From 00f5a08639bb1a2ac619dceb98d06ba9d1ea8cb0 Mon Sep 17 00:00:00 2001 From: makc Date: Wed, 28 Apr 2010 21:02:38 +0000 Subject: Fix KDM vulnerability. Bump PORTREVISION. Obtained from: Debian (kdebase_3.5.9.dfsg.1-6+lenny1.diff.gz) Security: CVE-2010-0436 Security: http://www.kde.org/info/security/advisory-20100413-1.txt --- x11/kdebase3/Makefile | 2 +- x11/kdebase3/files/patch-kdm-backend-ctrl.c | 47 +++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 x11/kdebase3/files/patch-kdm-backend-ctrl.c diff --git a/x11/kdebase3/Makefile b/x11/kdebase3/Makefile index 1879f4d5a568..b37fbc93bfc4 100644 --- a/x11/kdebase3/Makefile +++ b/x11/kdebase3/Makefile @@ -8,7 +8,7 @@ PORTNAME= kdebase PORTVERSION= ${KDE_VERSION} -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= x11 kde MASTER_SITES= ${MASTER_SITE_KDE} MASTER_SITE_SUBDIR= stable/${PORTVERSION:S/.0//}/src diff --git a/x11/kdebase3/files/patch-kdm-backend-ctrl.c b/x11/kdebase3/files/patch-kdm-backend-ctrl.c new file mode 100644 index 000000000000..bf468d33e20d --- /dev/null +++ b/x11/kdebase3/files/patch-kdm-backend-ctrl.c @@ -0,0 +1,47 @@ +--- ./kdm/backend/ctrl.c.orig 2007-01-15 14:32:23.000000000 +0300 ++++ ./kdm/backend/ctrl.c 2010-04-28 23:00:11.560932810 +0400 +@@ -140,22 +140,24 @@ + if (strlen( cr->path ) >= sizeof(sa.sun_path)) + LogError( "path %\"s too long; no control sockets will be available\n", + cr->path ); +- else if (mkdir( sockdir, 0755 ) && errno != EEXIST) ++ else if (mkdir( sockdir, 0700 ) && errno != EEXIST) + LogError( "mkdir %\"s failed; no control sockets will be available\n", + sockdir ); ++ else if (unlink( cr->path ) && errno != ENOENT) ++ LogError( "unlink %\"s failed: %m; control socket will not be available\n", ++ cr->path ); + else { +- if (!d) +- chown( sockdir, -1, fifoGroup ); +- chmod( sockdir, 0750 ); + if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0) + LogError( "Cannot create control socket\n" ); + else { +- unlink( cr->path ); + sa.sun_family = AF_UNIX; + strcpy( sa.sun_path, cr->path ); + if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) { + if (!listen( cr->fd, 5 )) { +- chmod( cr->path, 0666 ); ++ chmod( cr->path, 0660 ); ++ if (!d) ++ chown( cr->path, -1, fifoGroup ); ++ chmod( sockdir, 0755 ); + RegisterCloseOnFork( cr->fd ); + RegisterInput( cr->fd ); + free( sockdir ); +@@ -218,12 +220,8 @@ + { + if (cr->fpath) + chown( cr->fpath, uid, -1 ); +- if (cr->path) { +- char *ptr = strrchr( cr->path, '/' ); +- *ptr = 0; ++ if (cr->path) + chown( cr->path, uid, -1 ); +- *ptr = '/'; +- } + } + + void -- cgit