diff options
| author | tron <tron@pkgsrc.org> | 2011-11-20 10:36:31 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2011-11-20 10:36:31 +0000 |
| commit | 3535b68c4e7c73e4a83bfb227e34bf5a44c4de57 (patch) | |
| tree | b94d284eb06ec706058456727ea40d09deec33c1 | |
| parent | 9f46fdaf16e2524841180e2a38da530b9a5606b5 (diff) | |
| download | pkgsrc-3535b68c4e7c73e4a83bfb227e34bf5a44c4de57.tar.gz | |
Pullup ticket #3612 - requested by markd
x11/kdebase3: security patch
Revisions pulled up:
- x11/kdebase3/Makefile 1.163 via patch
- x11/kdebase3/distinfo 1.114
- x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c 1.1
---
Module Name: pkgsrc
Committed By: markd
Date: Sat Nov 19 21:17:28 UTC 2011
Modified Files:
pkgsrc/x11/kdebase3: Makefile distinfo
Added Files:
pkgsrc/x11/kdebase3/patches: patch-kcheckpass_checkpass_pam.c
Log Message:
Dont allow a path in pam_service. CVE-2011-4122
| -rw-r--r-- | x11/kdebase3/Makefile | 4 | ||||
| -rw-r--r-- | x11/kdebase3/distinfo | 3 | ||||
| -rw-r--r-- | x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/x11/kdebase3/Makefile b/x11/kdebase3/Makefile index 198e2c6355b..b303bca0760 100644 --- a/x11/kdebase3/Makefile +++ b/x11/kdebase3/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.161 2011/04/22 13:42:09 obache Exp $ +# $NetBSD: Makefile,v 1.161.4.1 2011/11/20 10:36:31 tron Exp $ DISTNAME= kdebase-${_KDE_VERSION} -PKGREVISION= 14 +PKGREVISION= 16 CATEGORIES= x11 COMMENT= Base modules for the KDE 3 integrated X11 desktop diff --git a/x11/kdebase3/distinfo b/x11/kdebase3/distinfo index 950d9cecedf..fc787b71bb1 100644 --- a/x11/kdebase3/distinfo +++ b/x11/kdebase3/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.113 2011/09/14 17:53:17 hans Exp $ +$NetBSD: distinfo,v 1.113.2.1 2011/11/20 10:36:31 tron Exp $ SHA1 (Daemon.README) = eb1e6af52adc02ded77af17e8953134b7e60d23b RMD160 (Daemon.README) = 39edd92ed4314397080f32a8caff0ac3f716ecf4 @@ -59,4 +59,5 @@ SHA1 (patch-gc) = e02ddb93ae7aa249b3b3e68690f587b2c98255b8 SHA1 (patch-gd) = 39469384668e4ee7fc489406e2813100fc90aa9b SHA1 (patch-ge) = 8470cf03d768d784714e926281757e9d68749360 SHA1 (patch-gf) = 78de196a700fa9cd5e221ff57c295fdb3562f931 +SHA1 (patch-kcheckpass_checkpass_pam.c) = b5dd2e50c5f1047d3c195836c8b2d06e11edea3b SHA1 (patch-kdesud) = acc40c2d1fb65e404a7aa0dbb6eae72fa7ac6a5e diff --git a/x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c b/x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c new file mode 100644 index 00000000000..820bc0916db --- /dev/null +++ b/x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c @@ -0,0 +1,15 @@ +$NetBSD: patch-kcheckpass_checkpass_pam.c,v 1.1.2.2 2011/11/20 10:36:31 tron Exp $ + +Don't allow pam_service to be a path. + +--- kcheckpass/checkpass_pam.c.orig 2007-10-08 09:51:09.000000000 +0000 ++++ kcheckpass/checkpass_pam.c +@@ -147,6 +147,8 @@ AuthReturn Authenticate(const char *call + PAM_data.classic = 1; + pam_service = caller; + } ++ if (strchr(pam_service, '/')) /* service shouldn't be a path */ ++ return AuthError; + pam_error = pam_start(pam_service, user, &PAM_conversation, &pamh); + if (pam_error != PAM_SUCCESS) + return AuthError; |