diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2015-12-06 20:10:39 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2015-12-06 20:10:39 +0000 |
commit | af8955d2d810a7ff660116494c01f095a2b1ba4a (patch) | |
tree | 3cbd52826b9ccb5ed3e012571d6404667c761f75 | |
parent | 35ba960cffc4d92bc4680949604ccb46ba503888 (diff) | |
download | pkgsrc-af8955d2d810a7ff660116494c01f095a2b1ba4a.tar.gz |
Pullup ticket #4868 - requested by wiz
security/keepassx: security fix
Revisions pulled up:
- security/keepassx/Makefile 1.31
- security/keepassx/distinfo 1.8
- security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp 1.2
- security/keepassx/patches/patch-src_lib_FileDialogs.cpp 1.1
- security/keepassx/patches/patch-src_lib_random.cpp 1.4
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Dec 6 14:20:34 UTC 2015
Modified Files:
pkgsrc/security/keepassx: Makefile distinfo
pkgsrc/security/keepassx/patches: patch-src_lib_AutoTypeX11.cpp
patch-src_lib_random.cpp
Added Files:
pkgsrc/security/keepassx/patches: patch-src_lib_FileDialogs.cpp
Log Message:
Fix CVE-2015-8378 using the patch from Debian.
Bump PKGREVISION.
While here, clean up pkglint.
-rw-r--r-- | security/keepassx/Makefile | 7 | ||||
-rw-r--r-- | security/keepassx/distinfo | 7 | ||||
-rw-r--r-- | security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp | 4 | ||||
-rw-r--r-- | security/keepassx/patches/patch-src_lib_FileDialogs.cpp | 29 | ||||
-rw-r--r-- | security/keepassx/patches/patch-src_lib_random.cpp | 4 |
5 files changed, 42 insertions, 9 deletions
diff --git a/security/keepassx/Makefile b/security/keepassx/Makefile index a2d91b90527..c21ede592b7 100644 --- a/security/keepassx/Makefile +++ b/security/keepassx/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.30 2015/04/25 14:24:48 tnn Exp $ -# +# $NetBSD: Makefile,v 1.30.4.1 2015/12/06 20:10:39 bsiegert Exp $ DISTNAME= keepassx-0.4.3 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=keepassx/} @@ -24,7 +23,7 @@ do-configure: ${QMAKE} -unix -o Makefile ${CONFIGURE_ARGS} keepassx.pro pre-install: - ${CP} ${WRKSRC}/bin/keepassx ${WRKSRC}/src + ${INSTALL_PROGRAM} ${WRKSRC}/bin/keepassx ${WRKSRC}/src .include "../../sysutils/desktop-file-utils/desktopdb.mk" .include "../../x11/qt4-libs/buildlink3.mk" diff --git a/security/keepassx/distinfo b/security/keepassx/distinfo index 8b837466b7e..451fb4d0f03 100644 --- a/security/keepassx/distinfo +++ b/security/keepassx/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.6 2014/01/05 01:01:47 rumko Exp $ +$NetBSD: distinfo,v 1.6.14.1 2015/12/06 20:10:39 bsiegert Exp $ SHA1 (keepassx-0.4.3.tar.gz) = d25ecc9d3caaa5a6d0f39a42c730a95997f37e2e RMD160 (keepassx-0.4.3.tar.gz) = 3e963d82dd6b8bc32e32dbb46efa9168bac1088b Size (keepassx-0.4.3.tar.gz) = 1368766 bytes SHA1 (patch-src_crypto_aes__endian.h) = 3a88c3ebf2ccaa2229aa7e0600b4f0e976b21772 -SHA1 (patch-src_lib_AutoTypeX11.cpp) = 00c112837d50cf01fc4fc7f76865e5407c90e901 -SHA1 (patch-src_lib_random.cpp) = 01cc7569a75bc3af8326f0903881c16d96d51551 +SHA1 (patch-src_lib_AutoTypeX11.cpp) = 3bd8421804ec549ba4a7a42907516534d7bbf6f3 +SHA1 (patch-src_lib_FileDialogs.cpp) = ab5d6caf0eea7d66b3b614fba3e92e6c48227cc3 +SHA1 (patch-src_lib_random.cpp) = dd50e9cb5a95f5db780aab727dfd4b0dcceac9ef diff --git a/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp b/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp index dcff27712a6..7cb2e0d05a7 100644 --- a/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp +++ b/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp @@ -1,4 +1,6 @@ -$NetBSD: patch-src_lib_AutoTypeX11.cpp,v 1.1 2013/05/04 12:59:48 joerg Exp $ +$NetBSD: patch-src_lib_AutoTypeX11.cpp,v 1.1.20.1 2015/12/06 20:10:39 bsiegert Exp $ + +Add a bunch of missing includes hidden by libstdc++ namespace pollution. --- src/lib/AutoTypeX11.cpp.orig 2013-05-04 00:34:27.000000000 +0000 +++ src/lib/AutoTypeX11.cpp diff --git a/security/keepassx/patches/patch-src_lib_FileDialogs.cpp b/security/keepassx/patches/patch-src_lib_FileDialogs.cpp new file mode 100644 index 00000000000..0c22d2240cc --- /dev/null +++ b/security/keepassx/patches/patch-src_lib_FileDialogs.cpp @@ -0,0 +1,29 @@ +$NetBSD: patch-src_lib_FileDialogs.cpp,v 1.1.2.2 2015/12/06 20:10:39 bsiegert Exp $ + +Description: Abort file save dialog gracefully on 'cancel' +Author: Reinhard Tartler <siretart@debian.org> +Bug-Debian: 791858 + +The Qt documentation says that pressing the "Cancel" button "returns a +null string" (cf http://doc.qt.io/qt-4.8/qfiledialog.html#details). The +default (and only) implementation of the File dialog ignores this case +and wrongly constructs a bogus filename. This patch bails out gracefully +and avoids cleartext passwords on the hard disk. + +Fixes CVE-2015-8378 + +https://anonscm.debian.org/cgit/collab-maint/keepassx.git/commit/?id=b3c9028db8ec3b8752ff47717ffc792d755c1294 + +--- src/lib/FileDialogs.cpp.orig 2009-10-08 19:27:39.000000000 +0000 ++++ src/lib/FileDialogs.cpp +@@ -118,6 +118,10 @@ QString QtStandardFileDialogs::saveFileD + SelectedFilter=Filters[SelectedFilterIndex]; + QString filepath = QFileDialog::getSaveFileName(parent,title,dir,toSingleStringFilter(Filters),&SelectedFilter, + ShowOverwriteWarning ? (QFileDialog::Option)0 : QFileDialog::DontConfirmOverwrite); ++ // Fixes CVE-2015-8378 ++ if (filepath.isEmpty()) ++ return filepath; ++ + LastFilter=Filters.indexOf(SelectedFilter); + + //Check whether the file has an extension which fits to the selected filter diff --git a/security/keepassx/patches/patch-src_lib_random.cpp b/security/keepassx/patches/patch-src_lib_random.cpp index ae07b0beb68..51f59ad3ada 100644 --- a/security/keepassx/patches/patch-src_lib_random.cpp +++ b/security/keepassx/patches/patch-src_lib_random.cpp @@ -1,4 +1,6 @@ -$NetBSD: patch-src_lib_random.cpp,v 1.3 2013/05/04 12:59:48 joerg Exp $ +$NetBSD: patch-src_lib_random.cpp,v 1.3.20.1 2015/12/06 20:10:39 bsiegert Exp $ + +Add a bunch of missing includes hidden by libstdc++ namespace pollution. --- src/lib/random.cpp.orig 2013-05-04 00:33:31.000000000 +0000 +++ src/lib/random.cpp |