security
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+-    TMPDIR=/tmp/.faxaddmodem$$
++    echo "Failed to create temporary directory.  Cannot continue."
++    exit 1
+ fi
+-@RM@ -rf $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+ 
+ SH=$SCRIPT_SH			# shell for use below
+ CPATH=$SPOOL/etc/config		# prefix of configuration file
+diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in
+index 556eef5..b4aae40 100644
+--- a/etc/faxsetup.sh.in
++++ b/etc/faxsetup.sh.in
+@@ -922,12 +922,14 @@ if onServer; then
+     #
+ 
+     # Setup TMPDIR before anything can trap and rm it
++    o="`umask`"
++    umask 077
+     TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null`
++    umask "$o"
+     if test x$TMPDIR = x; then
+-	TMPDIR=/tmp/.faxsetup$$
++	echo "Failed to create temporary directory.  Cannot continue."
++	exit 1
+     fi
+-    $RM -rf $TMPDIR
+-    (umask 077 ; mkdir $TMPDIR) || exit 1
+ 
+     JUNK="etc/setup.tmp"
+     trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15
+diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in
+index 55b5d9b..c0abf15 100644
+--- a/etc/probemodem.sh.in
++++ b/etc/probemodem.sh.in
+@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || {
+ . $SPOOL/etc/setup.cache	# common configuration stuff
+ . $SPOOL/etc/setup.modem	# modem-specific stuff
+ 
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+-    TMPDIR=/tmp/.probemodem$$
++    echo "Failed to create temporary directory.  Cannot continue."
++    exit 1
+ fi
+-@RM@ -fr $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+ 
+ SH=$SCRIPT_SH			# shell for use below
+ OUT=$TMPDIR/probemodem$$	# temp file in which modem output is recorded