SECURITY: CVE-2010-0436, see:

http://www.kde.org/info/security/advisory-20100413-1.txt diff from FreeBSD via brad.
2010-05-13 07:01:00 +00:00 · 2010-05-13 07:01:00 +00:00 · dae1069db4
commit dae1069db4
parent bc741e7ffc
2 changed files with 54 additions and 2 deletions
--- a/x11/kde/base3/Makefile
+++ b/x11/kde/base3/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.94 2010/01/17 08:58:38 espie Exp $
+# $OpenBSD: Makefile,v 1.95 2010/05/13 07:01:00 ajacoutot Exp $

 COMMENT-main = 		K Desktop Environment, basic applications
 COMMENT-plugins =	Konqueror nsplugins, essentially native JDK
@ -6,7 +6,7 @@ COMMENT-samba =		K Desktop Environment, samba support
 CATEGORIES =		x11 x11/kde
 VERSION =		3.5.10
 DISTNAME =		kdebase-${VERSION}
-PKGNAME-main =		${DISTNAME}p7
+PKGNAME-main =		${DISTNAME}p8
 PKGNAME-samba =		kdesamba-${VERSION}p1
 MODKDE_VERSION ?=	3.5.8
 SHARED_LIBS +=	konq                 7.0      # .6.0
--- a/x11/kde/base3/patches/patch-kdm_backend_ctrl_c
+++ b/x11/kde/base3/patches/patch-kdm_backend_ctrl_c
@ -0,0 +1,52 @@
+$OpenBSD: patch-kdm_backend_ctrl_c,v 1.1 2010/05/13 07:01:00 ajacoutot Exp $
+
+CVE-2010-0436, see:
+    http://www.kde.org/info/security/advisory-20100413-1.txt
+
+--- kdm/backend/ctrl.c.orig	Mon Jan 15 12:32:23 2007
+++ kdm/backend/ctrl.c	Thu May 13 08:57:25 2010
+@@ -140,22 +140,24 @@ openCtrl( struct display *d )
+ 				if (strlen( cr->path ) >= sizeof(sa.sun_path))
+ 					LogError( "path %\"s too long; no control sockets will be available\n",
+ 					          cr->path );
+-				else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
+				else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
+ 					LogError( "mkdir %\"s failed; no control sockets will be available\n",
+ 					          sockdir );
+				else if (unlink( cr->path ) && errno != ENOENT)
+					LogError( "unlink %\"s failed: %m; control socket will not be available\n",
+					          cr->path );
+ 				else {
+-					if (!d)
+-						chown( sockdir, -1, fifoGroup );
+-					chmod( sockdir, 0750 );
+ 					if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
+ 						LogError( "Cannot create control socket\n" );
+ 					else {
+-						unlink( cr->path );
+ 						sa.sun_family = AF_UNIX;
+ 						strcpy( sa.sun_path, cr->path );
+ 						if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
+ 							if (!listen( cr->fd, 5 )) {
+-								chmod( cr->path, 0666 );
+								chmod( cr->path, 0660 );
+								if (!d)
+								   chown( cr->path, -1, fifoGroup );
+								chmod( sockdir, 0755 );
+ 								RegisterCloseOnFork( cr->fd );
+ 								RegisterInput( cr->fd );
+ 								free( sockdir );
+@@ -218,12 +220,8 @@ chownCtrl( CtrlRec *cr, int uid )
+ {
+ 	if (cr->fpath)
+ 		chown( cr->fpath, uid, -1 );
+-	if (cr->path) {
+-		char *ptr = strrchr( cr->path, '/' );
+-		*ptr = 0;
+	if (cr->path)
+ 		chown( cr->path, uid, -1 );
+-		*ptr = '/';
+-	}
+ }
+ 
+ void