trousers: 0.3.14 -> 0.3.15

Fix CVE-2020-24332, CVE-2020-24330 and CVE-2020-24331.
2021-01-26 22:49:13 +01:00 · 2021-01-26 22:49:13 +01:00 · 82a6b7b258
parent 5f472181f2
commit 82a6b7b258
2 changed files with 6 additions and 8 deletions
--- a/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
+++ b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch
@ -7,10 +7,10 @@ diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/
 +#ifndef ALLOW_NON_TSS_CONFIG_FILE
 	/* make sure user/group TSS owns the conf file */
- 	if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
+ 	if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) {
 		LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
@@ -775,6 +776,7 @@
- 		LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
+ 		LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file);
 		return TCSERR(TSS_E_INTERNAL_ERROR);
 	}
 +#endif
--- a/pkgs/tools/security/trousers/default.nix
+++ b/pkgs/tools/security/trousers/default.nix
@ -1,17 +1,15 @@
-{ lib, stdenv, fetchurl, openssl, pkg-config }:
+{ lib, stdenv, fetchurl, openssl, pkg-config, autoreconfHook }:
 stdenv.mkDerivation rec {
  pname = "trousers";
-  version = "0.3.14";
+  version = "0.3.15";
  src = fetchurl {
    url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz";
-    sha256 = "0iwgsbrbb7nfqgl61x8aailwxm8akxh9gkcwxhsvf50x4qx72l6f";
+    sha256 = "0zy7r9cnr2gvwr2fb1q4fc5xnvx405ymcbrdv7qsqwl3a4zfjnqy";
  };
-  sourceRoot = ".";
+  nativeBuildInputs = [ pkg-config autoreconfHook ];
  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ openssl ];
  patches = [ ./allow-non-tss-config-file-owner.patch ];