Add patch for security bug #473120. Make xdm-auth optional, bug #445662.

Package-Manager: portage-2.1.12.2/cvs/Linux x86_64

5 files changed, 131 insertions, 16 deletions

diff --git a/x11-apps/xdm/ChangeLog b/x11-apps/xdm/ChangeLog
index e549c2cda66a..57d94f992ad6 100644
--- a/x11-apps/xdm/ChangeLog
+++ b/x11-apps/xdm/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for x11-apps/xdm
-# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.146 2012/12/07 18:10:39 mgorny Exp $
+# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.147 2013/07/02 09:57:47 chithanh Exp $
+
+*xdm-1.1.11-r3 (02 Jul 2013)
+
+  02 Jul 2013; Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
+  +files/xdm-1.1.11-cve-2013-2179.patch, +xdm-1.1.11-r3.ebuild, metadata.xml:
+  Add patch for security bug #473120. Make xdm-auth optional, bug #445662.
 
 *xdm-1.1.11-r2 (07 Dec 2012)
 
diff --git a/x11-apps/xdm/Manifest b/x11-apps/xdm/Manifest
index bd0a6c9469a2..badf5aa61884 100644
--- a/x11-apps/xdm/Manifest
+++ b/x11-apps/xdm/Manifest
@@ -1,19 +1,9 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 AUX Xsession 1521 SHA256 8a09cd1cef9ebce190e13009e8b21a8504eac1cec3fc31a10d3740b6c7aa49b6 SHA512 6cb72d93ab8004e42e9f5002f7f8bb6eb7d9833fd7d3fb0acf7b7b481ead5fb55cb1b836a1e6010fe859e9e04e14064c442e23fdde5991ffb8556ed5aa5af555 WHIRLPOOL 079887cd7f29fe11e3306da145d4279e99d93c131850a03d49c35befd6d001d8c69a53b9b528a7808ff5913f8787adc90d6fb0f041234462d8f6204a9be0d127
+AUX xdm-1.1.11-cve-2013-2179.patch 1519 SHA256 92307af6fe30116f520798425a7356c8690e837430a5d1b4674243ac16cad6cd SHA512 5890051b134f1ed8f68846ee47d38375fbd0b4c639b9ae834b27d5b1749456aba4e1000a16a16d387072845887685375b1d87c4ce3870cc2acda58c4f17d45ae WHIRLPOOL fdc7a9e75afe5690f3b37e94385afe780185363e7923a5b5fba66a9f272146bc82a690a0b853d10ec614168791a69dded862518d879546ebc9582a7a14efd1be
 AUX xdm-consolekit.patch 5712 SHA256 902bf08f10244325897bc410e7fb81178e47dcae9d96c115992ece860c1b211d SHA512 d87ec56e4b7d067709679f222d3bd9009f1496d66c3c4335458b54e2a468200e3c7ac99843330c23bad7049995c93e8f3c74f3161529c6fb488e94e9fcd4752a WHIRLPOOL 89d80047bf95de606a0fd87cb6ce26b6aad755c8ea1e83db7adf0d3751e655be271ae4db5dd2097226e79359a3d85e7b485d4bedcf5bf800c2add4552429ec23
 DIST xdm-1.1.11.tar.bz2 446612 SHA256 d4da426ddea0124279a3f2e00a26db61944690628ee818a64df9d27352081c47 SHA512 fe6f2b7817c0f7f07a1f5f497edcdfa15b93986fd87f314daa472dac8625327ef46ebbf40d27fe8d4a8a2f8d5af8a01c4438a29356740e0eb350f2bd0c7ec0d5 WHIRLPOOL e505cfc5615d93ce8911f30b10b99698b38fa71dd468770616b95d34a0da2212f080f12a1457c715fc58beea56f4d9adc2f41dd63e3bf431b8d85182f0c250d8
 EBUILD xdm-1.1.11-r1.ebuild 1518 SHA256 1b317316e20e217c0dd99fbdd5a106af94ede1d9bc4b14cbf58c47238f8623dc SHA512 49922b14700a129ecdccb53eda891f5bcb2dd34c3016f47749e66284db49586321f6e46376db6f49ccbf31ec344426ad373b280be4c916a42192846ebbb65db1 WHIRLPOOL 5e6549d32d2e9c71ca73b431c27fe406c4348e5eb4ec8a59c84f0a1c40eb4dc8a99a3d35ae65f98862395c88aa488dee70ebc2293f8af3cc74caea97c00f8f3d
 EBUILD xdm-1.1.11-r2.ebuild 1747 SHA256 8d16b66733fd348658808c225de6976207e7610d2af0f425722d54205296e054 SHA512 92df9dcaa42d67567efe277f06cc323289d18562090a0b6a3a5c66ebf8987c0a4b568b66496efa961f07f8cc1cd04b3f0e30242570282594a01512b3f27c972f WHIRLPOOL d3a030b11e188dbc3d6678e54cdb02a53ade266226a6d8a90bd54837d83ff988cdc8f88d4178a568c832486e27918bab5fb8bdd92fd93a22cf4489a208ef112a
-MISC ChangeLog 21077 SHA256 3eba988b689ed9e7a3c097fdd17c9fde1bc78334bdc4c49ce977ce72fd6d3846 SHA512 66d7b4c1680551c8399fad998ba9a27c90a7bf6d838f45d511f63a60d12323ac688d398c088e7baf89f9777aca08f33447e0372d1ffa1ecdf682d8410843e0cf WHIRLPOOL b9dba9734f62fa27099b7768e54db9df013ac7123992bbc16876d538fa12b2cccc1caca537e0ea6db9d12ee23edb73e34f50a23c9a0f1f0ddb90fbf81df7a901
-MISC metadata.xml 263 SHA256 b5893b2e9cadfba8dcee59fe1044e4131621077472177850c1b6ae1d8eef2b4e SHA512 4596b313fdeed4339fb7d34f5d53f23ba42432c2ed921386dd0cbeec0966ba3507b3380094957ff3999b5bb4dbf145b55cf0cfe8dd5a8b322b91d1eab9e645a1 WHIRLPOOL 885a9f94d8f75483f1f10a1e27353500fcf64acf16c8eaad97a2dc86b35c976d795a938dcf4f05f38b113c2da98eda47e86b0419d671b2abcdf3deefacb562a1
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.19 (GNU/Linux)
-
-iJwEAQEIAAYFAlDCMSoACgkQfXuS5UK5QB1ungP+JfEARIyz0KWR/xzSoFSVe1t6
-lE7L7pIetp1eY0t+86rdfEl+CWcZUVd+P/6ii9wqaJBBgk5mV24NMmJhjaT7PS1j
-GJNfDoYkb/eSeHNLX4THTPSsWFBP6stKiMMl1Jv1FlC8LrSImjiyQjAQybppmUOv
-yn5K/7LE+Y91/Dk/dGA=
-=BRgx
------END PGP SIGNATURE-----
+EBUILD xdm-1.1.11-r3.ebuild 1831 SHA256 5e93662dd37aa1288e94626cc02e42d207576f900f622ba8f70bfcea240267f3 SHA512 c6700490ca440859d6ba5ea3919edac6ef0458bd7e34e214dae6baf1b27fb0037981619ec8c19b4d4651f604fb064fc87501cfb287aa0ec656f43f2550fc90f4 WHIRLPOOL a6cff8204caaf35bd25eb59f2b4cf2acff784473bf7487145deae63e1cac8697036ba41ddc14072148254b256b66c1cf2f5652c871ba07bcb55e2bb750047cf5
+MISC ChangeLog 21332 SHA256 f0d1ccd997d51900573b9ad7f75a763518fe513379a6e1663c0be57171e199b5 SHA512 5679c0ab06c2d574d3b0b6e5153c8dcd1b9d541741654083b8d3978c9615247e767a0b9419e6629652002721afb65dbe547e9e378fb95c3a9da976df4026d1b8 WHIRLPOOL 73694574cb2bd92477a858b46f20e48c0ed284bb802bfba6ddc46cc1552127a50f42867a0e98dcaa971055f503f53835825aa756f9672c42e1541c0ad451d24b
+MISC metadata.xml 332 SHA256 28cc5576b4a0c4c3afc6d261bef5cf94f96150650d7b3ed1258ef4c6c62d8975 SHA512 eb24594ed388e7558468139aec0d4a83bce4484a2a4bcc43a3e4deacf6572949342d5367858c512d85afdebbd5d52ecfe04c9b07c8a2dac617ad986d68543de2 WHIRLPOOL 10c7506d7a9a09f66c616438728bbe8b4ceb71c1cf65c99cd80ca20149c10da1c2ce781082d2eb263ddf6d867a157b8b819fe101b571ebe06149fff62693eb5b
diff --git a/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
new file mode 100644
index 000000000000..34ae7ceb3cd6
--- /dev/null
+++ b/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
@@ -0,0 +1,41 @@
+From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Wed, 22 May 2013 14:20:26 +0000
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+If using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+diff --git a/greeter/verify.c b/greeter/verify.c
+index db3cb7d..b009e2b 100644
+--- a/greeter/verify.c
++++ b/greeter/verify.c
+@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+ 	struct spwd	*sp;
+ #  endif
+ 	char		*user_pass = NULL;
++	char		*crypted_pass = NULL;
+ # endif
+ # ifdef __OpenBSD__
+ 	char            *s;
+@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
+ #  if defined(ultrix) || defined(__ultrix__)
+ 	if (authenticate_user(p, greet->password, NULL) < 0)
+ #  else
+-	if (strcmp (crypt (greet->password, user_pass), user_pass))
++	crypted_pass = crypt (greet->password, user_pass);
++	if ((crypted_pass == NULL)
++	    || (strcmp (crypted_pass, user_pass)))
+ #  endif
+ 	{
+ 		if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) {
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/x11-apps/xdm/metadata.xml b/x11-apps/xdm/metadata.xml
index 21420eb3dfe3..7582fba56890 100644
--- a/x11-apps/xdm/metadata.xml
+++ b/x11-apps/xdm/metadata.xml
@@ -4,5 +4,6 @@
   <herd>x11</herd>
   <use>
     <flag name='consolekit'>Enable native <pkg>sys-auth/consolekit</pkg> support</flag>
+    <flag name='xdm-auth'>Enable XDM-AUTHENTICATION-1 support</flag>
   </use>
 </pkgmetadata>
diff --git a/x11-apps/xdm/xdm-1.1.11-r3.ebuild b/x11-apps/xdm/xdm-1.1.11-r3.ebuild
new file mode 100644
index 000000000000..ea992d4b6826
--- /dev/null
+++ b/x11-apps/xdm/xdm-1.1.11-r3.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/xdm-1.1.11-r3.ebuild,v 1.1 2013/07/02 09:57:47 chithanh Exp $
+
+EAPI=5
+
+XORG_EAUTORECONF=yes
+
+inherit multilib xorg-2 pam systemd
+
+DEFAULTVT=vt7
+
+DESCRIPTION="X.Org xdm application"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="consolekit ipv6 pam xdm-auth"
+
+RDEPEND="x11-apps/xrdb
+	x11-libs/libXdmcp
+	x11-libs/libXaw
+	>=x11-apps/xinit-1.0.2-r3
+	x11-libs/libXinerama
+	x11-libs/libXmu
+	x11-libs/libX11
+	x11-libs/libXt
+	x11-apps/sessreg
+	x11-apps/xconsole
+	consolekit? ( sys-auth/consolekit )
+	pam? ( virtual/pam )
+	!<sys-apps/systemd-187"
+DEPEND="${RDEPEND}
+	consolekit? ( !=sys-auth/pambase-20101024-r1 )
+	x11-proto/xineramaproto
+	x11-proto/xproto"
+
+pkg_setup() {
+	PATCHES=(
+		"${FILESDIR}"/${PN}-consolekit.patch
+		"${FILESDIR}"/${P}-cve-2013-2179.patch
+	)
+
+	XORG_CONFIGURE_OPTIONS=(
+		$(use_enable ipv6)
+		$(use_with pam)
+		"$(systemd_with_unitdir)"
+		--with-default-vt=${DEFAULTVT}
+		--with-xdmconfigdir=/etc/X11/xdm
+		$(use_with consolekit)
+	)
+}
+
+src_prepare() {
+	# fedora invented that in -187...
+	sed -i -e 's:^Alias=.*$:Alias=display-manager.service:' \
+		xdm.service.in || die
+
+	# disable XDM-AUTHENTICATION-1 wrt bug #445662.
+	# it causes issue with libreoffice and SDL games (bug #306223).
+	if use !xdm-auth; then
+		sed -i -e '/authorize/a\
+DisplayManager*authName:	MIT-MAGIC-COOKIE-1' \
+			config/xdm-config.cpp || die
+	fi
+	xorg-2_src_prepare
+}
+
+src_install() {
+	xorg-2_src_install
+
+	exeinto /usr/$(get_libdir)/X11/xdm
+	doexe "${FILESDIR}"/Xsession
+
+	use pam && pamd_mimic system-local-login xdm auth account session
+
+	# Keep /var/lib/xdm. This is where authfiles are stored. See #286350.
+	keepdir /var/lib/xdm
+}