diff options
author | sbd <sbd@pkgsrc.org> | 2011-12-14 02:42:40 +0000 |
---|---|---|
committer | sbd <sbd@pkgsrc.org> | 2011-12-14 02:42:40 +0000 |
commit | f0c7595f93550bf6c52c1a26ddffeaae5476d663 (patch) | |
tree | c07ca9cae20ff1b7e71e8bc04276d3ca6bf53c40 | |
parent | a5f65fd8268f8f0e35a3dd56e15bc689b634e961 (diff) | |
download | pkgsrc-f0c7595f93550bf6c52c1a26ddffeaae5476d663.tar.gz |
Pullup ticket #3630 - requested by spz
security/openpam security patch
Revisions pulled up:
- security/openpam/Makefile 1.16
- security/openpam/distinfo 1.8
- security/openpam/patches/patch-ab 1.4
---
Module Name: pkgsrc
Committed By: spz
Date: Tue Dec 13 15:57:08 UTC 2011
Modified Files:
pkgsrc/security/openpam: Makefile distinfo
pkgsrc/security/openpam/patches: patch-ab
Log Message:
added prevention of CVE-2011-4122 taken from NetBSD src
-rw-r--r-- | security/openpam/Makefile | 4 | ||||
-rw-r--r-- | security/openpam/distinfo | 4 | ||||
-rw-r--r-- | security/openpam/patches/patch-ab | 20 |
3 files changed, 23 insertions, 5 deletions
diff --git a/security/openpam/Makefile b/security/openpam/Makefile index a365713f7a3..75d94390863 100644 --- a/security/openpam/Makefile +++ b/security/openpam/Makefile @@ -1,12 +1,14 @@ -# $NetBSD: Makefile,v 1.15 2008/02/18 16:48:12 jlam Exp $ +# $NetBSD: Makefile,v 1.15.34.1 2011/12/14 02:42:40 sbd Exp $ DISTNAME= openpam-20071221 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openpam/} +PKGREVISION= 1 MAINTAINER= joerg@NetBSD.org HOMEPAGE= http://www.openpam.org/ COMMENT= Open-source PAM library +LICENSE= modified-bsd PKG_DESTDIR_SUPPORT= user-destdir diff --git a/security/openpam/distinfo b/security/openpam/distinfo index 8c3475797ca..baa9c75c684 100644 --- a/security/openpam/distinfo +++ b/security/openpam/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.7 2008/02/18 18:22:18 jlam Exp $ +$NetBSD: distinfo,v 1.7.34.1 2011/12/14 02:42:40 sbd Exp $ SHA1 (openpam-20071221.tar.gz) = 43d41fa4a86199077c4fe193c52c59365f4c317e RMD160 (openpam-20071221.tar.gz) = cd8f7e94984693b0f892f226bfed6a3f9b24ec72 Size (openpam-20071221.tar.gz) = 396932 bytes -SHA1 (patch-ab) = 8ade188799693e6d7c28f27faf060c645c5d97c5 +SHA1 (patch-ab) = 2405cccb175e58914e36a26ac8aa896a1334b145 SHA1 (patch-ac) = 72fb5ffb67edf9892e6c2db5485fdf51ea4b50ce SHA1 (patch-ad) = 08b0dbd2d84c4239ea898f137d2f0ed7f7476d74 SHA1 (patch-ae) = 4f31bdde2cca94377c4e3ac8e4d42512764b3fac diff --git a/security/openpam/patches/patch-ab b/security/openpam/patches/patch-ab index 08b053bf302..06510c8f4df 100644 --- a/security/openpam/patches/patch-ab +++ b/security/openpam/patches/patch-ab @@ -1,6 +1,9 @@ -$NetBSD: patch-ab,v 1.3 2008/02/18 18:22:18 jlam Exp $ +$NetBSD: patch-ab,v 1.3.34.1 2011/12/14 02:42:40 sbd Exp $ ---- lib/openpam_configure.c.orig 2007-12-21 06:36:24.000000000 -0500 +- pkgsrcification +- prevention of CVE-2011-4122 taken from NetBSD src + +--- lib/openpam_configure.c.orig 2007-12-21 11:36:24.000000000 +0000 +++ lib/openpam_configure.c @@ -70,7 +70,7 @@ static int match_word(const char *str, const char *word) @@ -47,3 +50,16 @@ $NetBSD: patch-ab,v 1.3 2008/02/18 18:22:18 jlam Exp $ NULL }; +@@ -285,6 +287,12 @@ openpam_load_chain(pam_handle_t *pamh, + size_t len; + int r; + ++ /* Don't allow an escape from policy_path. */ ++ if (strchr(service, '/') != NULL) { ++ openpam_log(PAM_LOG_ERROR, "illegal service \"%s\"", service); ++ return (-PAM_SYSTEM_ERR); ++ } ++ + for (path = openpam_policy_path; *path != NULL; ++path) { + len = strlen(*path); + if ((*path)[len - 1] == '/') { |