diff options
| author |   Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> | 2013-07-02 09:57:47 +0000 |
|---|---|---|
| committer | Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> | 2013-07-02 09:57:47 +0000 |
| commit | a1a91987094e3e7879e2cd50f2bb2f389cdbbe3a (patch) | |
| tree | 7d12263570ff442854dc90f329029f52a6a413fa /x11-apps | |
| parent | Remove old (diff) | |
| download | gentoo-2-a1a91987094e3e7879e2cd50f2bb2f389cdbbe3a.tar.gz gentoo-2-a1a91987094e3e7879e2cd50f2bb2f389cdbbe3a.tar.bz2 gentoo-2-a1a91987094e3e7879e2cd50f2bb2f389cdbbe3a.zip | |
Add patch for security bug #473120. Make xdm-auth optional, bug #445662.
(Portage version: 2.1.12.2/cvs/Linux x86_64, unsigned Manifest commit)
Diffstat (limited to 'x11-apps')
| -rw-r--r-- | x11-apps/xdm/ChangeLog | 10 | ||||
| -rw-r--r-- | x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch | 41 | ||||
| -rw-r--r-- | x11-apps/xdm/metadata.xml | 1 | ||||
| -rw-r--r-- | x11-apps/xdm/xdm-1.1.11-r3.ebuild | 77 |
4 files changed, 127 insertions, 2 deletions
diff --git a/x11-apps/xdm/ChangeLog b/x11-apps/xdm/ChangeLog index e549c2cda66a..57d94f992ad6 100644 --- a/x11-apps/xdm/ChangeLog +++ b/x11-apps/xdm/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for x11-apps/xdm -# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.146 2012/12/07 18:10:39 mgorny Exp $ +# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.147 2013/07/02 09:57:47 chithanh Exp $ + +*xdm-1.1.11-r3 (02 Jul 2013) + + 02 Jul 2013; Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> + +files/xdm-1.1.11-cve-2013-2179.patch, +xdm-1.1.11-r3.ebuild, metadata.xml: + Add patch for security bug #473120. Make xdm-auth optional, bug #445662. *xdm-1.1.11-r2 (07 Dec 2012) diff --git a/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch new file mode 100644 index 000000000000..34ae7ceb3cd6 --- /dev/null +++ b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch @@ -0,0 +1,41 @@ +From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Wed, 22 May 2013 14:20:26 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt(). + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- +diff --git a/greeter/verify.c b/greeter/verify.c +index db3cb7d..b009e2b 100644 +--- a/greeter/verify.c ++++ b/greeter/verify.c +@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + struct spwd *sp; + # endif + char *user_pass = NULL; ++ char *crypted_pass = NULL; + # endif + # ifdef __OpenBSD__ + char *s; +@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + # if defined(ultrix) || defined(__ultrix__) + if (authenticate_user(p, greet->password, NULL) < 0) + # else +- if (strcmp (crypt (greet->password, user_pass), user_pass)) ++ crypted_pass = crypt (greet->password, user_pass); ++ if ((crypted_pass == NULL) ++ || (strcmp (crypted_pass, user_pass))) + # endif + { + if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) { +-- +cgit v0.9.0.2-2-gbebe diff --git a/x11-apps/xdm/metadata.xml b/x11-apps/xdm/metadata.xml index 21420eb3dfe3..7582fba56890 100644 --- a/x11-apps/xdm/metadata.xml +++ b/x11-apps/xdm/metadata.xml @@ -4,5 +4,6 @@ <herd>x11</herd> <use> <flag name='consolekit'>Enable native <pkg>sys-auth/consolekit</pkg> support</flag> + <flag name='xdm-auth'>Enable XDM-AUTHENTICATION-1 support</flag> </use> </pkgmetadata> diff --git a/x11-apps/xdm/xdm-1.1.11-r3.ebuild b/x11-apps/xdm/xdm-1.1.11-r3.ebuild new file mode 100644 index 000000000000..ea992d4b6826 --- /dev/null +++ b/x11-apps/xdm/xdm-1.1.11-r3.ebuild @@ -0,0 +1,77 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/xdm-1.1.11-r3.ebuild,v 1.1 2013/07/02 09:57:47 chithanh Exp $ + +EAPI=5 + +XORG_EAUTORECONF=yes + +inherit multilib xorg-2 pam systemd + +DEFAULTVT=vt7 + +DESCRIPTION="X.Org xdm application" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="consolekit ipv6 pam xdm-auth" + +RDEPEND="x11-apps/xrdb + x11-libs/libXdmcp + x11-libs/libXaw + >=x11-apps/xinit-1.0.2-r3 + x11-libs/libXinerama + x11-libs/libXmu + x11-libs/libX11 + x11-libs/libXt + x11-apps/sessreg + x11-apps/xconsole + consolekit? ( sys-auth/consolekit ) + pam? ( virtual/pam ) + !<sys-apps/systemd-187" +DEPEND="${RDEPEND} + consolekit? ( !=sys-auth/pambase-20101024-r1 ) + x11-proto/xineramaproto + x11-proto/xproto" + +pkg_setup() { + PATCHES=( + "${FILESDIR}"/${PN}-consolekit.patch + "${FILESDIR}"/${P}-cve-2013-2179.patch + ) + + XORG_CONFIGURE_OPTIONS=( + $(use_enable ipv6) + $(use_with pam) + "$(systemd_with_unitdir)" + --with-default-vt=${DEFAULTVT} + --with-xdmconfigdir=/etc/X11/xdm + $(use_with consolekit) + ) +} + +src_prepare() { + # fedora invented that in -187... + sed -i -e 's:^Alias=.*$:Alias=display-manager.service:' \ + xdm.service.in || die + + # disable XDM-AUTHENTICATION-1 wrt bug #445662. + # it causes issue with libreoffice and SDL games (bug #306223). + if use !xdm-auth; then + sed -i -e '/authorize/a\ +DisplayManager*authName: MIT-MAGIC-COOKIE-1' \ + config/xdm-config.cpp || die + fi + xorg-2_src_prepare +} + +src_install() { + xorg-2_src_install + + exeinto /usr/$(get_libdir)/X11/xdm + doexe "${FILESDIR}"/Xsession + + use pam && pamd_mimic system-local-login xdm auth account session + + # Keep /var/lib/xdm. This is where authfiles are stored. See #286350. + keepdir /var/lib/xdm +} |