[67131] trunk/dports/kde/kdebase3

Thu Apr 29 19:08:53 PDT 2010

Revision: 67131
          http://trac.macports.org/changeset/67131
Author:   takanori at macports.org
Date:     2010-04-29 19:08:51 -0700 (Thu, 29 Apr 2010)
Log Message:
-----------
kdebase3:
 - fixed KDM Local Privilege Escalation Vulnerability (CVE-2010-0436)
   http://www.kde.org/info/security/advisory-20100413-1.txt
   Patch obtained from: Debian, FreeBSD

Modified Paths:
--------------
    trunk/dports/kde/kdebase3/Portfile

Added Paths:
-----------
    trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch

Modified: trunk/dports/kde/kdebase3/Portfile
===================================================================

--- trunk/dports/kde/kdebase3/Portfile	2010-04-30 02:07:01 UTC (rev 67130)
+++ trunk/dports/kde/kdebase3/Portfile	2010-04-30 02:08:51 UTC (rev 67131)
@@ -6,7 +6,7 @@
 
 name                    kdebase3
 version                 3.5.10
-revision                5
+revision                6
 set kdeadmin            kde-admindir-1502
 categories              kde kde3
 maintainers             nomaintainer
@@ -59,7 +59,8 @@
     system "cd ${worksrcpath} && bzcat -dc ${distpath}/${kdeadmin}.tar.bz2 | tar xf -"
 }
 
-patchfiles              kdebase3-unified.patch
+patchfiles              kdebase3-unified.patch \
+                        CVE-2010-0436.patch
 
 patch {
     foreach f $patchfiles {

Added: trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch
===================================================================
--- trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch	                        (rev 0)
+++ trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch	2010-04-30 02:08:51 UTC (rev 67131)
@@ -0,0 +1,47 @@
+--- kdebase-3.5.10/kdm/backend/ctrl.c.orig	2007-01-15 20:32:23.000000000 +0900
++++ kdebase-3.5.10/kdm/backend/ctrl.c	2010-04-30 09:51:41.000000000 +0900
+@@ -140,22 +140,24 @@
+ 				if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ 					LogError( "path %\"s too long; no control sockets will be available\n",
+ 					          cr->path );
+-				else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
++				else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ 					LogError( "mkdir %\"s failed; no control sockets will be available\n",
+ 					          sockdir );
++				else if (unlink( cr->path ) && errno != ENOENT)
++					LogError( "unlink %\"s failed: %m; control socket will not be available\n",
++					          cr->path );
+ 				else {
+-					if (!d)
+-						chown( sockdir, -1, fifoGroup );
+-					chmod( sockdir, 0750 );
+ 					if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ 						LogError( "Cannot create control socket\n" );
+ 					else {
+-						unlink( cr->path );
+ 						sa.sun_family = AF_UNIX;
+ 						strcpy( sa.sun_path, cr->path );
+ 						if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ 							if (!listen( cr->fd, 5 )) {
+-								chmod( cr->path, 0666 );
++								chmod( cr->path, 0660 );
++								if (!d)
++								   chown( cr->path, -1, fifoGroup );
++								chmod( sockdir, 0755 );
+ 								RegisterCloseOnFork( cr->fd );
+ 								RegisterInput( cr->fd );
+ 								free( sockdir );
+@@ -218,12 +220,8 @@
+ {
+ 	if (cr->fpath)
+ 		chown( cr->fpath, uid, -1 );
+-	if (cr->path) {
+-		char *ptr = strrchr( cr->path, '/' );
+-		*ptr = 0;
++	if (cr->path)
+ 		chown( cr->path, uid, -1 );
+-		*ptr = '/';
+-	}
+ }
+ 
+ void
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20100429/94036b31/attachment-0001.html>
