trousers: 0.3.14 -> 0.3.15

Fix CVE-2020-24332, CVE-2020-24330 and CVE-2020-24331.
This commit is contained in:
Thomas Gerbet 2021-01-26 22:49:13 +01:00
parent 5f472181f2
commit 82a6b7b258
2 changed files with 6 additions and 8 deletions

View file

@ -7,10 +7,10 @@ diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/
+#ifndef ALLOW_NON_TSS_CONFIG_FILE
/* make sure user/group TSS owns the conf file */
if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
@@ -775,6 +776,7 @@
LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
return TCSERR(TSS_E_INTERNAL_ERROR);
}
+#endif

View file

@ -1,17 +1,15 @@
{ lib, stdenv, fetchurl, openssl, pkg-config }:
{ lib, stdenv, fetchurl, openssl, pkg-config, autoreconfHook }:
stdenv.mkDerivation rec {
pname = "trousers";
version = "0.3.14";
version = "0.3.15";
src = fetchurl {
url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz";
sha256 = "0iwgsbrbb7nfqgl61x8aailwxm8akxh9gkcwxhsvf50x4qx72l6f";
sha256 = "0zy7r9cnr2gvwr2fb1q4fc5xnvx405ymcbrdv7qsqwl3a4zfjnqy";
};
sourceRoot = ".";
nativeBuildInputs = [ pkg-config ];
nativeBuildInputs = [ pkg-config autoreconfHook ];
buildInputs = [ openssl ];
patches = [ ./allow-non-tss-config-file-owner.patch ];