Revision: 67131 http://trac.macports.org/changeset/67131 Author: takanori@macports.org Date: 2010-04-29 19:08:51 -0700 (Thu, 29 Apr 2010) Log Message: ----------- kdebase3: - fixed KDM Local Privilege Escalation Vulnerability (CVE-2010-0436) http://www.kde.org/info/security/advisory-20100413-1.txt Patch obtained from: Debian, FreeBSD Modified Paths: -------------- trunk/dports/kde/kdebase3/Portfile Added Paths: ----------- trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch Modified: trunk/dports/kde/kdebase3/Portfile =================================================================== --- trunk/dports/kde/kdebase3/Portfile 2010-04-30 02:07:01 UTC (rev 67130) +++ trunk/dports/kde/kdebase3/Portfile 2010-04-30 02:08:51 UTC (rev 67131) @@ -6,7 +6,7 @@ name kdebase3 version 3.5.10 -revision 5 +revision 6 set kdeadmin kde-admindir-1502 categories kde kde3 maintainers nomaintainer @@ -59,7 +59,8 @@ system "cd ${worksrcpath} && bzcat -dc ${distpath}/${kdeadmin}.tar.bz2 | tar xf -" } -patchfiles kdebase3-unified.patch +patchfiles kdebase3-unified.patch \ + CVE-2010-0436.patch patch { foreach f $patchfiles { Added: trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch =================================================================== --- trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch (rev 0) +++ trunk/dports/kde/kdebase3/files/CVE-2010-0436.patch 2010-04-30 02:08:51 UTC (rev 67131) @@ -0,0 +1,47 @@ +--- kdebase-3.5.10/kdm/backend/ctrl.c.orig 2007-01-15 20:32:23.000000000 +0900 ++++ kdebase-3.5.10/kdm/backend/ctrl.c 2010-04-30 09:51:41.000000000 +0900 +@@ -140,22 +140,24 @@ + if (strlen( cr->path ) >= sizeof(sa.sun_path)) + LogError( "path %\"s too long; no control sockets will be available\n", + cr->path ); +- else if (mkdir( sockdir, 0755 ) && errno != EEXIST) ++ else if (mkdir( sockdir, 0700 ) && errno != EEXIST) + LogError( "mkdir %\"s failed; no control sockets will be available\n", + sockdir ); ++ else if (unlink( cr->path ) && errno != ENOENT) ++ LogError( "unlink %\"s failed: %m; control socket will not be available\n", ++ cr->path ); + else { +- if (!d) +- chown( sockdir, -1, fifoGroup ); +- chmod( sockdir, 0750 ); + if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0) + LogError( "Cannot create control socket\n" ); + else { +- unlink( cr->path ); + sa.sun_family = AF_UNIX; + strcpy( sa.sun_path, cr->path ); + if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) { + if (!listen( cr->fd, 5 )) { +- chmod( cr->path, 0666 ); ++ chmod( cr->path, 0660 ); ++ if (!d) ++ chown( cr->path, -1, fifoGroup ); ++ chmod( sockdir, 0755 ); + RegisterCloseOnFork( cr->fd ); + RegisterInput( cr->fd ); + free( sockdir ); +@@ -218,12 +220,8 @@ + { + if (cr->fpath) + chown( cr->fpath, uid, -1 ); +- if (cr->path) { +- char *ptr = strrchr( cr->path, '/' ); +- *ptr = 0; ++ if (cr->path) + chown( cr->path, uid, -1 ); +- *ptr = '/'; +- } + } + + void