[67131] trunk/dports/kde/kdebase3
takanori at macports.org
takanori at macports.org
Thu Apr 29 19:08:53 PDT 2010
Revision: 67131
http://trac.macports.org/changeset/67131
Author: takanori at macports.org
Date: 2010-04-29 19:08:51 -0700 (Thu, 29 Apr 2010)
Log Message:
-----------
kdebase3:
- fixed KDM Local Privilege Escalation Vulnerability (CVE-2010-0436)
http://www.kde.org/info/security/advisory-20100413-1.txt
Patch obtained from: Debian, FreeBSD
Modified Paths:
--------------
trunk/dports/kde/kdebase3/Portfile
Added Paths:
-----------
trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch
Modified: trunk/dports/kde/kdebase3/Portfile
===================================================================
--- trunk/dports/kde/kdebase3/Portfile 2010-04-30 02:07:01 UTC (rev 67130)
+++ trunk/dports/kde/kdebase3/Portfile 2010-04-30 02:08:51 UTC (rev 67131)
@@ -6,7 +6,7 @@
name kdebase3
version 3.5.10
-revision 5
+revision 6
set kdeadmin kde-admindir-1502
categories kde kde3
maintainers nomaintainer
@@ -59,7 +59,8 @@
system "cd ${worksrcpath} && bzcat -dc ${distpath}/${kdeadmin}.tar.bz2 | tar xf -"
}
-patchfiles kdebase3-unified.patch
+patchfiles kdebase3-unified.patch \
+ CVE-2010-0436.patch
patch {
foreach f $patchfiles {
Added: trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch
===================================================================
--- trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch (rev 0)
+++ trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch 2010-04-30 02:08:51 UTC (rev 67131)
@@ -0,0 +1,47 @@
+--- kdebase-3.5.10/kdm/backend/ctrl.c.orig 2007-01-15 20:32:23.000000000 +0900
++++ kdebase-3.5.10/kdm/backend/ctrl.c 2010-04-30 09:51:41.000000000 +0900
+@@ -140,22 +140,24 @@
+ if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ LogError( "path %\"s too long; no control sockets will be available\n",
+ cr->path );
+- else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
++ else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ LogError( "mkdir %\"s failed; no control sockets will be available\n",
+ sockdir );
++ else if (unlink( cr->path ) && errno != ENOENT)
++ LogError( "unlink %\"s failed: %m; control socket will not be available\n",
++ cr->path );
+ else {
+- if (!d)
+- chown( sockdir, -1, fifoGroup );
+- chmod( sockdir, 0750 );
+ if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ LogError( "Cannot create control socket\n" );
+ else {
+- unlink( cr->path );
+ sa.sun_family = AF_UNIX;
+ strcpy( sa.sun_path, cr->path );
+ if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ if (!listen( cr->fd, 5 )) {
+- chmod( cr->path, 0666 );
++ chmod( cr->path, 0660 );
++ if (!d)
++ chown( cr->path, -1, fifoGroup );
++ chmod( sockdir, 0755 );
+ RegisterCloseOnFork( cr->fd );
+ RegisterInput( cr->fd );
+ free( sockdir );
+@@ -218,12 +220,8 @@
+ {
+ if (cr->fpath)
+ chown( cr->fpath, uid, -1 );
+- if (cr->path) {
+- char *ptr = strrchr( cr->path, '/' );
+- *ptr = 0;
++ if (cr->path)
+ chown( cr->path, uid, -1 );
+- *ptr = '/';
+- }
+ }
+
+ void
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20100429/94036b31/attachment-0001.html>
More information about the macports-changes
mailing list