diff options
| author | markd <markd@pkgsrc.org> | 2011-11-19 21:17:27 +0000 |
|---|---|---|
| committer | markd <markd@pkgsrc.org> | 2011-11-19 21:17:27 +0000 |
| commit | cb546c755926c85bce3b9e12d32601fc0cc16a8d (patch) | |
| tree | 44c8fa34b54e542b6f9ee451c9ebff50fb6a2c3d /x11 | |
| parent | f6c4b0917e1233d70627d24805c6e1a6d845cf3b (diff) | |
| download | pkgsrc-cb546c755926c85bce3b9e12d32601fc0cc16a8d.tar.gz | |
Dont allow a path in pam_service. CVE-2011-4122
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/kdebase3/Makefile | 4 | ||||
| -rw-r--r-- | x11/kdebase3/distinfo | 3 | ||||
| -rw-r--r-- | x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c | 15 |
3 files changed, 19 insertions, 3 deletions
diff --git a/x11/kdebase3/Makefile b/x11/kdebase3/Makefile index 7b704e2cd7f..0e8223a5f50 100644 --- a/x11/kdebase3/Makefile +++ b/x11/kdebase3/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.162 2011/11/01 06:03:01 sbd Exp $ +# $NetBSD: Makefile,v 1.163 2011/11/19 21:17:27 markd Exp $ DISTNAME= kdebase-${_KDE_VERSION} -PKGREVISION= 15 +PKGREVISION= 16 CATEGORIES= x11 COMMENT= Base modules for the KDE 3 integrated X11 desktop diff --git a/x11/kdebase3/distinfo b/x11/kdebase3/distinfo index 950d9cecedf..bdd2c23a266 100644 --- a/x11/kdebase3/distinfo +++ b/x11/kdebase3/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.113 2011/09/14 17:53:17 hans Exp $ +$NetBSD: distinfo,v 1.114 2011/11/19 21:17:27 markd Exp $ SHA1 (Daemon.README) = eb1e6af52adc02ded77af17e8953134b7e60d23b RMD160 (Daemon.README) = 39edd92ed4314397080f32a8caff0ac3f716ecf4 @@ -59,4 +59,5 @@ SHA1 (patch-gc) = e02ddb93ae7aa249b3b3e68690f587b2c98255b8 SHA1 (patch-gd) = 39469384668e4ee7fc489406e2813100fc90aa9b SHA1 (patch-ge) = 8470cf03d768d784714e926281757e9d68749360 SHA1 (patch-gf) = 78de196a700fa9cd5e221ff57c295fdb3562f931 +SHA1 (patch-kcheckpass_checkpass_pam.c) = b5dd2e50c5f1047d3c195836c8b2d06e11edea3b SHA1 (patch-kdesud) = acc40c2d1fb65e404a7aa0dbb6eae72fa7ac6a5e diff --git a/x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c b/x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c new file mode 100644 index 00000000000..a267c973b81 --- /dev/null +++ b/x11/kdebase3/patches/patch-kcheckpass_checkpass_pam.c @@ -0,0 +1,15 @@ +$NetBSD: patch-kcheckpass_checkpass_pam.c,v 1.1 2011/11/19 21:17:28 markd Exp $ + +Don't allow pam_service to be a path. + +--- kcheckpass/checkpass_pam.c.orig 2007-10-08 09:51:09.000000000 +0000 ++++ kcheckpass/checkpass_pam.c +@@ -147,6 +147,8 @@ AuthReturn Authenticate(const char *call + PAM_data.classic = 1; + pam_service = caller; + } ++ if (strchr(pam_service, '/')) /* service shouldn't be a path */ ++ return AuthError; + pam_error = pam_start(pam_service, user, &PAM_conversation, &pamh); + if (pam_error != PAM_SUCCESS) + return AuthError; |