Merge #285898: storeBackup: 3.5 -> 3.5.2, patch CVE-2020-7040

pkgs/tools/backup/store-backup/CVE-2020-7040.patch

@@ -0,0 +1,23 @@
+Index: storeBackup/lib/fileDir.pl
+===================================================================
+--- storeBackup.orig/lib/fileDir.pl
++++ storeBackup/lib/fileDir.pl
+@@ -21,7 +21,7 @@
+ 
+ 
+ use Digest::MD5 qw(md5_hex);
+-use Fcntl qw(O_RDWR O_CREAT);
++use Fcntl qw(O_RDWR O_CREAT O_WRONLY O_EXCL);
+ use Fcntl ':mode';
+ use POSIX;
+ use Cwd 'abs_path';
+@@ -482,7 +482,7 @@ sub checkLockFile
+ 		  '-str' => ["creating lock file <$lockFile>"]);
+ 
+     &::checkDelSymLink($lockFile, $prLog, 0x01);
+-    open(FILE, '>', $lockFile) or
++    sysopen(FILE, $lockFile, O_WRONLY | O_CREAT | O_EXCL) or
+ 	$prLog->print('-kind' => 'E',
+ 		      '-str' => ["cannot create lock file <$lockFile>"],
+ 		      '-exit' => 1);
+

pkgs/tools/backup/store-backup/default.nix

@@ -14,7 +14,7 @@ in
 
 stdenv.mkDerivation rec {
 
-  version = "3.5";
+  version = "3.5.2";
 
   pname = "store-backup";
 
@@ -25,9 +25,14 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://download.savannah.gnu.org/releases/storebackup/storeBackup-${version}.tar.bz2";
-    sha256 = "0y4gzssc93x6y93mjsxm5b5cdh68d7ffa43jf6np7s7c99xxxz78";
+    hash = "sha256-Ki1DT2zypFFiiMVd9Y8eSX7T+yr8moWMoALmAexjqWU=";
   };
 
+  patches = [
+    # https://www.openwall.com/lists/oss-security/2020/01/20/3
+    ./CVE-2020-7040.patch
+  ];
+
   installPhase = ''
     mkdir -p $out/scripts
     mv * $out
@@ -48,7 +53,8 @@ stdenv.mkDerivation rec {
 
     PATH=$PATH:${dummyMount}/bin
 
-
+    export USER=test
+    export HOME=$(mktemp -d)
     { # simple sanity test, test backup/restore of simple store paths
 
       mkdir backup