- Fix KDM vulnerability.

- Bump PORTREVISION. Approved by: tabthorpe (mentor) Obtained from: KDE Security: 3987c5d1-47a9-11df-a0d5-0016d32f24fb
svn path=/head/; revision=252800
2010-04-17 14:50:54 +00:00 · 2010-04-17 14:50:54 +00:00 · dd266c7d4a · 2021-03-31 03:12:20 +00:00
commit dd266c7d4a
parent 02a35d5c40
4 changed files with 388 additions and 2 deletions
--- a/x11/kde4-workspace/Makefile
+++ b/x11/kde4-workspace/Makefile
@ -8,7 +8,7 @@

 PORTNAME=	kdebase-workspace
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	${KDE4_BRANCH}/${PORTVERSION}/src
--- a/x11/kde4-workspace/files/patch-CVE-2010-0436
+++ b/x11/kde4-workspace/files/patch-CVE-2010-0436
@ -0,0 +1,193 @@
+--- kdm/ConfigureChecks.cmake.orig	2009-05-27 21:53:40.000000000 +0200
+++ kdm/ConfigureChecks.cmake	2010-04-14 13:39:40.198779887 +0200
+@@ -37,6 +37,35 @@
+ }
+ " HAVE_SETLOGIN)
+ 
+check_c_source_runs("
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+int main()
+{
+    int fd, fd2;
+    struct sockaddr_un sa;
+
+    if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+        return 2;
+    sa.sun_family = AF_UNIX;
+    strcpy(sa.sun_path, \"testsock\");
+    unlink(sa.sun_path);
+    if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)))
+        return 2;
+    chmod(sa.sun_path, 0);
+    setuid(getuid() + 1000);
+    if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+        return 2;
+    connect(fd2, (struct sockaddr *)&sa, sizeof(sa));
+    return errno != EACCES;
+}
+" HONORS_SOCKET_PERMS)
+
+ # for config-kdm.h
+ check_function_exists(seteuid HAVE_SETEUID)
+ 
+--- kdm/backend/ctrl.c.orig	2009-03-18 10:59:20.000000000 +0100
+++ kdm/backend/ctrl.c	2010-04-14 14:08:45.712067919 +0200
+@@ -78,7 +78,25 @@
+ }
+ 
+ 
+#ifdef HONORS_SOCKET_PERMS
+ static CtrlRec ctrl = { 0, 0, -1, 0 };
+#else
+static CtrlRec ctrl = { 0, 0, 0, -1, 0 };
+
+static int mkTempDir( char *dir )
+{
+	int i, l = strlen( dir ) - 6;
+
+	for (i = 0; i < 100; i++) {
+		randomStr( dir + l );
+		if (!mkdir( dir, 0700 ))
+			return True;
+		if (errno != EEXIST)
+			break;
+	}
+	return False;
+}
+#endif
+ 
+ void
+ openCtrl( struct display *d )
+@@ -112,22 +130,50 @@
+ 				if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ 					logError( "path %\"s too long; no control sockets will be available\n",
+ 					          cr->path );
+-				else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
+#ifdef HONORS_SOCKET_PERMS
+				else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ 					logError( "mkdir %\"s failed; no control sockets will be available\n",
+ 					          sockdir );
+				else if (unlink( cr->path ) && errno != ENOENT)
+					logError( "unlink %\"s failed: %m; control socket will not be available\n",
+						cr->path );
+ 				else {
+-					if (!d)
+-						chown( sockdir, -1, fifoGroup );
+#else
+				else if (unlink( sockdir ) && errno != ENOENT)
+					logError( "unlink %\"s failed: %m; control socket will not be available\n",
+						sockdir );
+				else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0))
+					;
+				else if (!mkTempDir( cr->realdir )) {
+					logError( "mkdir %\"s failed: %m; control socket will not be available\n",
+						cr->realdir );
+					free( cr->realdir );
+					cr->realdir = 0;
+				} else if (symlink( cr->realdir, sockdir )) {
+					logError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n",
+						sockdir, cr->realdir );
+					rmdir( cr->realdir );
+					free( cr->realdir );
+					cr->realdir = 0;
+				} else {
+					chown( sockdir, 0, d ? 0 : fifoGroup );
+ 					chmod( sockdir, 0750 );
+#endif
+ 					if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ 						logError( "Cannot create control socket\n" );
+ 					else {
+-						unlink( cr->path );
+ 						sa.sun_family = AF_UNIX;
+ 						strcpy( sa.sun_path, cr->path );
+ 						if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ 							if (!listen( cr->fd, 5 )) {
+#ifdef HONORS_SOCKET_PERMS
+								chmod( cr->path, 0660 );
+								if (!d)
+									chown( cr->path, -1, fifoGroup );
+								chmod( sockdir, 0755 );
+#else
+ 								chmod( cr->path, 0666 );
+#endif
+ 								registerCloseOnFork( cr->fd );
+ 								registerInput( cr->fd );
+ 								free( sockdir );
+@@ -142,6 +188,14 @@
+ 						close( cr->fd );
+ 						cr->fd = -1;
+ 					}
+#ifdef HONORS_SOCKET_PERMS
+					rmdir( sockdir );
+#else
+					unlink( sockdir );
+					rmdir( cr->realdir );
+					free( cr->realdir );
+					cr->realdir = 0;
+#endif
+ 				}
+ 				free( cr->path );
+ 				cr->path = 0;
+@@ -162,7 +216,14 @@
+ 		cr->fd = -1;
+ 		unlink( cr->path );
+ 		*strrchr( cr->path, '/' ) = 0;
+#ifdef HONORS_SOCKET_PERMS
+ 		rmdir( cr->path );
+#else
+		unlink( cr->path );
+		rmdir( cr->realdir );
+		free( cr->realdir );
+		cr->realdir = 0;
+#endif
+ 		free( cr->path );
+ 		cr->path = 0;
+ 		while (cr->css) {
+@@ -176,12 +237,12 @@
+ void
+ chownCtrl( CtrlRec *cr, int uid )
+ {
+-	if (cr->path) {
+-		char *ptr = strrchr( cr->path, '/' );
+-		*ptr = 0;
+	if (cr->path)
+#ifdef HONORS_SOCKET_PERMS
+ 		chown( cr->path, uid, -1 );
+-		*ptr = '/';
+-	}
+#else
+		chown( cr->realdir, uid, -1 );
+#endif
+ }
+ 
+ void
+--- kdm/backend/dm.h.orig	2008-11-19 11:18:06.000000000 +0100
+++ kdm/backend/dm.h	2010-04-14 13:39:40.233775307 +0200
+@@ -232,6 +232,9 @@
+ 	struct cmdsock *css;  /* open connections */
+ 
+ 	char *path;           /* filename of the socket */
+#ifndef HONORS_SOCKET_PERMS
+	char *realdir;        /* real dirname of the socket */
+#endif
+ 	int fd;               /* fd of the socket */
+ 	int gid;              /* owner group of the socket */
+ } CtrlRec;
+--- kdm/config-kdm.h.cmake.orig	2009-05-27 21:53:40.000000000 +0200
+++ kdm/config-kdm.h.cmake	2010-04-14 13:39:40.250772397 +0200
+@@ -129,6 +129,9 @@
+ /* Define to 1 if the ck-connector library is found */
+ #cmakedefine HAVE_CKCONNECTOR 1
+ 
+/* Define to 1 if OS honors permission bits on socket inodes */
+#cmakedefine HONORS_SOCKET_PERMS 1
+
+ /* $PATH defaults set by KDM */
+ #cmakedefine KDM_DEF_USER_PATH "${KDM_DEF_USER_PATH}"
+ #cmakedefine KDM_DEF_SYSTEM_PATH "${KDM_DEF_SYSTEM_PATH}"
--- a/x11/kdebase4-workspace/Makefile
+++ b/x11/kdebase4-workspace/Makefile
@ -8,7 +8,7 @@

 PORTNAME=	kdebase-workspace
 PORTVERSION=	${KDE4_VERSION}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	x11 kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	${KDE4_BRANCH}/${PORTVERSION}/src
--- a/x11/kdebase4-workspace/files/patch-CVE-2010-0436
+++ b/x11/kdebase4-workspace/files/patch-CVE-2010-0436
@ -0,0 +1,193 @@
+--- kdm/ConfigureChecks.cmake.orig	2009-05-27 21:53:40.000000000 +0200
+++ kdm/ConfigureChecks.cmake	2010-04-14 13:39:40.198779887 +0200
+@@ -37,6 +37,35 @@
+ }
+ " HAVE_SETLOGIN)
+ 
+check_c_source_runs("
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+int main()
+{
+    int fd, fd2;
+    struct sockaddr_un sa;
+
+    if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+        return 2;
+    sa.sun_family = AF_UNIX;
+    strcpy(sa.sun_path, \"testsock\");
+    unlink(sa.sun_path);
+    if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)))
+        return 2;
+    chmod(sa.sun_path, 0);
+    setuid(getuid() + 1000);
+    if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+        return 2;
+    connect(fd2, (struct sockaddr *)&sa, sizeof(sa));
+    return errno != EACCES;
+}
+" HONORS_SOCKET_PERMS)
+
+ # for config-kdm.h
+ check_function_exists(seteuid HAVE_SETEUID)
+ 
+--- kdm/backend/ctrl.c.orig	2009-03-18 10:59:20.000000000 +0100
+++ kdm/backend/ctrl.c	2010-04-14 14:08:45.712067919 +0200
+@@ -78,7 +78,25 @@
+ }
+ 
+ 
+#ifdef HONORS_SOCKET_PERMS
+ static CtrlRec ctrl = { 0, 0, -1, 0 };
+#else
+static CtrlRec ctrl = { 0, 0, 0, -1, 0 };
+
+static int mkTempDir( char *dir )
+{
+	int i, l = strlen( dir ) - 6;
+
+	for (i = 0; i < 100; i++) {
+		randomStr( dir + l );
+		if (!mkdir( dir, 0700 ))
+			return True;
+		if (errno != EEXIST)
+			break;
+	}
+	return False;
+}
+#endif
+ 
+ void
+ openCtrl( struct display *d )
+@@ -112,22 +130,50 @@
+ 				if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ 					logError( "path %\"s too long; no control sockets will be available\n",
+ 					          cr->path );
+-				else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
+#ifdef HONORS_SOCKET_PERMS
+				else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ 					logError( "mkdir %\"s failed; no control sockets will be available\n",
+ 					          sockdir );
+				else if (unlink( cr->path ) && errno != ENOENT)
+					logError( "unlink %\"s failed: %m; control socket will not be available\n",
+						cr->path );
+ 				else {
+-					if (!d)
+-						chown( sockdir, -1, fifoGroup );
+#else
+				else if (unlink( sockdir ) && errno != ENOENT)
+					logError( "unlink %\"s failed: %m; control socket will not be available\n",
+						sockdir );
+				else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0))
+					;
+				else if (!mkTempDir( cr->realdir )) {
+					logError( "mkdir %\"s failed: %m; control socket will not be available\n",
+						cr->realdir );
+					free( cr->realdir );
+					cr->realdir = 0;
+				} else if (symlink( cr->realdir, sockdir )) {
+					logError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n",
+						sockdir, cr->realdir );
+					rmdir( cr->realdir );
+					free( cr->realdir );
+					cr->realdir = 0;
+				} else {
+					chown( sockdir, 0, d ? 0 : fifoGroup );
+ 					chmod( sockdir, 0750 );
+#endif
+ 					if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ 						logError( "Cannot create control socket\n" );
+ 					else {
+-						unlink( cr->path );
+ 						sa.sun_family = AF_UNIX;
+ 						strcpy( sa.sun_path, cr->path );
+ 						if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ 							if (!listen( cr->fd, 5 )) {
+#ifdef HONORS_SOCKET_PERMS
+								chmod( cr->path, 0660 );
+								if (!d)
+									chown( cr->path, -1, fifoGroup );
+								chmod( sockdir, 0755 );
+#else
+ 								chmod( cr->path, 0666 );
+#endif
+ 								registerCloseOnFork( cr->fd );
+ 								registerInput( cr->fd );
+ 								free( sockdir );
+@@ -142,6 +188,14 @@
+ 						close( cr->fd );
+ 						cr->fd = -1;
+ 					}
+#ifdef HONORS_SOCKET_PERMS
+					rmdir( sockdir );
+#else
+					unlink( sockdir );
+					rmdir( cr->realdir );
+					free( cr->realdir );
+					cr->realdir = 0;
+#endif
+ 				}
+ 				free( cr->path );
+ 				cr->path = 0;
+@@ -162,7 +216,14 @@
+ 		cr->fd = -1;
+ 		unlink( cr->path );
+ 		*strrchr( cr->path, '/' ) = 0;
+#ifdef HONORS_SOCKET_PERMS
+ 		rmdir( cr->path );
+#else
+		unlink( cr->path );
+		rmdir( cr->realdir );
+		free( cr->realdir );
+		cr->realdir = 0;
+#endif
+ 		free( cr->path );
+ 		cr->path = 0;
+ 		while (cr->css) {
+@@ -176,12 +237,12 @@
+ void
+ chownCtrl( CtrlRec *cr, int uid )
+ {
+-	if (cr->path) {
+-		char *ptr = strrchr( cr->path, '/' );
+-		*ptr = 0;
+	if (cr->path)
+#ifdef HONORS_SOCKET_PERMS
+ 		chown( cr->path, uid, -1 );
+-		*ptr = '/';
+-	}
+#else
+		chown( cr->realdir, uid, -1 );
+#endif
+ }
+ 
+ void
+--- kdm/backend/dm.h.orig	2008-11-19 11:18:06.000000000 +0100
+++ kdm/backend/dm.h	2010-04-14 13:39:40.233775307 +0200
+@@ -232,6 +232,9 @@
+ 	struct cmdsock *css;  /* open connections */
+ 
+ 	char *path;           /* filename of the socket */
+#ifndef HONORS_SOCKET_PERMS
+	char *realdir;        /* real dirname of the socket */
+#endif
+ 	int fd;               /* fd of the socket */
+ 	int gid;              /* owner group of the socket */
+ } CtrlRec;
+--- kdm/config-kdm.h.cmake.orig	2009-05-27 21:53:40.000000000 +0200
+++ kdm/config-kdm.h.cmake	2010-04-14 13:39:40.250772397 +0200
+@@ -129,6 +129,9 @@
+ /* Define to 1 if the ck-connector library is found */
+ #cmakedefine HAVE_CKCONNECTOR 1
+ 
+/* Define to 1 if OS honors permission bits on socket inodes */
+#cmakedefine HONORS_SOCKET_PERMS 1
+
+ /* $PATH defaults set by KDM */
+ #cmakedefine KDM_DEF_USER_PATH "${KDM_DEF_USER_PATH}"
+ #cmakedefine KDM_DEF_SYSTEM_PATH "${KDM_DEF_SYSTEM_PATH}"