mpack: patch CVE-2011-4919

More information available here: https://www.openwall.com/lists/oss-security/2011/12/31/1 The original patch is by Sebastian Pipping and is available here: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f We copy the patch in-tree, as the original source of the patch did not have the "raw" diff made available. Closes NixOS#90905
peterhoeg · May 19, 2024 · f5f7da6 · f5f7da6
1 parent bd9b171
commit f5f7da6
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/pkgs/tools/networking/mpack/CVE-2011-4919.patch b/pkgs/tools/networking/mpack/CVE-2011-4919.patch
@@ -0,0 +1,23 @@
+commit 0c87201f64491575350b18d04c62ec142e119d1f
+Author: Sebastian Pipping <sebastian@pipping.org>
+Date:   Sat, 31 Dec 2011 19:17:20 +0000 (20:17 +0100)
+Source: https://web.archive.org/web/20120128080247/http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f
+
+    Fix permissions
+
+diff --git a/unixos.c b/unixos.c
+index fa6d0a7..0e2f469 100644 (file)
+--- a/unixos.c
++++ b/unixos.c
+@@ -134,9 +134,9 @@ FILE *os_createnewfile(char *fname)
+     FILE *ret;
+
+ #ifdef O_EXCL
+-    fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
++    fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
+ #else
+-    fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
++    fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
+
+     if (fd == -1)
diff --git a/pkgs/tools/networking/mpack/default.nix b/pkgs/tools/networking/mpack/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "0k590z96509k96zxmhv72gkwhrlf55jkmyqlzi72m61r7axhhh97";
   };
 
-  patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ];
+  patches = [ ./build-fix.patch ./sendmail-via-execvp.diff ./CVE-2011-4919.patch ];
 
   postPatch = ''
     for f in *.{c,man,pl,unix} ; do