Author: branden
Date: 2003-10-24 13:46:09 -0500 (Fri, 24 Oct 2003)
New Revision: 711
Modified:
trunk/debian/changelog
trunk/debian/patches/000_stolen_from_HEAD.diff
trunk/debian/patches/002_xdm_fixes.diff
Log:
Update security fix for xdm pam_setcred() vulnerability to match current
upstream implementation in xf-4_3-branch, which now includes my patch to
use pam_strerror(). This change is *not* a security fix.
- debian/patches/000_stolen_from_HEAD.diff: updated
- debian/patches/002_xdm_fixes.diff: resynced
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2003-10-24 18:22:36 UTC (rev 710)
+++ trunk/debian/changelog 2003-10-24 18:46:09 UTC (rev 711)
@@ -211,8 +211,14 @@
(Closes: #216932)
- debian/xserver-xfree86.config.in
- -- Branden Robinson <[EMAIL PROTECTED]> Thu, 23 Oct 2003 02:28:15 -0500
+ * Update security fix for xdm pam_setcred() vulnerability to match current
+ upstream implementation in xf-4_3-branch, which now includes my patch to
+ use pam_strerror(). This change is *not* a security fix.
+ - debian/patches/000_stolen_from_HEAD.diff: updated
+ - debian/patches/002_xdm_fixes.diff: resynced
+ -- Branden Robinson <[EMAIL PROTECTED]> Fri, 24 Oct 2003 13:33:35 -0500
+
xfree86 (4.2.1-12.1) unstable; urgency=low
* Fix typo in xlibs preinst. Closes: #213774, #213776
Modified: trunk/debian/patches/000_stolen_from_HEAD.diff
===================================================================
--- trunk/debian/patches/000_stolen_from_HEAD.diff 2003-10-24 18:22:36 UTC (rev
710)
+++ trunk/debian/patches/000_stolen_from_HEAD.diff 2003-10-24 18:46:09 UTC (rev
711)
@@ -272,6 +272,10 @@
Fix overflows in the test for integer overflows. Reported by Paul
Anderson.
+(xc/programs/xdm/session.c):
+ Handle errors from pam_setcred(), reporting them with pam_strerror().
+ (Matthieu Herrb, Branden Robinson)
+
Index: xc/nls/XI18N_OBJS/Imakefile
===================================================================
RCS file: /cvs/xc/nls/XI18N_OBJS/Imakefile,v
@@ -5418,18 +5422,60 @@
}
if (versions[version_index].major_version > Dont_Check)
---- xc/programs/xdm/session.c~ 2003-09-24 17:23:56.000000000 -0500
-+++ xc/programs/xdm/session.c 2003-09-24 17:24:02.000000000 -0500
-@@ -599,7 +599,11 @@
+--- xc/programs/xdm/session.c~ 2003-10-24 13:04:08.000000000 -0500
++++ xc/programs/xdm/session.c 2003-10-24 13:07:21.000000000 -0500
+@@ -93,14 +93,14 @@
+ extern char *crypt(CRYPT_ARGS);
+ #endif
+ #ifdef USE_PAM
+-pam_handle_t **thepamhp()
+-{
++pam_handle_t **
++thepamhp(void)
+ static pam_handle_t *pamh = NULL;
+ return &pamh;
+ }
+
+-pam_handle_t *thepamh()
+-{
++pam_handle_t *
++thepamh(void)
+ pam_handle_t **pamhp;
+
+ pamhp = thepamhp();
+@@ -535,8 +535,9 @@
+ #ifdef HAS_SETUSERCONTEXT
+ struct passwd* pwd;
+ #endif
+-#ifdef USE_PAM
+- pam_handle_t *pamh = thepamh();
++#ifdef USE_PAM
++ pam_handle_t *pamh = thepamh ();
++ int pam_error;
+ #endif
+
+ if (verify->argv) {
+@@ -552,7 +553,7 @@
+ }
+ #ifdef USE_PAM
+ if (pamh) pam_open_session(pamh, 0);
+-#endif
++#endif
+ switch (pid = fork ()) {
+ case 0:
+ CleanUpChild ();
+@@ -598,8 +599,12 @@
+ }
#endif /* QNX4 doesn't support multi-groups, no initgroups() */
#ifdef USE_PAM
- if (thepamh()) {
+- if (thepamh()) {
- pam_setcred(thepamh(), PAM_ESTABLISH_CRED);
-+ if (pam_setcred(thepamh(), PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
-+ LogError("pam_setcred for %\"s failed, errno=%d\n",
-+ name, errno);
++ if (pamh) {
++ pam_error = pam_setcred (pamh, PAM_ESTABLISH_CRED);
++ if (pam_error != PAM_SUCCESS) {
++ LogError ("pam_setcred for \"%s\" failed: %s\n",
++ name, pam_strerror(pamh, pam_error));
+ return(0);
-+ }
}
#endif
if (setuid(verify->uid) < 0)
Modified: trunk/debian/patches/002_xdm_fixes.diff
===================================================================
--- trunk/debian/patches/002_xdm_fixes.diff 2003-10-24 18:22:36 UTC (rev 710)
+++ trunk/debian/patches/002_xdm_fixes.diff 2003-10-24 18:46:09 UTC (rev 711)
@@ -1395,8 +1395,8 @@
} else {
user_pass = sp->sp_pwdp;
}
---- xc/programs/xdm/session.c~ 2003-09-25 00:40:10.000000000 -0500
-+++ xc/programs/xdm/session.c 2003-09-25 00:43:33.000000000 -0500
+--- xc/programs/xdm/session.c~ 2003-10-24 13:23:21.000000000 -0500
++++ xc/programs/xdm/session.c 2003-10-24 13:28:30.000000000 -0500
@@ -60,17 +60,17 @@
#endif
@@ -1422,15 +1422,12 @@
#else
/* should be in <grp.h> */
extern void setgrent(void);
-@@ -82,28 +82,34 @@
- extern struct spwd *getspnam(GETSPNAM_ARGS);
+@@ -83,27 +83,29 @@
extern void endspent(void);
#endif
--#if defined(CSRG_BASED)
+ #if defined(CSRG_BASED)
-#include <pwd.h>
-#include <unistd.h>
-+
-+#if defined(CSRG_BASED) || defined(__GLIBC__)
+# include <pwd.h>
+# include <unistd.h>
#else
@@ -1444,28 +1441,25 @@
extern char *crypt(CRYPT_ARGS);
+# endif
#endif
-+
#ifdef USE_PAM
--pam_handle_t **thepamhp()
-+pam_handle_t **
-+thepamhp ()
- {
+ pam_handle_t **
+-thepamhp(void)
++thepamhp (void)
static pam_handle_t *pamh = NULL;
return &pamh;
}
--pam_handle_t *thepamh()
-+pam_handle_t *
-+thepamh ()
- {
+ pam_handle_t *
+-thepamh(void)
++thepamh (void)
pam_handle_t **pamhp;
- pamhp = thepamhp();
-+ pamhp = thepamhp ();
++ pamhp = thepamhp ();
if (pamhp)
return *pamhp;
else
-@@ -136,12 +142,12 @@
+@@ -136,12 +138,12 @@
endgrent,
#ifdef USESHADOW
getspnam,
@@ -1481,7 +1475,7 @@
endpwent,
#endif
crypt,
-@@ -189,7 +195,7 @@
+@@ -189,7 +191,7 @@
}
#if defined(_POSIX_SOURCE) || defined(SYSV) || defined(SVR4)
@@ -1490,7 +1484,7 @@
#endif
static void
-@@ -246,7 +252,7 @@
+@@ -246,7 +248,7 @@
static int
IOErrorHandler (Display *dpy)
{
@@ -1499,7 +1493,7 @@
exit(RESERVER_DISPLAY);
/*NOTREACHED*/
return 0;
-@@ -255,7 +261,7 @@
+@@ -255,7 +257,7 @@
static int
ErrorHandler(Display *dpy, XErrorEvent *event)
{
@@ -1508,7 +1502,7 @@
if (XmuPrintDefaultErrorMessage (dpy, event, stderr) == 0) return 0;
exit(UNMANAGE_DISPLAY);
/*NOTREACHED*/
-@@ -288,13 +294,13 @@
+@@ -288,13 +290,13 @@
#ifdef GREET_USER_STATIC
greet_user_proc = GreetUser;
#else
@@ -1524,7 +1518,7 @@
exit(UNMANAGE_DISPLAY);
}
#endif
-@@ -500,7 +506,7 @@
+@@ -500,7 +502,7 @@
code = Krb5DisplayCCache(d->name, &ccache);
if (code)
@@ -1533,7 +1527,7 @@
error_message(code));
else {
code = krb5_cc_destroy(ccache);
-@@ -508,8 +514,8 @@
+@@ -508,8 +510,8 @@
if (code == KRB5_FCC_NOFILE) {
Debug ("No Kerberos ccache file found to destroy\n");
} else
@@ -1544,16 +1538,8 @@
} else
Debug ("Kerberos ccache destroyed\n");
krb5_cc_close(ccache);
-@@ -537,6 +543,7 @@
- #endif
- #ifdef USE_PAM
- pam_handle_t *pamh = thepamh();
-+ int pam_error;
- #endif
+@@ -578,23 +580,22 @@
- if (verify->argv) {
-@@ -577,39 +584,38 @@
-
#ifndef AIXV3
#ifndef HAS_SETUSERCONTEXT
- if (setgid(verify->gid) < 0)
@@ -1586,19 +1572,8 @@
return (0);
}
#endif /* QNX4 doesn't support multi-groups, no initgroups() */
- #ifdef USE_PAM
-- if (thepamh()) {
-- if (pam_setcred(thepamh(), PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
-- LogError("pam_setcred for %\"s failed, errno=%d\n",
-- name, errno);
-- return(0);
-+ if (thepamh ()) {
-+ pam_error = pam_setcred (thepamh (), PAM_ESTABLISH_CRED);
-+ if (pam_error != PAM_SUCCESS) {
-+ LogError ("pam_setcred for \"%s\" failed: %s\n", name,
-+ pam_strerror (thepamh (), pam_error));
-+ return (0);
- }
+@@ -607,10 +608,9 @@
+ return(0);
}
#endif
- if (setuid(verify->uid) < 0)
@@ -1611,7 +1586,7 @@
return (0);
}
#else /* HAS_SETUSERCONTEXT */
-@@ -617,20 +623,17 @@
+@@ -618,20 +618,17 @@
* Set the user's credentials: uid, gid, groups,
* environment variables, resource limits, and umask.
*/
@@ -1641,7 +1616,7 @@
return (0);
}
#endif /* HAS_SETUSERCONTEXT */
-@@ -639,9 +642,9 @@
+@@ -640,9 +637,9 @@
* Set the user's credentials: uid, gid, groups,
* audit classes, user limits, and umask.
*/
@@ -1654,7 +1629,7 @@
return (0);
}
#endif /* AIXV3 */
-@@ -755,13 +758,13 @@
+@@ -756,13 +753,13 @@
execute (failsafeArgv, verify->userEnviron);
exit (1);
case -1:
@@ -1672,7 +1647,7 @@
Debug ("StartSession, fork succeeded %d\n", pid);
*pidp = pid;
return 1;
-@@ -928,9 +931,10 @@
+@@ -929,9 +926,10 @@
return env;
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
