Pullup ticket 2200 - requested by hauke

security fix for gdm - pkgsrc/x11/gdm/Makefile 1.133 - pkgsrc/x11/gdm/distinfo 1.51 - pkgsrc/x11/gdm/patches/patch-am 1.3 - pkgsrc/x11/gdm/patches/patch-an 1.1 Module Name: pkgsrc Committed By: hauke Date: Thu Oct 11 09:35:11 UTC 2007 Added Files: pkgsrc/x11/gdm/patches: patch-am patch-an Log Message: The code to verify user and password provided in daemon/verify-{crypt,shadow}.c prints out the user name in various places, where daemon/verify-pam.c code does not. Get out of sync with the login dialog, and you'll have your password logged. Adapt patches from the gdm 2.20 branch for (1) not logging the user name in any sy slog error messages (2) not localizing the log messages. Fixes PR 31417.
author: ghen <ghen@pkgsrc.org> 2007-10-22 09:14:36 +0000
committer: ghen <ghen@pkgsrc.org> 2007-10-22 09:14:36 +0000
commit: bf6430fe57688cca4423972a5f582c82f127982c (patch)
tree: ff9196ab1b334599273882bb48a4442d284a70da
parent: ad25e90e7908c8e1d79c9ae22c5ebab2278891c7 (diff)
download: pkgsrc-bf6430fe57688cca4423972a5f582c82f127982c.tar.gz
4 files changed, 205 insertions, 3 deletions
diff --git a/x11/gdm/Makefile b/x11/gdm/Makefile
index 2679b1284d5..903626bc066 100644
--- a/x11/gdm/Makefile
+++ b/x11/gdm/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.132 2007/09/21 13:04:29 wiz Exp $
+# $NetBSD: Makefile,v 1.132.2.1 2007/10/22 09:14:36 ghen Exp $
 #
 
 DISTNAME=	gdm-2.18.4
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	x11 gnome
 MASTER_SITES=	${MASTER_SITE_GNOME:=sources/gdm/2.18/}
 EXTRACT_SUFX=	.tar.bz2
diff --git a/x11/gdm/distinfo b/x11/gdm/distinfo
index d7afa14a6ab..ce04456c61a 100644
--- a/x11/gdm/distinfo
+++ b/x11/gdm/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2007/08/09 19:39:16 drochner Exp $
+$NetBSD: distinfo,v 1.50.2.1 2007/10/22 09:14:37 ghen Exp $
 
 SHA1 (gdm-2.18.4.tar.bz2) = 8bf2c8745d7c38f5f08641abed4ca103cad0ecb8
 RMD160 (gdm-2.18.4.tar.bz2) = 4922af1321f707279c1eb6354d1c56cc39bce20e
@@ -9,3 +9,5 @@ SHA1 (patch-ac) = 69b3539e50af0b32207b9ffeb7cb01645c9ece3c
 SHA1 (patch-ae) = c95265b55c968a0466e1ae50bbe58c121f05b027
 SHA1 (patch-ak) = e3eaf2dfa1e393f9808d22fe4384710a46a83afc
 SHA1 (patch-al) = 3b66dd3f4cdea6a3af5cbd0ff65eb02ccdead483
+SHA1 (patch-am) = 12db3ab28d530096d03575a92c5493d6149c39ed
+SHA1 (patch-an) = 45a9d4a8b5c8fa6014664525ae3e27fe3ad15208
diff --git a/x11/gdm/patches/patch-am b/x11/gdm/patches/patch-am
new file mode 100644
index 00000000000..82f8a61fe31
--- /dev/null
+++ b/x11/gdm/patches/patch-am
@@ -0,0 +1,100 @@
+$NetBSD: patch-am,v 1.2.18.1 2007/10/22 09:14:38 ghen Exp $
+
+--- daemon/verify-shadow.c.orig	2007-07-30 22:06:56.000000000 +0200
++++ daemon/verify-shadow.c
+@@ -199,7 +199,7 @@ authenticate_again:
+ 
+     if (pwent == NULL) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -213,7 +213,7 @@ authenticate_again:
+     if (ppasswd == NULL || (ppasswd[0] != '\0' &&
+ 			    strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -226,7 +226,7 @@ authenticate_again:
+     if ( ( ! gdm_get_value_bool (GDM_KEY_ALLOW_ROOT)||
+ 	  ( ! gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
+ 	pwent->pw_uid == 0) {
+-	    gdm_error (_("Root login disallowed on display '%s'"), display);
++	    gdm_error ("Root login disallowed on display '%s'", display);
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("The system administrator "
+ 					    "is not allowed to login "
+@@ -244,7 +244,7 @@ authenticate_again:
+     /* Check with the 'loginrestrictions' function
+        if the user has been disallowed */
+     if (loginrestrictions (login, 0, NULL, &message) != 0) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -268,7 +268,7 @@ authenticate_again:
+ 	(strcmp (pwent->pw_shell, "/sbin/nologin") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/true") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/false") == 0)) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -293,7 +293,7 @@ authenticate_again:
+     }
+ 
+     if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-	    gdm_error (_("Cannot set user group for %s"), login);
++	    gdm_error ("Cannot set user group");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nCannot set your user group; "
+ 					    "you will not be able to log in. "
+@@ -306,7 +306,7 @@ authenticate_again:
+ 
+     switch (passwdexpired (login, &info_msg)) {
+     case 1 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("You are required to change your password.\n"
+ 			     "Please choose a new one."));
+@@ -380,7 +380,7 @@ authenticate_again:
+ 	    break;
+ 
+     case 2 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("Your password has expired.\n"
+ 			     "Only a system administrator can now change it"));
+@@ -389,7 +389,7 @@ authenticate_again:
+ 	    break;    
+ 
+     case -1 :
+-	    gdm_error (_("Internal error on passwdexpired"));
++	    gdm_error ("Internal error on passwdexpired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("An internal error occurred. You will not be able to log in.\n"
+ 			     "Please try again later or contact your system administrator."));
+@@ -426,12 +426,12 @@ gdm_verify_setup_user (GdmDisplay *d, co
+ 
+ 	pwent = getpwnam (login);
+ 	if (pwent == NULL) {
+-		gdm_error (_("Cannot get passwd structure for %s"), login);
++		gdm_error ("Cannot get passwd structure for user");
+ 		return FALSE;
+ 	}
+ 
+ 	if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-		gdm_error (_("Cannot set user group for %s"), login);
++		gdm_error ("Cannot set user group");
+ 		gdm_error_box (d,
+ 			       GTK_MESSAGE_ERROR,
+ 			       _("\nCannot set your user group; "
diff --git a/x11/gdm/patches/patch-an b/x11/gdm/patches/patch-an
new file mode 100644
index 00000000000..47d9255ab79
--- /dev/null
+++ b/x11/gdm/patches/patch-an
@@ -0,0 +1,100 @@
+$NetBSD: patch-an,v 1.1.2.2 2007/10/22 09:14:39 ghen Exp $
+
+--- daemon/verify-crypt.c.orig	2007-07-30 22:06:56.000000000 +0200
++++ daemon/verify-crypt.c
+@@ -178,7 +178,7 @@ authenticate_again:
+ 
+     if (pwent == NULL) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -192,7 +192,7 @@ authenticate_again:
+     if (ppasswd == NULL || (ppasswd[0] != '\0' &&
+ 			    strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -205,7 +205,7 @@ authenticate_again:
+     if ( ( ! gdm_get_value_bool (GDM_KEY_ALLOW_ROOT)||
+ 	  ( ! gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
+ 	pwent->pw_uid == 0) {
+-	    gdm_error (_("Root login disallowed on display '%s'"), display);
++	    gdm_error ("Root login disallowed on display '%s'", display);
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("The system administrator "
+ 					    "is not allowed to login "
+@@ -223,7 +223,7 @@ authenticate_again:
+     /* Check with the 'loginrestrictions' function
+        if the user has been disallowed */
+     if (loginrestrictions (login, 0, NULL, &message) != 0) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -247,7 +247,7 @@ authenticate_again:
+ 	(strcmp (pwent->pw_shell, "/sbin/nologin") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/true") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/false") == 0)) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -272,7 +272,7 @@ authenticate_again:
+     }
+ 
+     if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-	    gdm_error (_("Cannot set user group for %s"), login);
++	    gdm_error ("Cannot set user group");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nCannot set your user group; "
+ 					    "you will not be able to log in. "
+@@ -285,7 +285,7 @@ authenticate_again:
+ 
+     switch (passwdexpired (login, &info_msg)) {
+     case 1 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("You are required to change your password.\n"
+ 			     "Please choose a new one."));
+@@ -358,7 +358,7 @@ authenticate_again:
+ 	    break;
+ 
+     case 2 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("Your password has expired.\n"
+ 			     "Only a system administrator can now change it"));
+@@ -367,7 +367,7 @@ authenticate_again:
+ 	    break;    
+ 
+     case -1 :
+-	    gdm_error (_("Internal error on passwdexpired"));
++	    gdm_error ("Internal error on passwdexpired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("An internal error occurred. You will not be able to log in.\n"
+ 			     "Please try again later or contact your system administrator."));
+@@ -405,12 +405,12 @@ gdm_verify_setup_user (GdmDisplay *d,
+ 
+ 	pwent = getpwnam (login);
+ 	if (pwent == NULL) {
+-		gdm_error (_("Cannot get passwd structure for %s"), login);
++		gdm_error ("Cannot get passwd structure for %s", login);
+ 		return FALSE;
+ 	}
+ 
+ 	if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-		gdm_error (_("Cannot set user group for %s"), login);
++		gdm_error ("Cannot set user group");
+ 		gdm_error_box (d,
+ 			       GTK_MESSAGE_ERROR,
+ 			       _("\nCannot set your user group; "
author	ghen <ghen@pkgsrc.org>	2007-10-22 09:14:36 +0000
committer	ghen <ghen@pkgsrc.org>	2007-10-22 09:14:36 +0000
commit	bf6430fe57688cca4423972a5f582c82f127982c (patch)
tree	ff9196ab1b334599273882bb48a4442d284a70da
parent	ad25e90e7908c8e1d79c9ae22c5ebab2278891c7 (diff)
download	pkgsrc-bf6430fe57688cca4423972a5f582c82f127982c.tar.gz