main/mkinitfs: fix permissions of initramfs

it may contain sensitive information fixes #11044
author: Natanael Copa <ncopa@alpinelinux.org> 2019-12-18 15:39:20 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-12-18 15:39:20 +0000
commit: 27b8dc5bd034f91683012dcb5ad680e64c72c712 (patch)
tree: 4e52de319d3c6f7f1ac7ede98c88cd98ded5a4af
parent: c467afc6754584e901ba177a66365fa31f254a44 (diff)
download: alpine_aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.tar.bz2
alpine_aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.tar.xz
alpine_aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.zip
2 files changed, 30 insertions, 2 deletions
diff --git a/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch b/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch
new file mode 100644
index 0000000000..9c67315bc3
--- /dev/null
+++ b/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch
@@ -0,0 +1,26 @@
+From 23fe38c883439310ead972e734cba985b7baaf63 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 18 Dec 2019 11:48:14 +0000
+Subject: [PATCH] mkinitfs: harden permissions of initramfs
+ref https://gitlab.alpinelinux.org/alpine/aports/issues/11044
+---
+ mkinitfs.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/mkinitfs.in b/mkinitfs.in
+index 8cd3de3..9bd95f9 100755
+--- a/mkinitfs.in
+++ b/mkinitfs.in
+@@ -153,7 +153,7 @@ initfs_cpio() {
+                return
+        fi
+        rm -f $outfile
+-       umask 0022
+       umask 0077
+        (cd "$tmpdir" && find . | sort | cpio --quiet -o -H newc | $comp) > $outfile
+ }
+ 
+-- 
+2.24.1
diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD
index d0b4ea2795..5b3e32b146 100644
--- a/main/mkinitfs/APKBUILD
+++ b/main/mkinitfs/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=mkinitfs
 pkgver=3.4.3
 _ver=${pkgver%_git*}
-pkgrel=3
+pkgrel=4
 pkgdesc="Tool to generate initramfs images for Alpine"
 url="https://git.alpinelinux.org/cgit/mkinitfs"
 arch="all"
@@ -19,6 +19,7 @@ source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$_ver.tar.xz
        0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch
        0001-features-add-af_packet-kernel-module-for-dhcp.patch
        0001-Helping-parsing-code-survive-variable-settings-with-.patch
+        0001-mkinitfs-harden-permissions-of-initramfs.patch
        "
 build() {
@@ -34,4 +35,5 @@ package() {
 sha512sums="d335a6f58ca38a3cc6dcc560baaabd3ea9522ce25de008eb637f0761db7f783c3b03767ba046c3d34550d1d0741bcc54ad09903b41e79fe408264eadbbc0a457  mkinitfs-3.4.3.tar.xz
 6b7c16035181ab96a1d0dad9f31df8d74e6d39db775ce540b2b2efaaa4d918a18f331829f4113bff7a38805f648b7d83b7ec15adaaf78b17c9465dc0a19e8b32  0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch
 2b29aceee789a79c5395e9a4e896aa0561f812420aa98ab9febdca8e1ea34691d2b819a8f0c09e56d198fda587e569ce026bc6aacdb700ea00a91fc08dcd3a05  0001-features-add-af_packet-kernel-module-for-dhcp.patch
-2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847  0001-Helping-parsing-code-survive-variable-settings-with-.patch"
+2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847  0001-Helping-parsing-code-survive-variable-settings-with-.patch
+848c4e4a30eb878a3733289e00b55665c72b1f810a98e2f04df7a82dfb442ec5be9413719b3f1a1116458571730ffa30e14dc746cfa9dc482c13b49ebac84d2f  0001-mkinitfs-harden-permissions-of-initramfs.patch"
author	Natanael Copa <ncopa@alpinelinux.org>	2019-12-18 15:39:20 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-12-18 15:39:20 +0000
commit	27b8dc5bd034f91683012dcb5ad680e64c72c712 (patch)
tree	4e52de319d3c6f7f1ac7ede98c88cd98ded5a4af
parent	c467afc6754584e901ba177a66365fa31f254a44 (diff)
download	alpine_aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.tar.bz2 alpine_aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.tar.xz alpine_aports-27b8dc5bd034f91683012dcb5ad680e64c72c712.zip

diff --git a/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch b/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch new file mode 100644 index 0000000000..9c67315bc3 --- /dev/null +++ b/main/mkinitfs/0001-mkinitfs-harden-permissions-of-initramfs.patch
@@ -0,0 +1,26 @@
		1	From 23fe38c883439310ead972e734cba985b7baaf63 Mon Sep 17 00:00:00 2001
		2	From: Natanael Copa <ncopa@alpinelinux.org>
		3	Date: Wed, 18 Dec 2019 11:48:14 +0000
		4	Subject: [PATCH] mkinitfs: harden permissions of initramfs
		5
		6	ref https://gitlab.alpinelinux.org/alpine/aports/issues/11044
		7	---
		8	mkinitfs.in \| 2 +-
		9	1 file changed, 1 insertion(+), 1 deletion(-)
		10
		11	diff --git a/mkinitfs.in b/mkinitfs.in
		12	index 8cd3de3..9bd95f9 100755
		13	--- a/mkinitfs.in
		14	+++ b/mkinitfs.in
		15	@@ -153,7 +153,7 @@ initfs_cpio() {
		16	return
		17	fi
		18	rm -f $outfile
		19	- umask 0022
		20	+ umask 0077
		21	(cd "$tmpdir" && find . \| sort \| cpio --quiet -o -H newc \| $comp) > $outfile
		22	}
		23
		24	--
		25	2.24.1
		26


diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD index d0b4ea2795..5b3e32b146 100644 --- a/main/mkinitfs/APKBUILD +++ b/main/mkinitfs/APKBUILD
@@ -2,7 +2,7 @@
2	pkgname=mkinitfs	2	pkgname=mkinitfs
3	pkgver=3.4.3	3	pkgver=3.4.3
4	_ver=${pkgver%_git*}	4	_ver=${pkgver%_git*}
5	pkgrel=3	5	pkgrel=4
6	pkgdesc="Tool to generate initramfs images for Alpine"	6	pkgdesc="Tool to generate initramfs images for Alpine"
7	url="https://git.alpinelinux.org/cgit/mkinitfs"	7	url="https://git.alpinelinux.org/cgit/mkinitfs"
8	arch="all"	8	arch="all"
@@ -19,6 +19,7 @@ source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$_ver.tar.xz
19	0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch	19	0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch
20	0001-features-add-af_packet-kernel-module-for-dhcp.patch	20	0001-features-add-af_packet-kernel-module-for-dhcp.patch
21	0001-Helping-parsing-code-survive-variable-settings-with-.patch	21	0001-Helping-parsing-code-survive-variable-settings-with-.patch
		22	0001-mkinitfs-harden-permissions-of-initramfs.patch
22	"	23	"
23		24
24	build() {	25	build() {
@@ -34,4 +35,5 @@ package() {
34	sha512sums="d335a6f58ca38a3cc6dcc560baaabd3ea9522ce25de008eb637f0761db7f783c3b03767ba046c3d34550d1d0741bcc54ad09903b41e79fe408264eadbbc0a457 mkinitfs-3.4.3.tar.xz	35	sha512sums="d335a6f58ca38a3cc6dcc560baaabd3ea9522ce25de008eb637f0761db7f783c3b03767ba046c3d34550d1d0741bcc54ad09903b41e79fe408264eadbbc0a457 mkinitfs-3.4.3.tar.xz
35	6b7c16035181ab96a1d0dad9f31df8d74e6d39db775ce540b2b2efaaa4d918a18f331829f4113bff7a38805f648b7d83b7ec15adaaf78b17c9465dc0a19e8b32 0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch	36	6b7c16035181ab96a1d0dad9f31df8d74e6d39db775ce540b2b2efaaa4d918a18f331829f4113bff7a38805f648b7d83b7ec15adaaf78b17c9465dc0a19e8b32 0001-nlplug-findfs.c-Explicitly-include-sys-sysmacros.h-d.patch
36	2b29aceee789a79c5395e9a4e896aa0561f812420aa98ab9febdca8e1ea34691d2b819a8f0c09e56d198fda587e569ce026bc6aacdb700ea00a91fc08dcd3a05 0001-features-add-af_packet-kernel-module-for-dhcp.patch	37	2b29aceee789a79c5395e9a4e896aa0561f812420aa98ab9febdca8e1ea34691d2b819a8f0c09e56d198fda587e569ce026bc6aacdb700ea00a91fc08dcd3a05 0001-features-add-af_packet-kernel-module-for-dhcp.patch
37	2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847 0001-Helping-parsing-code-survive-variable-settings-with-.patch"	38	2a443d1c45533c39339c5f30c0a0318205f59f2fadf4ce4b3992439cecb9f6f3c2c5d9dbaa1be89b2d09d4ec8876280963f7ea93b68f3a0f26cec99e1028d847 0001-Helping-parsing-code-survive-variable-settings-with-.patch
		39	848c4e4a30eb878a3733289e00b55665c72b1f810a98e2f04df7a82dfb442ec5be9413719b3f1a1116458571730ffa30e14dc746cfa9dc482c13b49ebac84d2f 0001-mkinitfs-harden-permissions-of-initramfs.patch"