Patch out crypt() NULL return check vulnerability, bug #540630. Remove old.

Package-Manager: portage-2.2.17/cvs/Linux x86_64 Manifest-Sign-Key: 0xEFB4464E!
author: Michał Górny <mgorny@gentoo.org> 2015-02-19 16:58:44 +0000
committer: Michał Górny <mgorny@gentoo.org> 2015-02-19 16:58:44 +0000
commit: 2298170a427a4cce497e53fdccf275cdd03e989f (patch)
tree: 0289018cdc1e255c03f169f2ceb08b85fc110313
parent: version bump (diff)
download: historical-2298170a427a4cce497e53fdccf275cdd03e989f.tar.gz
historical-2298170a427a4cce497e53fdccf275cdd03e989f.tar.bz2
historical-2298170a427a4cce497e53fdccf275cdd03e989f.zip
5 files changed, 67 insertions, 138 deletions
diff --git a/net-misc/xrdp/ChangeLog b/net-misc/xrdp/ChangeLog
index 42647a726452..0d7634edaf62 100644
--- a/net-misc/xrdp/ChangeLog
+++ b/net-misc/xrdp/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-misc/xrdp
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/ChangeLog,v 1.12 2014/10/27 14:33:09 mgorny Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/ChangeLog,v 1.13 2015/02/19 16:58:37 mgorny Exp $
+
+*xrdp-0.8.0-r1 (19 Feb 2015)
+
+  19 Feb 2015; Michał Górny <mgorny@gentoo.org>
+  +files/xrdp-0.8.0-crypt-null-return.patch, +xrdp-0.8.0-r1.ebuild,
+  -xrdp-0.6.1.ebuild, -xrdp-0.8.0.ebuild:
+  Patch out crypt() NULL return check vulnerability, bug #540630. Remove old.
 
   27 Oct 2014; Michał Górny <mgorny@gentoo.org> xrdp-0.6.1.ebuild,
   xrdp-0.8.0.ebuild:
diff --git a/net-misc/xrdp/Manifest b/net-misc/xrdp/Manifest
index 491a01ecca5c..3e21294b3838 100644
--- a/net-misc/xrdp/Manifest
+++ b/net-misc/xrdp/Manifest
@@ -2,30 +2,29 @@
 Hash: SHA256
 
 AUX startwm.sh 147 SHA256 7db27cf7316384a1ef633c582d576f9ea2e19b82bccd0967c0910b44c6b0bb7b SHA512 486cc044ecb295e12b5b03f66ce2052b6c25beb47ed14b475be54fea4d637f6fe557467b03d7a6327a10b04f152f13aa7ec901c97ea034901e40fb76f0731f31 WHIRLPOOL fede06453d8f8015dd874bf9e8a9b71d9deb5412b33ec05bda18ae836df69c54657513835cdd78fe83b4754179cd60149f0c00faa9854b30bb07754a1a9107bc
+AUX xrdp-0.8.0-crypt-null-return.patch 1041 SHA256 ef4cb07dd229aeb687c585be0dcfe54a437f386498daaeca0720acc1fe4630e3 SHA512 58932451ab7741bbdc027d760972a5c487668d3db2b74b00ddee908cea9ec202d7c155cd9a8e9050b6cc1e36b984291fef41e0014dcb3f4637ba4f4078235a04 WHIRLPOOL 6af9b0a853c96e83009a1d096cf828c9f9cc70b64deacb49ebcb250086e92ab93bf7d1fd29ab63dfc4057213de4fc16b52eecec25f048645d2975f2b027d3f67
 AUX xrdp-initd 829 SHA256 bdc5620e4854454c0617c57dd6fdf7398ef089f9a33481f7e6dacc764e0f4ec2 SHA512 27e391773280ec31c2fd95ce2cc7fa11739835724447351518ceef301648c62293368ad2eb61655740fa24d86c3691f8a2bf3bf307338960380b8197847da5bf WHIRLPOOL 3fb7153956ee593e396617ebd279e1ca56eb0f6f531cc804953fac761d966f1205390fb1986540fc163631c8464eced4b22f9a17f2efdc317586cb4cfa6b7d50
 AUX xrdp-sesman.pamd 156 SHA256 a153eb2505131600f7e1664728c029fa0255a355dd93c758946a4fac42baedc6 SHA512 37e5b4557be51dfc25b041a553d0464854586d7a10f16740d335be16c9b677f38a08495ef05a01259c3f8d401eb44542bd939dd23d1afa8bac4d9d9e144cb1a4 WHIRLPOOL 49072d111265aadac2c6ab8792d18f1c7b4630d52e0968907ec149a539082335a66ac54b3856727f7045c030af5f81866d332428f42c9cd657816a5b866a7de3
 DIST xrdp-0.8.0.tar.xz 1671376 SHA256 433535039f8b8766d9c22f62de9599afa94dd553e72d9791cec85a5e2f436a60 SHA512 bb2afefce7f53b6c3bca30cb6913171211df63a700f7d70325c1722348d5d31981e1d417727e48fd14aad500d0454e4126e6e1f81f8c09da4928b02f4acff26b WHIRLPOOL 39c1d4852f6f927fd348d345a8d4f4a79824eca0d5682340908d28f3b6b497ae33bfed944294b061b118e4154ed7c5dce15878302145ffabc2ca6b3a2eb07818
-DIST xrdp-v0.6.1.tar.gz 1563654 SHA256 6880003b26799e4154a9486f671b6fc1b0487de0da2289573f46c090146e5a3b SHA512 d2aa5c300ed4c5e84137776f3d5f63736a8d674ef3a96eda271fd6d80ecc394a1148dd9d09b3acf3916c774fd15fe7400271ffb034a45ddae6b34ea30fb2465c WHIRLPOOL 34d51ad9976eff16b2ad68405b54e6d91345f57791f2a35a1676981416a83a0d13f0bb1442fafeb5ff2d74dc3c08610a7e01909181c358beb4770e677d36f833
-EBUILD xrdp-0.6.1.ebuild 3167 SHA256 c349f339b7cfaf5f0894b3f6620fa213554a7c0733623dccf8b976e2a172775b SHA512 1c1b61f856d0c80ed9a6f32894a59da1a46a678038b74344ea88f86ae1f6e60e579e5b5a7f367d71d345bd91cd94b9e765b7bedb8d62e2a1cfa43b5155c56ef2 WHIRLPOOL b44ddb304b8468fe604a660e9d675a0071f66171ebc31dd715f291c41982a29655fce340875ed02b8e7733a4dbb01544efb168667360d6283d39ce5dbc65d75f
-EBUILD xrdp-0.8.0.ebuild 4459 SHA256 85656d8f04b46bee45ec944444edf3c5d854e1c1ea29cb5b937fd6e91f028dc4 SHA512 793b05f0c134a4b23779806a6ecceb92cb81ffce5ea8a8755bffb63dd8e6b7ce1e2d673f8ecd1c1d858cdfddd7928c9428a1f03bab927d20481933a6a3f814cf WHIRLPOOL a87e9454c4007d01fc8e704d6755ff5876aa9237143620726cfca84ce7f0ec7e4046a36e035e89153f19857eccb09ff4c5a7441738cb706649502e471a365b58
-MISC ChangeLog 1022 SHA256 b1336c62a3243b0f2f179fb3face6b4f972a579a8bc26d665603159588e87900 SHA512 dce8361d86ea536672f92dce2f0a521e15436da46bd48dab29c90e4467e11820b84426bc424a5413d3ef51247df83929fe701524d0031d852bb9d6e1de0b2f8b WHIRLPOOL 4b39efeafdf412cdc3877b915574835f5ac66a1efcb1ad21f602ff1e6609f33d6f32804cd1474ccb2583ee7b014fbddccbca02b826ea5c8043d11f5585c6302d
+EBUILD xrdp-0.8.0-r1.ebuild 4560 SHA256 c39133ceb161d58d3de17b4978aca35875af433d98ed4431a21f97bbd525831c SHA512 ede7bf550e6814add07158448fca03aa83e59d4179c77b02f2c7f70c59032d0ac9ac7063197d80d0d59a064c8bf922c49c036c53d53c6acf945525529c527ec7 WHIRLPOOL 023edafcc6c83d61870e4e04df5f6709f05d6d1f4f364c5da564b4153749ba7bccf7d9bebeff0c75a25bf8567ed7df631337dbd4f652db5ed3b560464a178d0d
+MISC ChangeLog 1291 SHA256 f50e6ca2b9f8181b0234d940ea50474f0d2a411ab6826912447a14e9a0b25198 SHA512 aff58d8639813c8800526c33f91ec345da287dd25b498780fd226916778d90cac5aa9552d8b8bde45a231223e8826f62ad131d963b2b6642d8a1fa5ce693cffa WHIRLPOOL 46926bf76e7f4439f3ca252f6a7896d231e86f6c9fb5c1104c8611cf1e5a775a666ee2fc23b6a88d196788c39af7c4cc89e270c4523e1b9d618b31c30a7caae7
 MISC metadata.xml 345 SHA256 c31282487a5eb15b45e22867d2d88998390f96cd852505be88cda2fe0a44c172 SHA512 ac48599a59c2d3f303f31e564d3af5248a8ba27f63f2f50b5135bbfb3bc95c73fedf345c523862ba284aec161bd94ff21eb4f640071c61d2ed86685b39f698de WHIRLPOOL a5b0f439e70a6b18f3b5e2021878a69243508a1a9a27514d76a2da06883d7becbc84ad6553f8d39a9471e334268b8c93b378ae9856b7209b47c9793b6b7974c5
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQJ8BAEBCABmBQJUTlepXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+iQJ8BAEBCABmBQJU5hZEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
 ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2REJCMDdDQzRGMERBRDA2RUEwQUZFNDFC
-MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZO2hsP/3xL1ApxL/Pyejfn6yj0QcHs
-Fk5CnX1mfsq6TxRmX4qk+hTlc9mxOl+mQ7K0Q/GjAd02gGpj9SOmZuuvRvB1PnBz
-oByBbupVd0w/2jc7XqGWdbYPbFlHDE29iKmDKD53xWMnDTUWmk5ZBAXNBijjf5pw
-AF0PDFKXCGE9JZWYRTbxm0FEjbtD6Rol5EsxzJOmeEWwh0KAUK5XcJVGq0z1TPYc
-LhVyNwZ2OtymwiJq/U/BuKpjxRN70f6vND9jnig9z+4HhZudgcLKrPHw8q3cMau9
-FDbVT4jpT7NRO4Puz+lwDPjKMDBDzuss/gUTL+/EhfPKR0+Jtkcj71maQQ1EouHJ
-fSXjzjjUYoW5AbvK2vNe7I7goKW4DqmE28tlzWlfszjjycZSwoz0grGZhFP6hbsE
-3E8ebsxiFgZoCI1CW0+9qXwCH7+Ax4mdk3jzwR40KqhNRtEm7QbTZ4ZruPZY8FII
-OYpw/XBeiozrF/cH4Y3qGh0lYYsnlkDUrFncQ1Wvr7/+aXyUCXDJ1ODkOhuUW3o7
-EDFP+odxCdYOTNQ5Sw6ANnJRRvgfi9g2GqAtsbW//39RtxaqzP8HU4gTooKC27P9
-y87VIyeqS4yVIgKABZxGKItHymLIVEc9wfPDNuHsTPhzXtEvH/7RIK3jH2EWHsp8
-3f9AqKWnpStNRwnmaDEQ
-=1WfO
+MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZOtvkP/2nQj8mrXaKi4piJosYZPdYa
+OZ+K0NSPuWGbS0xFJG9R9PQDheMVQxE31LqC568Qaf/yGkHv9j6PNiIJt3xM31Tu
+ZJYCSm4U6oZt0RuEwU9E/j14w6cBWkVQEJAAaq+MSYct2Q0H15teZUiA/yWu7Utq
+9XRkwTm3pt8dQ2C0piAXwwluoVd0G7kWmHLatadgMNMwzxGfDvqnO5i3MPxTWqc3
+SOz1s59eW1SOHHByisBESU5DWozVR9/V6IPXnNQcbg+p238av9t3naOJ7IaOoNCd
+ZgpmzSrAcxA3mPPESpr4wIFQLOkc+Jskmj/aY8J7gKvaRs0JaV+/VaWrtEW3C0Rn
+8KS4NzxnskIPpLB/0Qme3ISjeV38tGFpDa79tP/WW2kZZl+MAbS9ioe8mR9NJMz7
+oNIRwMlgJSc98LCA7YBRN/eTbFZ17FJEZGhq4MAIMdKXGc0ergu0Ok0NUKW2oCKm
+Iw/xFIs1RFZgflJAWHuq4/RpRWHy2yf8B6qKj+N6L/LICRrMyog4BxTmCNeTCPqD
+labzyGCVSjh0UUzqnvZuD31BFLz+klrFt43Bczx2p/MJ4l5PEhZxDM9yInTJAaHj
+NHFelgeiMoZhlKAT3xQEc7h8MrSa/bj7wTsz5hjCvL92aCILw1Otj4lP8w5M1x7V
+RRDXsEc/Kmgn09gRk0Ow
+=P76c
 -----END PGP SIGNATURE-----
diff --git a/net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch b/net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch
new file mode 100644
index 000000000000..44543906a5e0
--- /dev/null
+++ b/net-misc/xrdp/files/xrdp-0.8.0-crypt-null-return.patch
@@ -0,0 +1,36 @@
+From 851c762ee722a84d15348b2512b3b578282e590b Mon Sep 17 00:00:00 2001
+From: Jay Sorg <jay.sorg@gmail.com>
+Date: Wed, 29 Oct 2014 17:54:11 -0700
+Subject: [PATCH] sesman: check for null from crypt()
+
+---
+ sesman/verify_user.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/sesman/verify_user.c b/sesman/verify_user.c
+index 98d3dd3..49c475c 100644
+--- a/sesman/verify_user.c
++++ b/sesman/verify_user.c
+@@ -51,6 +51,7 @@ long DEFAULT_CC
+ auth_userpass(char *user, char *pass, int *errorcode)
+ {
+     const char *encr;
++    const char *epass;
+     struct passwd *spw;
+     struct spwd *stp;
+ 
+@@ -84,8 +85,12 @@ auth_userpass(char *user, char *pass, int *errorcode)
+         /* old system with only passwd */
+         encr = spw->pw_passwd;
+     }
+-
+-    return (strcmp(encr, crypt(pass, encr)) == 0);
++    epass = crypt(pass, encr);
++    if (epass == 0)
++    {
++        return 0;
++    }
++    return (strcmp(encr, epass) == 0);
+ }
+ 
+ /******************************************************************************/
diff --git a/net-misc/xrdp/xrdp-0.6.1.ebuild b/net-misc/xrdp/xrdp-0.6.1.ebuild
deleted file mode 100644
index eb91771703c2..000000000000
--- a/net-misc/xrdp/xrdp-0.6.1.ebuild
+++ /dev/null
@@ -1,116 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/xrdp-0.6.1.ebuild,v 1.4 2014/10/27 14:33:09 mgorny Exp $
-
-EAPI=5
-
-inherit autotools eutils pam systemd
-
-MY_P="${PN}-v${PV}"
-
-DESCRIPTION="An open source Remote Desktop Protocol server"
-HOMEPAGE="http://www.xrdp.org/"
-SRC_URI="mirror://sourceforge/${PN}/${PV}/${MY_P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="debug kerberos pam"
-
-RDEPEND="dev-libs/openssl:0=
-	x11-libs/libX11:0=
-	x11-libs/libXfixes:0=
-	kerberos? ( virtual/krb5:0= )
-	pam? ( virtual/pam:0= )"
-DEPEND="${RDEPEND}"
-RDEPEND="${RDEPEND}
-	|| (
-		net-misc/tigervnc:0=[server,xorgmodule]
-		net-misc/x11rdp:0=
-	)"
-
-S=${WORKDIR}/${MY_P}
-
-src_prepare() {
-	epatch_user
-
-	# disallow root login by default
-	sed -i -e '/^AllowRootLogin/s/1/0/' sesman/sesman.ini || die
-
-	eautoreconf
-	# part of ./bootstrap
-	ln -s ../config.c sesman/tools/config.c || die
-}
-
-src_configure() {
-	use kerberos && use pam \
-		&& ewarn "Both kerberos & pam auth enabled, kerberos will take precedence."
-
-	local myconf=(
-		# warning: configure.ac is completed flawed
-
-		--localstatedir="${EPREFIX}"/var
-
-		# -- authentication backends --
-		# kerberos is inside !SESMAN_NOPAM conditional for no reason
-		$(use pam || use kerberos || echo --enable-nopam)
-		$(usex kerberos --enable-kerberos '')
-		# pam_userpass is not in Gentoo at the moment
-		#--disable-pamuserpass
-
-		# -- others --
-		$(usex debug --enable-xrdpdebug '')
-
-		# --enable-freerdp1 does not work with 1.1 in gentoo
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_install() {
-	default
-	prune_libtool_files --all
-
-	# use our pam.d file
-	use pam && newpamd "${FILESDIR}"/xrdp-sesman.pamd xrdp-sesman
-	# and our startwm.sh
-	exeinto /etc/xrdp
-	doexe "${FILESDIR}"/startwm.sh
-
-	# package empty /etc/xrdp/rsakeys.ini rather than bundled keys :)
-	: > rsakeys.ini
-	insinto /etc/xrdp
-	doins rsakeys.ini
-
-	# contributed by Jan Psota <jasiupsota@gmail.com>
-	newinitd "${FILESDIR}/${PN}-initd" ${PN}
-}
-
-pkg_preinst() {
-	# either copy existing keys over to avoid CONFIG_PROTECT whining
-	# or generate new keys (but don't include them in binpkg!)
-	if [[ -f ${EROOT}/etc/xrdp/rsakeys.ini ]]; then
-		cp {"${EROOT}","${ED}"}/etc/xrdp/rsakeys.ini || die
-	else
-		einfo "Running xrdp-keygen to generate new rsakeys.ini ..."
-		"${S}"/keygen/xrdp-keygen xrdp "${ED}"/etc/xrdp/rsakeys.ini \
-			|| die "xrdp-keygen failed to generate RSA keys"
-	fi
-}
-
-pkg_postinst() {
-	# check for use of bundled rsakeys.ini (installed by default upstream)
-	if [[ $(cksum "${EROOT}"/etc/xrdp/rsakeys.ini) == '2935297193 1019 '* ]]
-	then
-		ewarn "You seem to be using upstream bundled rsakeys.ini. This means that"
-		ewarn "your communications are encrypted using a well-known key. Please"
-		ewarn "consider regenerating rsakeys.ini using the following command:"
-		ewarn
-		ewarn "  ${EROOT}/usr/bin/xrdp-keygen xrdp ${EROOT}/etc/xrdp/rsakeys.ini"
-		ewarn
-	fi
-
-	elog "Various session types require different backend implementations:"
-	elog "- sesman-Xvnc requires net-misc/tigervnc[server,xorgmodule]"
-	elog "- sesman-X11rdp requires net-misc/x11rdp"
-}
diff --git a/net-misc/xrdp/xrdp-0.8.0.ebuild b/net-misc/xrdp/xrdp-0.8.0-r1.ebuild
index f2fc2ee6970a..aaa9964cda02 100644
--- a/net-misc/xrdp/xrdp-0.8.0.ebuild
+++ b/net-misc/xrdp/xrdp-0.8.0-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/xrdp-0.8.0.ebuild,v 1.4 2014/10/27 14:33:09 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/xrdp/xrdp-0.8.0-r1.ebuild,v 1.1 2015/02/19 16:58:37 mgorny Exp $
 
 EAPI=5
 
@@ -41,6 +41,9 @@ RDEPEND="${RDEPEND}
 src_prepare() {
 	epatch_user
 
+	# #540630: crypt() unchecked for NULL return
+	epatch "${FILESDIR}"/${P}-crypt-null-return.patch
+
 	# don't let USE=debug adjust CFLAGS
 	sed -i -e 's:-g -O0::' configure.ac || die
 	# disallow root login by default
author	Michał Górny <mgorny@gentoo.org>	2015-02-19 16:58:44 +0000
committer	Michał Górny <mgorny@gentoo.org>	2015-02-19 16:58:44 +0000
commit	2298170a427a4cce497e53fdccf275cdd03e989f (patch)
tree	0289018cdc1e255c03f169f2ceb08b85fc110313
parent	version bump (diff)
download	historical-2298170a427a4cce497e53fdccf275cdd03e989f.tar.gz historical-2298170a427a4cce497e53fdccf275cdd03e989f.tar.bz2 historical-2298170a427a4cce497e53fdccf275cdd03e989f.zip