diff options
author | wiz <wiz@pkgsrc.org> | 2015-12-06 14:20:34 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2015-12-06 14:20:34 +0000 |
commit | 47b2313ccd57d602efe62c05816707c9511ca17d (patch) | |
tree | f555464be240dea82c20a03db5d23d474212d644 | |
parent | 432b234cad58c9e7fa2201c5131ed736ac483c2f (diff) | |
download | pkgsrc-47b2313ccd57d602efe62c05816707c9511ca17d.tar.gz |
Fix CVE-2015-8378 using the patch from Debian.
Bump PKGREVISION.
While here, clean up pkglint.
-rw-r--r-- | security/keepassx/Makefile | 7 | ||||
-rw-r--r-- | security/keepassx/distinfo | 7 | ||||
-rw-r--r-- | security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp | 4 | ||||
-rw-r--r-- | security/keepassx/patches/patch-src_lib_FileDialogs.cpp | 29 | ||||
-rw-r--r-- | security/keepassx/patches/patch-src_lib_random.cpp | 4 |
5 files changed, 42 insertions, 9 deletions
diff --git a/security/keepassx/Makefile b/security/keepassx/Makefile index a2d91b90527..aee95834801 100644 --- a/security/keepassx/Makefile +++ b/security/keepassx/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.30 2015/04/25 14:24:48 tnn Exp $ -# +# $NetBSD: Makefile,v 1.31 2015/12/06 14:20:34 wiz Exp $ DISTNAME= keepassx-0.4.3 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=keepassx/} @@ -24,7 +23,7 @@ do-configure: ${QMAKE} -unix -o Makefile ${CONFIGURE_ARGS} keepassx.pro pre-install: - ${CP} ${WRKSRC}/bin/keepassx ${WRKSRC}/src + ${INSTALL_PROGRAM} ${WRKSRC}/bin/keepassx ${WRKSRC}/src .include "../../sysutils/desktop-file-utils/desktopdb.mk" .include "../../x11/qt4-libs/buildlink3.mk" diff --git a/security/keepassx/distinfo b/security/keepassx/distinfo index 887a2ae0a61..5b025ca233c 100644 --- a/security/keepassx/distinfo +++ b/security/keepassx/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.7 2015/11/04 01:17:47 agc Exp $ +$NetBSD: distinfo,v 1.8 2015/12/06 14:20:34 wiz Exp $ SHA1 (keepassx-0.4.3.tar.gz) = d25ecc9d3caaa5a6d0f39a42c730a95997f37e2e RMD160 (keepassx-0.4.3.tar.gz) = 3e963d82dd6b8bc32e32dbb46efa9168bac1088b SHA512 (keepassx-0.4.3.tar.gz) = 8ce1bc252694e11a8b0da94bb00a4e5ca2837fe099f2f992aa9a93bacc4d94f33970cec687bd73a7a7762e86220a0541fe85a6708a2d4ad1bb3aef5f19935ccc Size (keepassx-0.4.3.tar.gz) = 1368766 bytes SHA1 (patch-src_crypto_aes__endian.h) = 3a88c3ebf2ccaa2229aa7e0600b4f0e976b21772 -SHA1 (patch-src_lib_AutoTypeX11.cpp) = 00c112837d50cf01fc4fc7f76865e5407c90e901 -SHA1 (patch-src_lib_random.cpp) = 01cc7569a75bc3af8326f0903881c16d96d51551 +SHA1 (patch-src_lib_AutoTypeX11.cpp) = 3bd8421804ec549ba4a7a42907516534d7bbf6f3 +SHA1 (patch-src_lib_FileDialogs.cpp) = ab5d6caf0eea7d66b3b614fba3e92e6c48227cc3 +SHA1 (patch-src_lib_random.cpp) = dd50e9cb5a95f5db780aab727dfd4b0dcceac9ef diff --git a/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp b/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp index dcff27712a6..9550ae8ab96 100644 --- a/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp +++ b/security/keepassx/patches/patch-src_lib_AutoTypeX11.cpp @@ -1,4 +1,6 @@ -$NetBSD: patch-src_lib_AutoTypeX11.cpp,v 1.1 2013/05/04 12:59:48 joerg Exp $ +$NetBSD: patch-src_lib_AutoTypeX11.cpp,v 1.2 2015/12/06 14:20:34 wiz Exp $ + +Add a bunch of missing includes hidden by libstdc++ namespace pollution. --- src/lib/AutoTypeX11.cpp.orig 2013-05-04 00:34:27.000000000 +0000 +++ src/lib/AutoTypeX11.cpp diff --git a/security/keepassx/patches/patch-src_lib_FileDialogs.cpp b/security/keepassx/patches/patch-src_lib_FileDialogs.cpp new file mode 100644 index 00000000000..0631b2bbb3a --- /dev/null +++ b/security/keepassx/patches/patch-src_lib_FileDialogs.cpp @@ -0,0 +1,29 @@ +$NetBSD: patch-src_lib_FileDialogs.cpp,v 1.1 2015/12/06 14:20:34 wiz Exp $ + +Description: Abort file save dialog gracefully on 'cancel' +Author: Reinhard Tartler <siretart@debian.org> +Bug-Debian: 791858 + +The Qt documentation says that pressing the "Cancel" button "returns a +null string" (cf http://doc.qt.io/qt-4.8/qfiledialog.html#details). The +default (and only) implementation of the File dialog ignores this case +and wrongly constructs a bogus filename. This patch bails out gracefully +and avoids cleartext passwords on the hard disk. + +Fixes CVE-2015-8378 + +https://anonscm.debian.org/cgit/collab-maint/keepassx.git/commit/?id=b3c9028db8ec3b8752ff47717ffc792d755c1294 + +--- src/lib/FileDialogs.cpp.orig 2009-10-08 19:27:39.000000000 +0000 ++++ src/lib/FileDialogs.cpp +@@ -118,6 +118,10 @@ QString QtStandardFileDialogs::saveFileD + SelectedFilter=Filters[SelectedFilterIndex]; + QString filepath = QFileDialog::getSaveFileName(parent,title,dir,toSingleStringFilter(Filters),&SelectedFilter, + ShowOverwriteWarning ? (QFileDialog::Option)0 : QFileDialog::DontConfirmOverwrite); ++ // Fixes CVE-2015-8378 ++ if (filepath.isEmpty()) ++ return filepath; ++ + LastFilter=Filters.indexOf(SelectedFilter); + + //Check whether the file has an extension which fits to the selected filter diff --git a/security/keepassx/patches/patch-src_lib_random.cpp b/security/keepassx/patches/patch-src_lib_random.cpp index ae07b0beb68..b5797a00d65 100644 --- a/security/keepassx/patches/patch-src_lib_random.cpp +++ b/security/keepassx/patches/patch-src_lib_random.cpp @@ -1,4 +1,6 @@ -$NetBSD: patch-src_lib_random.cpp,v 1.3 2013/05/04 12:59:48 joerg Exp $ +$NetBSD: patch-src_lib_random.cpp,v 1.4 2015/12/06 14:20:34 wiz Exp $ + +Add a bunch of missing includes hidden by libstdc++ namespace pollution. --- src/lib/random.cpp.orig 2013-05-04 00:33:31.000000000 +0000 +++ src/lib/random.cpp |