summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kde-base/kdm/ChangeLog10
-rw-r--r--kde-base/kdm/files/kdm-4.3.5-CVE-2010-0436.patch225
-rw-r--r--kde-base/kdm/files/kdm-4.4.2-CVE-2010-0436.patch202
-rw-r--r--kde-base/kdm/kdm-4.3.5-r1.ebuild100
-rw-r--r--kde-base/kdm/kdm-4.4.2-r2.ebuild (renamed from kde-base/kdm/kdm-4.4.2-r1.ebuild)3
5 files changed, 538 insertions, 2 deletions
diff --git a/kde-base/kdm/ChangeLog b/kde-base/kdm/ChangeLog
index 6a7404101551..22656f19894e 100644
--- a/kde-base/kdm/ChangeLog
+++ b/kde-base/kdm/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for kde-base/kdm
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdm/ChangeLog,v 1.209 2010/04/09 14:56:48 reavertm Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdm/ChangeLog,v 1.210 2010/04/14 18:30:46 reavertm Exp $
+
+*kdm-4.4.2-r2 (14 Apr 2010)
+*kdm-4.3.5-r1 (14 Apr 2010)
+
+ 14 Apr 2010; Maciej Mrozowski <reavertm@gentoo.org> +kdm-4.3.5-r1.ebuild,
+ +files/kdm-4.3.5-CVE-2010-0436.patch, -kdm-4.4.2-r1.ebuild,
+ +kdm-4.4.2-r2.ebuild, +files/kdm-4.4.2-CVE-2010-0436.patch:
+ Fix bug 315235, local privilege escalation vulnerability
*kdm-4.4.2-r1 (09 Apr 2010)
diff --git a/kde-base/kdm/files/kdm-4.3.5-CVE-2010-0436.patch b/kde-base/kdm/files/kdm-4.3.5-CVE-2010-0436.patch
new file mode 100644
index 000000000000..2ca173a10f74
--- /dev/null
+++ b/kde-base/kdm/files/kdm-4.3.5-CVE-2010-0436.patch
@@ -0,0 +1,225 @@
+Index: kdm/ConfigureChecks.cmake
+===================================================================
+--- kdm/ConfigureChecks.cmake (revision 1114813)
++++ kdm/ConfigureChecks.cmake (working copy)
+@@ -80,6 +80,38 @@
+ define_library(nsl gethostbyname)
+ endif (NOT have_gethostbyname)
+
++macro_push_required_vars()
++set(CMAKE_REQUIRED_LIBRARIES ${SOCKET_LIBRARIES})
++check_c_source_runs("
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <string.h>
++#include <unistd.h>
++#include <errno.h>
++int main()
++{
++ int fd, fd2;
++ struct sockaddr_un sa;
++
++ if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
++ return 2;
++ sa.sun_family = AF_UNIX;
++ strcpy(sa.sun_path, \"testsock\");
++ unlink(sa.sun_path);
++ if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)))
++ return 2;
++ chmod(sa.sun_path, 0);
++ setuid(getuid() + 1000);
++ if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
++ return 2;
++ connect(fd2, (struct sockaddr *)&sa, sizeof(sa));
++ return errno != EACCES;
++}
++" HONORS_SOCKET_PERMS)
++macro_pop_required_vars()
++
+ # for genkdmconf; this is TODO
+ #if (EXISTS /etc/ttys)
+ # set(BSD_INIT 1)
+Index: kdm/config-kdm.h.cmake
+===================================================================
+--- kdm/config-kdm.h.cmake (revision 1114813)
++++ kdm/config-kdm.h.cmake (working copy)
+@@ -129,6 +129,9 @@
+ /* Define to 1 if the ck-connector library is found */
+ #cmakedefine HAVE_CKCONNECTOR 1
+
++/* Define to 1 if OS honors permission bits on socket inodes */
++#cmakedefine HONORS_SOCKET_PERMS 1
++
+ /* $PATH defaults set by KDM */
+ #cmakedefine KDM_DEF_USER_PATH "${KDM_DEF_USER_PATH}"
+ #cmakedefine KDM_DEF_SYSTEM_PATH "${KDM_DEF_SYSTEM_PATH}"
+Index: kdm/backend/ctrl.c
+===================================================================
+--- kdm/backend/ctrl.c (revision 1114813)
++++ kdm/backend/ctrl.c (working copy)
+@@ -78,8 +78,26 @@
+ }
+
+
++#ifdef HONORS_SOCKET_PERMS
+ static CtrlRec ctrl = { 0, 0, -1, 0 };
++#else
++static CtrlRec ctrl = { 0, 0, 0, -1, 0 };
+
++static int mkTempDir( char *dir )
++{
++ int i, l = strlen( dir ) - 6;
++
++ for (i = 0; i < 100; i++) {
++ randomStr( dir + l );
++ if (!mkdir( dir, 0700 ))
++ return True;
++ if (errno != EEXIST)
++ break;
++ }
++ return False;
++}
++#endif
++
+ void
+ openCtrl( struct display *d )
+ {
+@@ -97,7 +115,7 @@
+ if (cr->fd < 0) {
+ if (mkdir( fifoDir, 0755 )) {
+ if (errno != EEXIST) {
+- logError( "mkdir %\"s failed; no control FiFos will be available\n",
++ logError( "mkdir %\"s failed: %m; no control sockets will be available\n",
+ fifoDir );
+ return;
+ }
+@@ -110,38 +128,74 @@
+ strApp( &cr->path, sockdir, "/socket", (char *)0 );
+ if (cr->path) {
+ if (strlen( cr->path ) >= sizeof(sa.sun_path))
+- logError( "path %\"s too long; no control sockets will be available\n",
++ logError( "path %\"s too long; control socket will not be available\n",
+ cr->path );
+- else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
+- logError( "mkdir %\"s failed; no control sockets will be available\n",
++#ifdef HONORS_SOCKET_PERMS
++ else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
++ logError( "mkdir %\"s failed: %m; control socket will not be available\n",
+ sockdir );
++ else if (unlink( cr->path ) && errno != ENOENT)
++ logError( "unlink %\"s failed: %m; control socket will not be available\n",
++ cr->path );
+ else {
+- if (!d)
+- chown( sockdir, -1, fifoGroup );
++#else
++ else if (unlink( sockdir ) && errno != ENOENT)
++ logError( "unlink %\"s failed: %m; control socket will not be available\n",
++ sockdir );
++ else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0))
++ ;
++ else if (!mkTempDir( cr->realdir )) {
++ logError( "mkdir %\"s failed: %m; control socket will not be available\n",
++ cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ } else if (symlink( cr->realdir, sockdir )) {
++ logError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n",
++ sockdir, cr->realdir );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ } else {
++ chown( sockdir, 0, d ? 0 : fifoGroup );
+ chmod( sockdir, 0750 );
++#endif
+ if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+- logError( "Cannot create control socket\n" );
++ logError( "Cannot create control socket: %m\n" );
+ else {
+- unlink( cr->path );
+ sa.sun_family = AF_UNIX;
+ strcpy( sa.sun_path, cr->path );
+ if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ if (!listen( cr->fd, 5 )) {
++#ifdef HONORS_SOCKET_PERMS
++ chmod( cr->path, 0660 );
++ if (!d)
++ chown( cr->path, -1, fifoGroup );
++ chmod( sockdir, 0755 );
++#else
+ chmod( cr->path, 0666 );
++#endif
+ registerCloseOnFork( cr->fd );
+ registerInput( cr->fd );
+ free( sockdir );
+ return;
+ }
+ unlink( cr->path );
+- logError( "Cannot listen on control socket %\"s\n",
++ logError( "Cannot listen on control socket %\"s: %m\n",
+ cr->path );
+ } else
+- logError( "Cannot bind control socket %\"s\n",
++ logError( "Cannot bind control socket %\"s: %m\n",
+ cr->path );
+ close( cr->fd );
+ cr->fd = -1;
+ }
++#ifdef HONORS_SOCKET_PERMS
++ rmdir( sockdir );
++#else
++ unlink( sockdir );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++#endif
+ }
+ free( cr->path );
+ cr->path = 0;
+@@ -162,7 +216,14 @@
+ cr->fd = -1;
+ unlink( cr->path );
+ *strrchr( cr->path, '/' ) = 0;
++#ifdef HONORS_SOCKET_PERMS
+ rmdir( cr->path );
++#else
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ unlink( cr->path );
++#endif
+ free( cr->path );
+ cr->path = 0;
+ while (cr->css) {
+@@ -177,10 +238,11 @@
+ chownCtrl( CtrlRec *cr, int uid )
+ {
+ if (cr->path) {
+- char *ptr = strrchr( cr->path, '/' );
+- *ptr = 0;
++#ifdef HONORS_SOCKET_PERMS
+ chown( cr->path, uid, -1 );
+- *ptr = '/';
++#else
++ chown( cr->realdir, uid, -1 );
++#endif
+ }
+ }
+
+Index: kdm/backend/dm.h
+===================================================================
+--- kdm/backend/dm.h (revision 1114813)
++++ kdm/backend/dm.h (working copy)
+@@ -232,6 +232,9 @@
+ struct cmdsock *css; /* open connections */
+
+ char *path; /* filename of the socket */
++#ifndef HONORS_SOCKET_PERMS
++ char *realdir; /* real dirname of the socket */
++#endif
+ int fd; /* fd of the socket */
+ int gid; /* owner group of the socket */
+ } CtrlRec;
diff --git a/kde-base/kdm/files/kdm-4.4.2-CVE-2010-0436.patch b/kde-base/kdm/files/kdm-4.4.2-CVE-2010-0436.patch
new file mode 100644
index 000000000000..b6363bfac521
--- /dev/null
+++ b/kde-base/kdm/files/kdm-4.4.2-CVE-2010-0436.patch
@@ -0,0 +1,202 @@
+Index: kdm/ConfigureChecks.cmake
+===================================================================
+--- kdm/ConfigureChecks.cmake (revision 1114416)
++++ kdm/ConfigureChecks.cmake (revision 1114417)
+@@ -80,6 +80,38 @@
+ define_library(nsl gethostbyname)
+ endif (NOT have_gethostbyname)
+
++macro_push_required_vars()
++set(CMAKE_REQUIRED_LIBRARIES ${SOCKET_LIBRARIES})
++check_c_source_runs("
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <string.h>
++#include <unistd.h>
++#include <errno.h>
++int main()
++{
++ int fd, fd2;
++ struct sockaddr_un sa;
++
++ if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
++ return 2;
++ sa.sun_family = AF_UNIX;
++ strcpy(sa.sun_path, \"testsock\");
++ unlink(sa.sun_path);
++ if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)))
++ return 2;
++ chmod(sa.sun_path, 0);
++ setuid(getuid() + 1000);
++ if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
++ return 2;
++ connect(fd2, (struct sockaddr *)&sa, sizeof(sa));
++ return errno != EACCES;
++}
++" HONORS_SOCKET_PERMS)
++macro_pop_required_vars()
++
+ # for genkdmconf; this is TODO
+ #if (EXISTS /etc/ttys)
+ # set(BSD_INIT 1)
+Index: kdm/config-kdm.h.cmake
+===================================================================
+--- kdm/config-kdm.h.cmake (revision 1114416)
++++ kdm/config-kdm.h.cmake (revision 1114417)
+@@ -129,6 +129,9 @@
+ /* Define to 1 if the ck-connector library is found */
+ #cmakedefine HAVE_CKCONNECTOR 1
+
++/* Define to 1 if OS honors permission bits on socket inodes */
++#cmakedefine HONORS_SOCKET_PERMS 1
++
+ /* $PATH defaults set by KDM */
+ #cmakedefine KDM_DEF_USER_PATH "${KDM_DEF_USER_PATH}"
+ #cmakedefine KDM_DEF_SYSTEM_PATH "${KDM_DEF_SYSTEM_PATH}"
+Index: kdm/backend/ctrl.c
+===================================================================
+--- kdm/backend/ctrl.c (revision 1114416)
++++ kdm/backend/ctrl.c (revision 1114417)
+@@ -79,8 +79,26 @@
+ }
+
+
++#ifdef HONORS_SOCKET_PERMS
+ static CtrlRec ctrl = { 0, 0, -1, 0 };
++#else
++static CtrlRec ctrl = { 0, 0, 0, -1, 0 };
+
++static int mkTempDir( char *dir )
++{
++ int i, l = strlen( dir ) - 6;
++
++ for (i = 0; i < 100; i++) {
++ randomStr( dir + l );
++ if (!mkdir( dir, 0700 ))
++ return True;
++ if (errno != EEXIST)
++ break;
++ }
++ return False;
++}
++#endif
++
+ void
+ openCtrl( struct display *d )
+ {
+@@ -113,22 +131,50 @@
+ if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ logError( "path %\"s too long; control socket will not be available\n",
+ cr->path );
+- else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
++#ifdef HONORS_SOCKET_PERMS
++ else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ logError( "mkdir %\"s failed: %m; control socket will not be available\n",
+ sockdir );
++ else if (unlink( cr->path ) && errno != ENOENT)
++ logError( "unlink %\"s failed: %m; control socket will not be available\n",
++ cr->path );
+ else {
+- if (!d)
+- chown( sockdir, -1, fifoGroup );
++#else
++ else if (unlink( sockdir ) && errno != ENOENT)
++ logError( "unlink %\"s failed: %m; control socket will not be available\n",
++ sockdir );
++ else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0))
++ ;
++ else if (!mkTempDir( cr->realdir )) {
++ logError( "mkdir %\"s failed: %m; control socket will not be available\n",
++ cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ } else if (symlink( cr->realdir, sockdir )) {
++ logError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n",
++ sockdir, cr->realdir );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ } else {
++ chown( sockdir, 0, d ? 0 : fifoGroup );
+ chmod( sockdir, 0750 );
++#endif
+ if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ logError( "Cannot create control socket: %m\n" );
+ else {
+- unlink( cr->path );
+ sa.sun_family = AF_UNIX;
+ strcpy( sa.sun_path, cr->path );
+ if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ if (!listen( cr->fd, 5 )) {
++#ifdef HONORS_SOCKET_PERMS
++ chmod( cr->path, 0660 );
++ if (!d)
++ chown( cr->path, -1, fifoGroup );
++ chmod( sockdir, 0755 );
++#else
+ chmod( cr->path, 0666 );
++#endif
+ registerCloseOnFork( cr->fd );
+ registerInput( cr->fd );
+ free( sockdir );
+@@ -143,6 +189,14 @@
+ close( cr->fd );
+ cr->fd = -1;
+ }
++#ifdef HONORS_SOCKET_PERMS
++ rmdir( sockdir );
++#else
++ unlink( sockdir );
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++#endif
+ }
+ free( cr->path );
+ cr->path = 0;
+@@ -163,7 +217,14 @@
+ cr->fd = -1;
+ unlink( cr->path );
+ *strrchr( cr->path, '/' ) = 0;
++#ifdef HONORS_SOCKET_PERMS
+ rmdir( cr->path );
++#else
++ rmdir( cr->realdir );
++ free( cr->realdir );
++ cr->realdir = 0;
++ unlink( cr->path );
++#endif
+ free( cr->path );
+ cr->path = 0;
+ while (cr->css) {
+@@ -178,10 +239,11 @@
+ chownCtrl( CtrlRec *cr, int uid )
+ {
+ if (cr->path) {
+- char *ptr = strrchr( cr->path, '/' );
+- *ptr = 0;
++#ifdef HONORS_SOCKET_PERMS
+ chown( cr->path, uid, -1 );
+- *ptr = '/';
++#else
++ chown( cr->realdir, uid, -1 );
++#endif
+ }
+ }
+
+Index: kdm/backend/dm.h
+===================================================================
+--- kdm/backend/dm.h (revision 1114416)
++++ kdm/backend/dm.h (revision 1114417)
+@@ -232,6 +232,9 @@
+ struct cmdsock *css; /* open connections */
+
+ char *path; /* filename of the socket */
++#ifndef HONORS_SOCKET_PERMS
++ char *realdir; /* real dirname of the socket */
++#endif
+ int fd; /* fd of the socket */
+ int gid; /* owner group of the socket */
+ } CtrlRec;
diff --git a/kde-base/kdm/kdm-4.3.5-r1.ebuild b/kde-base/kdm/kdm-4.3.5-r1.ebuild
new file mode 100644
index 000000000000..f23acf0faeb7
--- /dev/null
+++ b/kde-base/kdm/kdm-4.3.5-r1.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdm/kdm-4.3.5-r1.ebuild,v 1.1 2010/04/14 18:30:46 reavertm Exp $
+
+EAPI="2"
+
+KMNAME="kdebase-workspace"
+inherit kde4-meta flag-o-matic
+
+DESCRIPTION="KDE login manager, similar to xdm and gdm"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="consolekit debug +handbook kerberos pam"
+
+DEPEND="
+ x11-libs/libXau
+ x11-libs/libXdmcp
+ x11-libs/libXtst
+ consolekit? (
+ >=sys-apps/dbus-1.0.2
+ sys-auth/consolekit
+ )
+ kerberos? ( virtual/krb5 )
+ pam? (
+ $(add_kdebase_dep kcheckpass)
+ virtual/pam
+ )
+"
+RDEPEND="${DEPEND}
+ $(add_kdebase_dep kdepasswd)
+ >=x11-apps/xinit-1.0.5-r2
+ x11-apps/xmessage
+"
+
+KMEXTRACTONLY="
+ kcontrol/kdm/
+"
+KMEXTRA="
+ libs/kdm/
+"
+
+PATCHES=(
+ "${FILESDIR}/kdebase-4.0.2-pam-optional.patch"
+ "${FILESDIR}/${PN}-4-gentoo-xinitrc.d.patch"
+ "${FILESDIR}/${PN}-4.3.1-set-grub-default.patch"
+ "${FILESDIR}/${PN}-4.3.5-CVE-2010-0436.patch"
+)
+
+src_configure() {
+ # genkdmconf breaks with -O3
+ # last checked in 4.2.95
+ replace-flags -O3 -O2
+
+ mycmakeargs=(
+ $(cmake-utils_use kerberos KDE4_KRB5AUTH)
+ $(cmake-utils_use_with pam)
+ $(cmake-utils_use_with consolekit CkConnector)
+ )
+
+ kde4-meta_src_configure
+}
+
+src_install() {
+ export GENKDMCONF_FLAGS="--no-old --no-backup"
+
+ kde4-meta_src_install
+
+ # Customize the kdmrc configuration
+ sed -i -e "s:^.*SessionsDirs=.*$:#&\nSessionsDirs=${EPREFIX}/usr/share/xsessions:" \
+ "${ED}"/${PREFIX}/share/config/kdm/kdmrc \
+ || die "Failed to set SessionsDirs correctly."
+
+ # Don't install empty dir
+ rmdir "${ED}${KDEDIR}"/share/config/kdm/sessions
+}
+
+pkg_postinst() {
+ kde4-meta_pkg_postinst
+
+ # Set the default kdm face icon if it's not already set by the system admin
+ # because this is user-overrideable in that way, it's not in src_install
+ if [[ ! -e "${EROOT}${KDEDIR}/share/apps/kdm/faces/.default.face.icon" ]]; then
+ mkdir -p "${EROOT}${KDEDIR}/share/apps/kdm/faces"
+ cp "${EROOT}${KDEDIR}/share/apps/kdm/pics/users/default1.png" \
+ "${EROOT}${KDEDIR}/share/apps/kdm/faces/.default.face.icon"
+ fi
+ if [[ ! -e "${EROOT}${KDEDIR}/share/apps/kdm/faces/root.face.icon" ]]; then
+ mkdir -p "${EROOT}${KDEDIR}/share/apps/kdm/faces"
+ cp "${EROOT}${KDEDIR}/share/apps/kdm/pics/users/root1.png" \
+ "${EROOT}${KDEDIR}/share/apps/kdm/faces/root.face.icon"
+ fi
+
+ if use consolekit; then
+ echo
+ elog "You have compiled 'kdm' with consolekit support. If you want to use kdm,"
+ elog "make sure consolekit daemon is running and started at login time"
+ elog
+ elog "rc-update add consolekit default && /etc/init.d/consolekit start"
+ echo
+ fi
+}
diff --git a/kde-base/kdm/kdm-4.4.2-r1.ebuild b/kde-base/kdm/kdm-4.4.2-r2.ebuild
index 0f876b15fe7c..6e95e0178fd8 100644
--- a/kde-base/kdm/kdm-4.4.2-r1.ebuild
+++ b/kde-base/kdm/kdm-4.4.2-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/kde-base/kdm/kdm-4.4.2-r1.ebuild,v 1.1 2010/04/09 14:56:48 reavertm Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-base/kdm/kdm-4.4.2-r2.ebuild,v 1.1 2010/04/14 18:30:46 reavertm Exp $
EAPI="3"
@@ -41,6 +41,7 @@ KMEXTRA="
PATCHES=(
"${FILESDIR}/kdebase-4.0.2-pam-optional.patch"
"${FILESDIR}/${PN}-4-gentoo-xinitrc.d.patch"
+ "${FILESDIR}/${PN}-4.4.2-CVE-2010-0436.patch"
)
src_configure() {