diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-06-05 09:36:30 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-07 19:49:18 +0000 |
commit | d294bb94f12a38a2be5c3efc793d6b5e234b0b4b (patch) | |
tree | 15e53203b65f583c7ab46590b1fde3e4c5f01da0 | |
parent | 1794998b957c4311b20aa504cb0c1576e702d3d9 (diff) | |
download | alpine_aports-d294bb94f12a38a2be5c3efc793d6b5e234b0b4b.tar.bz2 alpine_aports-d294bb94f12a38a2be5c3efc793d6b5e234b0b4b.tar.xz alpine_aports-d294bb94f12a38a2be5c3efc793d6b5e234b0b4b.zip |
main/linux-pam: security upgrade to 1.2.1 (CVE-2015-3238)
ref #4387
fixes #4391
-rw-r--r-- | main/linux-pam/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-pam/musl-fix-pam_exec.patch | 31 |
2 files changed, 41 insertions, 6 deletions
diff --git a/main/linux-pam/APKBUILD b/main/linux-pam/APKBUILD index 5b71afcd5f..64d88c3318 100644 --- a/main/linux-pam/APKBUILD +++ b/main/linux-pam/APKBUILD | |||
@@ -1,8 +1,8 @@ | |||
1 | # Contributor: William Pitcock <nenolod@dereferenced.org> | 1 | # Contributor: William Pitcock <nenolod@dereferenced.org> |
2 | # Maintainer: William Pitcock <nenolod@dereferenced.org> | 2 | # Maintainer: William Pitcock <nenolod@dereferenced.org> |
3 | pkgname=linux-pam | 3 | pkgname=linux-pam |
4 | pkgver=1.1.8 | 4 | pkgver=1.2.1 |
5 | pkgrel=2 | 5 | pkgrel=0 |
6 | pkgdesc="pluggable authentication modules for linux" | 6 | pkgdesc="pluggable authentication modules for linux" |
7 | url="http://www.kernel.org/pub/linux/libs/pam" | 7 | url="http://www.kernel.org/pub/linux/libs/pam" |
8 | arch="all" | 8 | arch="all" |
@@ -13,10 +13,11 @@ makedepends="$depends_dev bison flex-dev autoconf automake libtool" | |||
13 | install="" | 13 | install="" |
14 | options="suid" | 14 | options="suid" |
15 | subpackages="$pkgname-dev $pkgname-doc" | 15 | subpackages="$pkgname-dev $pkgname-doc" |
16 | source="https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-$pkgver.tar.bz2 | 16 | source="http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2 |
17 | linux-pam-innetgr.patch | 17 | linux-pam-innetgr.patch |
18 | fix-compat.patch | 18 | fix-compat.patch |
19 | libpam-fix-build-with-eglibc-2.16.patch | 19 | libpam-fix-build-with-eglibc-2.16.patch |
20 | musl-fix-pam_exec.patch | ||
20 | 21 | ||
21 | base-auth.pamd | 22 | base-auth.pamd |
22 | base-account.pamd | 23 | base-account.pamd |
@@ -84,30 +85,33 @@ package() { | |||
84 | && chmod g+s "$pkgdir"/sbin/unix_chkpwd || return 1 | 85 | && chmod g+s "$pkgdir"/sbin/unix_chkpwd || return 1 |
85 | } | 86 | } |
86 | 87 | ||
87 | md5sums="35b6091af95981b1b2cd60d813b5e4ee Linux-PAM-1.1.8.tar.bz2 | 88 | md5sums="9dc53067556d2dd567808fd509519dd6 Linux-PAM-1.2.1.tar.bz2 |
88 | c309401e103cc86e8b25557ff3eb0b53 linux-pam-innetgr.patch | 89 | c309401e103cc86e8b25557ff3eb0b53 linux-pam-innetgr.patch |
89 | 283a399db933a7598fc63ada5d3eb38c fix-compat.patch | 90 | 283a399db933a7598fc63ada5d3eb38c fix-compat.patch |
90 | 23320dadf8e36846b6bbd7903f95ece5 libpam-fix-build-with-eglibc-2.16.patch | 91 | 23320dadf8e36846b6bbd7903f95ece5 libpam-fix-build-with-eglibc-2.16.patch |
92 | 9ade1e4582b34e138368664ff145fd94 musl-fix-pam_exec.patch | ||
91 | aa5bb7c9d8e4687aea1ae69b7447254a base-auth.pamd | 93 | aa5bb7c9d8e4687aea1ae69b7447254a base-auth.pamd |
92 | fafcf29cb9bab788cb4933106be31883 base-account.pamd | 94 | fafcf29cb9bab788cb4933106be31883 base-account.pamd |
93 | 117535e4938f478efced1398b408cf96 base-password.pamd | 95 | 117535e4938f478efced1398b408cf96 base-password.pamd |
94 | baec6808544bf6cebc59e07467f8c213 base-session.pamd | 96 | baec6808544bf6cebc59e07467f8c213 base-session.pamd |
95 | afbdd8eb4db5c31dfd8e8da35c698b90 base-session-noninteractive.pamd | 97 | afbdd8eb4db5c31dfd8e8da35c698b90 base-session-noninteractive.pamd |
96 | b8e839ece64df173f16d28520eb8d66c other.pamd" | 98 | b8e839ece64df173f16d28520eb8d66c other.pamd" |
97 | sha256sums="c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 Linux-PAM-1.1.8.tar.bz2 | 99 | sha256sums="342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 Linux-PAM-1.2.1.tar.bz2 |
98 | fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde linux-pam-innetgr.patch | 100 | fb609212837c67da7da033a0daa01d1c2e34166867530e6924102b655e00ebde linux-pam-innetgr.patch |
99 | 4e1f855779a73960f48e570ce507884325a3aef374721e3973e1e22a60b9bec0 fix-compat.patch | 101 | 4e1f855779a73960f48e570ce507884325a3aef374721e3973e1e22a60b9bec0 fix-compat.patch |
100 | 01c9216a2a833d10c2b42e1182b161b125d869e8620e60989636feb721d466c5 libpam-fix-build-with-eglibc-2.16.patch | 102 | 01c9216a2a833d10c2b42e1182b161b125d869e8620e60989636feb721d466c5 libpam-fix-build-with-eglibc-2.16.patch |
103 | c0e51d82de9271d38217209d8a55b444b743a226ac9d7a3220b433d49236bd11 musl-fix-pam_exec.patch | ||
101 | daedb66d2b6c324f62100657383f3da6af196ad516837f36a3142da5318b8874 base-auth.pamd | 104 | daedb66d2b6c324f62100657383f3da6af196ad516837f36a3142da5318b8874 base-auth.pamd |
102 | 51dba5c32d8cfa0c1795b2ed72af7aa5871f7943a20f89d2e4ad00b9053bc9c8 base-account.pamd | 105 | 51dba5c32d8cfa0c1795b2ed72af7aa5871f7943a20f89d2e4ad00b9053bc9c8 base-account.pamd |
103 | 16c2d6f750f8bb320d64537554c48e3474f13623e7f6e231135d2cd2362745a3 base-password.pamd | 106 | 16c2d6f750f8bb320d64537554c48e3474f13623e7f6e231135d2cd2362745a3 base-password.pamd |
104 | 5bf97347375ffc626fd3ed2e8d39abde566c2eca3f5e06a737ccffd48aede5de base-session.pamd | 107 | 5bf97347375ffc626fd3ed2e8d39abde566c2eca3f5e06a737ccffd48aede5de base-session.pamd |
105 | a65802b72a44b0c2083bce7e7d0cd1b04782272a6281a65c5b0075b8f9bccd5f base-session-noninteractive.pamd | 108 | a65802b72a44b0c2083bce7e7d0cd1b04782272a6281a65c5b0075b8f9bccd5f base-session-noninteractive.pamd |
106 | 2e4850ba8db3aee3fe97eaf76286ada585d821cd8affc97c845eb58b2bf68bb6 other.pamd" | 109 | 2e4850ba8db3aee3fe97eaf76286ada585d821cd8affc97c845eb58b2bf68bb6 other.pamd" |
107 | sha512sums="245785ab4e187ceaab6393967352c8d2a2319c64e1e83285d0251cc02995dc2edab8e3001301b6d9f6774c441b7557d9caf4dfdf94c7cd5d44aa53ae759d9e5d Linux-PAM-1.1.8.tar.bz2 | 110 | sha512sums="4572aa1eaf5a1312410c74b5ed055b2592c5efe2bb82f59981da4e9e93555ad40aee3a89f446d9dc6c6af79efc04c33f739f66db9edc07e02479475a14e426da Linux-PAM-1.2.1.tar.bz2 |
108 | ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9 linux-pam-innetgr.patch | 111 | ca32ecdacfc5b8f1482031203b616932b646a008b02080315ea2589af5962180d4ff4339c27fe9f6a878a89f47fb69429f4ac75d67b0e70ad7765a4db1dc74d9 linux-pam-innetgr.patch |
109 | 52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d fix-compat.patch | 112 | 52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d fix-compat.patch |
110 | f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44 libpam-fix-build-with-eglibc-2.16.patch | 113 | f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44 libpam-fix-build-with-eglibc-2.16.patch |
114 | bc443d2a9b1d90b81959ce6fa154042365d5e7840f8696f847a145bbaaeffcbe1e9cd2b8ba76131a7b48737929e281f4fe864582fa4fc40315f2d10c650e0cd9 musl-fix-pam_exec.patch | ||
111 | 0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6 base-auth.pamd | 115 | 0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6 base-auth.pamd |
112 | 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b base-account.pamd | 116 | 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b base-account.pamd |
113 | 8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d base-password.pamd | 117 | 8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d base-password.pamd |
diff --git a/main/linux-pam/musl-fix-pam_exec.patch b/main/linux-pam/musl-fix-pam_exec.patch new file mode 100644 index 0000000000..b6b999faed --- /dev/null +++ b/main/linux-pam/musl-fix-pam_exec.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | --- ./modules/pam_exec/pam_exec.c.orig | ||
2 | +++ ./modules/pam_exec/pam_exec.c | ||
3 | @@ -103,11 +103,14 @@ | ||
4 | int optargc; | ||
5 | const char *logfile = NULL; | ||
6 | const char *authtok = NULL; | ||
7 | + char authtok_buf[PAM_MAX_RESP_SIZE+1]; | ||
8 | + | ||
9 | pid_t pid; | ||
10 | int fds[2]; | ||
11 | int stdout_fds[2]; | ||
12 | FILE *stdout_file = NULL; | ||
13 | |||
14 | + memset(authtok_buf, 0, sizeof(authtok_buf)); | ||
15 | if (argc < 1) { | ||
16 | pam_syslog (pamh, LOG_ERR, | ||
17 | "This module needs at least one argument"); | ||
18 | @@ -178,11 +181,11 @@ | ||
19 | } | ||
20 | |||
21 | pam_set_item (pamh, PAM_AUTHTOK, resp); | ||
22 | - authtok = strndupa (resp, PAM_MAX_RESP_SIZE); | ||
23 | + authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf)); | ||
24 | _pam_drop (resp); | ||
25 | } | ||
26 | else | ||
27 | - authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); | ||
28 | + authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf)); | ||
29 | |||
30 | if (pipe(fds) != 0) | ||
31 | { | ||