gentoo resync : 22.10.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-10-22 11:09:47 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-10-22 11:09:47 +0100
commit: 64e107b9b6058580ff0432107eb37cefb0b2a7d8 (patch)
tree: 9a44e603e2ae365e2b1fe35ac37f73e830cdee1d /kde-plasma/kwallet-pam
parent: 957235cf19a691360c720f7913672adda4258ed0 (diff)
6 files changed, 7 insertions, 407 deletions
diff --git a/kde-plasma/kwallet-pam/Manifest b/kde-plasma/kwallet-pam/Manifest
index 49f6742e7703..fb7c28148463 100644
--- a/kde-plasma/kwallet-pam/Manifest
+++ b/kde-plasma/kwallet-pam/Manifest
@@ -1,10 +1,7 @@
-AUX kwallet-pam-5.11.5-CVE-2018-10380-1.patch 8141 BLAKE2B 2e046728d287905cbde172766dc9f0a997f3bbe58cce76603124dcf3aa27ec9eee375916fda9143922d54642674a5770c8bb7a22674abfb437774727b026fa47 SHA512 21783185762e280e8722d1b7926fc5d3725024e4b8a27b8017831b47ffa6fbb5a2a4a54a77a5d972ab497ae01ccfb4c00a8ebb3a0013f2d950731aa9ae422dd4
-AUX kwallet-pam-5.11.5-CVE-2018-10380-2.patch 4704 BLAKE2B f41887afa091c158efcd61427e7fe60b47a9d5730e656c268167f6574517ffa57ab0098d9d3542d5b3d54bad35b66e0e424a0b8488c8a575c7514e4494a17675 SHA512 ee506d752bf0c3db955d4f4bc62a620549bbf7090fff7fc27afd86e87964b203cf919ec727262ffcb08ffeccb9ede4b99ea5eea0fd77ac381ebbe2269d1d230b
-AUX kwallet-pam-5.11.5-CVE-2018-10380-3.patch 1681 BLAKE2B 70874293466ab9c7ce23f1e5eac2727bb48a2a457c7433afca6b3e66117f842115a582ff6dd724183d3e4274cc3b477469123280f84920a99669b24720c585b2 SHA512 cd84684cc2c3538b2fbb762bac2abc05092ba2ad59f95aabc30af395f3c288f770f6b71dbf88042759a7c704d52c13bb79ded90272d0a63080a83da6c375bf8d
-DIST kwallet-pam-5.12.5.tar.xz 18584 BLAKE2B aa5cef35532288e4ff01c483ec2971c4729bd6d3a039981f5873348a39a6b618d43e635cd24a1d8e10f50ff0e9df005ee7aa31c2f1a9695e93733d6157577128 SHA512 b62518019ec2c8c5251198f9498c66b4768cf91851dd112dea1ac5d2e6ef1a500905afcdc2ff88cf4d26efaed7af508af022b811ba42424a71b4199ae03b0eec
 DIST kwallet-pam-5.12.7.tar.xz 18728 BLAKE2B 66386c982597a4a1024a9a0e8317106900423959213a543a14ba1d3f3c2cf6aed21ace24b01cffcd2ed0a7acf409111d4488ecb3183a71bb026f606fd76520cf SHA512 7d2c8776f481bd03396056321f8c94f8bcea4b821c3cf58531077cd09922dacbe8896998d56a7856721f0dbaf7b2f7e24188292aed7b17c288d0346e8d14695b
 DIST kwallet-pam-5.13.5.tar.xz 18668 BLAKE2B 4dac7c037fe8ad89be884d5e4c7e850b62d2838161a9086e6f193345d4001860e7ff286e4052009f2010f6517ee30b3f6838c955bef5efc30c9e6999076b231e SHA512 cdd273d13406a927f93ce4f6189484b67d7ad146c5eb42f4d99d85c95938fe457082790453709c3d7129b2321c723e12ef93468e8febb68a19132f6f0fe72f62
-EBUILD kwallet-pam-5.12.5-r1.ebuild 706 BLAKE2B 407beed9615900fac5d8d0c178a582238ad5e6a2cf2135346089b6863e13cb75fddcea965424b7f6c67ade10bcdc81cfd9497857a8a90f82bdc2503a7c765f7b SHA512 8266f8b9d03f6c7e4e08a2c6e657cb6c44ec716e3619cb6dfedaeb3abfa611b439d7b128be21956cbaeda0d3397b57fae35f5c9182ba02125cb6fb7aa4eca5a6
+DIST kwallet-pam-5.14.1.tar.xz 19124 BLAKE2B 8504fed6db74fc03231a9bcf8c49b9fdf95fe2455fac670ee17dcf13f17a482761e4f607ffe6ff926481d46ee6c88f852cdac9974fb6671716ec983176d7a42f SHA512 61807702755d285c42797aa69b8d632e75126bee7c4bb8644e41f258c75f8046e30531f7acaf2e5f57d7d9a06174e5a1cfeeb31403f61871083f39040fd8b292
 EBUILD kwallet-pam-5.12.7.ebuild 636 BLAKE2B fe3125630255c0c44cd930b734bbc5ebc90212da6970b523ab62e630ce647940117dda1352fe56b8b436985b5008c7374e322660018ab99e554f0cc0019ed8ac SHA512 8ca71ade573c03303fd7bbcf99b77cd220d73f467e05837c361dd0f154f68c65d82262ee299acb7378aaab90afce12cf68d2e1d7e647911821964cd6ea2fd4d4
-EBUILD kwallet-pam-5.13.5.ebuild 639 BLAKE2B 2050e8d5536ac921c663db3912957c054a7222ce9428e731972302b50375a5de3dbb4aa6799fde9c6c070fc0c0083791a8f36863c799d6c793ab102685511d55 SHA512 1f2770a2b879c386e35627ca74a4b583e9fdd3dcc7a8468ed1f993c26d8fa0e4eb7c700509841a2d6b434bade703c4bc61523e61f276f3b41d1521c445a33ff9
+EBUILD kwallet-pam-5.13.5.ebuild 634 BLAKE2B 6b5579b199117b038aca09f3dfe63fca5236898afa0cebd1addcfea6c8595f4dd07be70b4b8502365ee1859e51f1b261603d355bbba1a4347203e52bd78f2c11 SHA512 82b08b8ff6f2a7b946079022df4ad79ba4b91a4e90a148e841573d12bea136a0fba23ed103f519201baa2d0edf6a8c506739e74b6e413d0e92559daee182a02a
+EBUILD kwallet-pam-5.14.1.ebuild 636 BLAKE2B fe3125630255c0c44cd930b734bbc5ebc90212da6970b523ab62e630ce647940117dda1352fe56b8b436985b5008c7374e322660018ab99e554f0cc0019ed8ac SHA512 8ca71ade573c03303fd7bbcf99b77cd220d73f467e05837c361dd0f154f68c65d82262ee299acb7378aaab90afce12cf68d2e1d7e647911821964cd6ea2fd4d4
 MISC metadata.xml 249 BLAKE2B ad415db89e5dee1627aa77f44ded9d4e1e5b8217d06c7ca25bbaa3fe92ce67c2b1090957c45a821b407d7927e5af798498aa6a5b903895ee1af8ee20a446c7f7 SHA512 76a5a340b13f0053ca3c5e94ed24380ea8d29b45ac8655419e22eaadb1e4a827c04d2e7e36b65145c4964e6526f656618fc6ac144e277ef53cb7373e6239e3c3
diff --git a/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-1.patch b/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-1.patch
deleted file mode 100644
index 70ade02a8250..000000000000
--- a/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-1.patch
+++ /dev/null
@@ -1,206 +0,0 @@
-From 2134dec85ce19d6378d03cddfae9e5e464cb24c0 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Tue, 1 May 2018 12:29:02 +0200
-Subject: Move salt creation to an unprivileged process
-
-Opening files for writing as root is very tricky since through the power
-of symlinks we can get tricked to write in places we don't want to and
-we don't really need to be root to create the salt file
----
- pam_kwallet.c | 121 ++++++++++++++++++++++++++++++++++------------------------
- 1 file changed, 71 insertions(+), 50 deletions(-)
-
-diff --git a/pam_kwallet.c b/pam_kwallet.c
-index 20d9603..083c9aa 100644
---- a/pam_kwallet.c
-+++ b/pam_kwallet.c
-@@ -82,7 +82,7 @@ const static char *envVar = "PAM_KWALLET_LOGIN";
- 
- static int argumentsParsed = -1;
- 
--int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key);
-+int kwallet_hash(pam_handle_t *pamh, const char *passphrase, struct passwd *userInfo, char *key);
- 
- static void parseArguments(int argc, const char **argv)
- {
-@@ -325,7 +325,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
-     }
- 
-     char *key = malloc(KWALLET_PAM_KEYSIZE);
--    if (!key || kwallet_hash(password, userInfo, key) != 0) {
-+    if (!key || kwallet_hash(pamh, password, userInfo, key) != 0) {
-         free(key);
-         pam_syslog(pamh, LOG_ERR, "%s: Fail into creating the hash", logPrefix);
-         return PAM_IGNORE;
-@@ -352,6 +352,26 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
-     return PAM_SUCCESS;
- }
- 
-+static int drop_privileges(struct passwd *userInfo)
-+{
-+    /* When dropping privileges from root, the `setgroups` call will
-+    * remove any extraneous groups. If we don't call this, then
-+    * even though our uid has dropped, we may still have groups
-+    * that enable us to do super-user things. This will fail if we
-+    * aren't root, so don't bother checking the return value, this
-+    * is just done as an optimistic privilege dropping function.
-+    */
-+    setgroups(0, NULL);
-+
-+    //Change to the user in case we are not it yet
-+    if (setgid (userInfo->pw_gid) < 0 || setuid (userInfo->pw_uid) < 0 ||
-+        setegid (userInfo->pw_gid) < 0 || seteuid (userInfo->pw_uid) < 0) {
-+        return -1;
-+    }
-+
-+    return 0;
-+}
-+
- static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], int envSocket)
- {
-     //In the child pam_syslog does not work, using syslog directly
-@@ -366,18 +386,8 @@ static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toW
-     //This is the side of the pipe PAM will send the hash to
-     close (toWalletPipe[1]);
- 
--    /* When dropping privileges from root, the `setgroups` call will
--    * remove any extraneous groups. If we don't call this, then
--    * even though our uid has dropped, we may still have groups
--    * that enable us to do super-user things. This will fail if we
--    * aren't root, so don't bother checking the return value, this
--    * is just done as an optimistic privilege dropping function.
--    */
--    setgroups(0, NULL);
--
-     //Change to the user in case we are not it yet
--    if (setgid (userInfo->pw_gid) < 0 || setuid (userInfo->pw_uid) < 0 ||
--        setegid (userInfo->pw_gid) < 0 || seteuid (userInfo->pw_uid) < 0) {
-+    if (drop_privileges(userInfo) < 0) {
-         syslog(LOG_ERR, "%s: could not set gid/uid/euid/egit for kwalletd", logPrefix);
-         goto cleanup;
-     }
-@@ -619,7 +629,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const c
-     return PAM_SUCCESS;
- }
- 
--int mkpath(char *path, struct passwd *userInfo)
-+static int mkpath(char *path)
- {
-     struct stat sb;
-     char *slash;
-@@ -639,10 +649,6 @@ int mkpath(char *path, struct passwd *userInfo)
-                 errno != EEXIST)) {
-                 syslog(LOG_ERR, "%s: Couldn't create directory: %s because: %d-%s", logPrefix, path, errno, strerror(errno));
-                 return (-1);
--            } else {
--                if (chown(path, userInfo->pw_uid, userInfo->pw_gid) == -1) {
--                    syslog(LOG_INFO, "%s: Couldn't change ownership of: %s", logPrefix, path);
--                }
-             }
-         } else if (!S_ISDIR(sb.st_mode)) {
-             return (-1);
-@@ -654,34 +660,49 @@ int mkpath(char *path, struct passwd *userInfo)
-     return (0);
- }
- 
--static char* createNewSalt(const char *path, struct passwd *userInfo)
-+static void createNewSalt(pam_handle_t *pamh, const char *path, struct passwd *userInfo)
- {
--    unlink(path);//in case the file already exists
-+    const int pid = fork();
-+    if (pid == -1) {
-+        pam_syslog(pamh, LOG_ERR, "%s: Couldn't fork to create salt file", logPrefix);
-+    } else if (pid == 0) {
-+        // Child process
-+        if (drop_privileges(userInfo) < 0) {
-+            syslog(LOG_ERR, "%s: could not set gid/uid/euid/egit for salt file creation", logPrefix);
-+            exit(-1);
-+        }
- 
--    char *dir = strdup(path);
--    dir[strlen(dir) - 14] = '\0';//remove kdewallet.salt
--    mkpath(dir, userInfo);//create the path in case it does not exists
--    free(dir);
-+        unlink(path);//in case the file already exists
- 
--    char *salt = gcry_random_bytes(KWALLET_PAM_SALTSIZE, GCRY_STRONG_RANDOM);
--    FILE *fd = fopen(path, "w");
-+        char *dir = strdup(path);
-+        dir[strlen(dir) - 14] = '\0';//remove kdewallet.salt
-+        mkpath(dir); //create the path in case it does not exists
-+        free(dir);
- 
--    //If the file can't be created
--    if (fd == NULL) {
--        syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno));
--        return NULL;
--    }
-+        char *salt = gcry_random_bytes(KWALLET_PAM_SALTSIZE, GCRY_STRONG_RANDOM);
-+        FILE *fd = fopen(path, "w");
- 
--    fwrite(salt, KWALLET_PAM_SALTSIZE, 1, fd);
--    fclose(fd);
-+        //If the file can't be created
-+        if (fd == NULL) {
-+            syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno));
-+            exit(-2);
-+        }
- 
--    if (chown(path, userInfo->pw_uid, userInfo->pw_gid) == -1) {
--        syslog(LOG_ERR, "%s: Couldn't change ownership of the created salt file", logPrefix);
--    }
-+        fwrite(salt, KWALLET_PAM_SALTSIZE, 1, fd);
-+        fclose(fd);
- 
--    return salt;
-+        exit(0); // success
-+    } else {
-+        // pam process, just wait for child to finish
-+        int status;
-+        waitpid(pid, &status, 0);
-+        if (status != 0) {
-+            pam_syslog(pamh, LOG_ERR, "%s: Couldn't create salt file", logPrefix);
-+        }
-+    }
- }
--int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key)
-+
-+int kwallet_hash(pam_handle_t *pamh, const char *passphrase, struct passwd *userInfo, char *key)
- {
-     if (!gcry_check_version("1.5.0")) {
-         syslog(LOG_ERR, "%s-kwalletd: libcrypt version is too old", logPrefix);
-@@ -700,19 +721,19 @@ int kwallet_hash(const char *passphrase, struct passwd *userInfo, char *key)
-     struct stat info;
-     char *salt = NULL;
-     if (stat(path, &info) != 0 || info.st_size == 0) {
--        salt = createNewSalt(path, userInfo);
--    } else {
--        FILE *fd = fopen(path, "r");
--        if (fd == NULL) {
--            syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno));
--            free(path);
--            return 1;
--        }
--        salt = (char*) malloc(KWALLET_PAM_SALTSIZE);
--        memset(salt, '\0', KWALLET_PAM_SALTSIZE);
--        fread(salt, KWALLET_PAM_SALTSIZE, 1, fd);
--        fclose(fd);
-+        createNewSalt(pamh, path, userInfo);
-     }
-+
-+    FILE *fd = fopen(path, "r");
-+    if (fd == NULL) {
-+        syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno));
-+        free(path);
-+        return 1;
-+    }
-+    salt = (char*) malloc(KWALLET_PAM_SALTSIZE);
-+    memset(salt, '\0', KWALLET_PAM_SALTSIZE);
-+    fread(salt, KWALLET_PAM_SALTSIZE, 1, fd);
-+    fclose(fd);
-     free(path);
- 
-     if (salt == NULL) {
--- 
-cgit v0.11.2
-
diff --git a/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-2.patch b/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-2.patch
deleted file mode 100644
index 2f88e0c3ceae..000000000000
--- a/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-2.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From 01d4143fda5bddb6dca37b23304dc239a5fb38b5 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Tue, 1 May 2018 12:32:24 +0200
-Subject: Move socket creation to unprivileged codepath
-
-We don't need to be creating the socket as root, and doing so,
-specially having a chown is problematic security wise.
----
- pam_kwallet.c | 77 ++++++++++++++++++++++++++++-------------------------------
- 1 file changed, 36 insertions(+), 41 deletions(-)
-
-diff --git a/pam_kwallet.c b/pam_kwallet.c
-index 083c9aa..b9c984a 100644
---- a/pam_kwallet.c
-+++ b/pam_kwallet.c
-@@ -372,13 +372,13 @@ static int drop_privileges(struct passwd *userInfo)
-     return 0;
- }
- 
--static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], int envSocket)
-+static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], char *fullSocket)
- {
-     //In the child pam_syslog does not work, using syslog directly
-     int x = 2;
-     //Close fd that are not of interest of kwallet
-     for (; x < 64; ++x) {
--        if (x != toWalletPipe[0] && x != envSocket) {
-+        if (x != toWalletPipe[0]) {
-             close (x);
-         }
-     }
-@@ -392,6 +392,39 @@ static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toW
-         goto cleanup;
-     }
- 
-+    int envSocket;
-+    if ((envSocket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
-+        pam_syslog(pamh, LOG_ERR, "%s: couldn't create socket", logPrefix);
-+        return;
-+    }
-+
-+    struct sockaddr_un local;
-+    local.sun_family = AF_UNIX;
-+
-+    if (strlen(fullSocket) > sizeof(local.sun_path)) {
-+        pam_syslog(pamh, LOG_ERR, "%s: socket path %s too long to open",
-+                   logPrefix, fullSocket);
-+        free(fullSocket);
-+        return;
-+    }
-+    strcpy(local.sun_path, fullSocket);
-+    free(fullSocket);
-+    fullSocket = NULL;
-+    unlink(local.sun_path);//Just in case it exists from a previous login
-+
-+    pam_syslog(pamh, LOG_INFO, "%s: final socket path: %s", logPrefix, local.sun_path);
-+
-+    size_t len = strlen(local.sun_path) + sizeof(local.sun_family);
-+    if (bind(envSocket, (struct sockaddr *)&local, len) == -1) {
-+        pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't bind to local file\n", logPrefix);
-+        return;
-+    }
-+
-+    if (listen(envSocket, 5) == -1) {
-+        pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't listen in socket\n", logPrefix);
-+        return;
-+    }
-+
-     // Fork twice to daemonize kwallet
-     setsid();
-     pid_t pid = fork();
-@@ -452,12 +485,6 @@ static void start_kwallet(pam_handle_t *pamh, struct passwd *userInfo, const cha
-         pam_syslog(pamh, LOG_ERR, "%s: Couldn't create pipes", logPrefix);
-     }
- 
--    int envSocket;
--    if ((envSocket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
--        pam_syslog(pamh, LOG_ERR, "%s: couldn't create socket", logPrefix);
--        return;
--    }
--
- #ifdef KWALLET5
-     const char *socketPrefix = "kwallet5";
- #else
-@@ -493,38 +520,6 @@ static void start_kwallet(pam_handle_t *pamh, struct passwd *userInfo, const cha
-         return;
-     }
- 
--    struct sockaddr_un local;
--    local.sun_family = AF_UNIX;
--
--    if (strlen(fullSocket) > sizeof(local.sun_path)) {
--        pam_syslog(pamh, LOG_ERR, "%s: socket path %s too long to open",
--                   logPrefix, fullSocket);
--        free(fullSocket);
--        return;
--    }
--    strcpy(local.sun_path, fullSocket);
--    free(fullSocket);
--    fullSocket = NULL;
--    unlink(local.sun_path);//Just in case it exists from a previous login
--
--    pam_syslog(pamh, LOG_INFO, "%s: final socket path: %s", logPrefix, local.sun_path);
--
--    size_t len = strlen(local.sun_path) + sizeof(local.sun_family);
--    if (bind(envSocket, (struct sockaddr *)&local, len) == -1) {
--        pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't bind to local file\n", logPrefix);
--        return;
--    }
--
--    if (listen(envSocket, 5) == -1) {
--        pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't listen in socket\n", logPrefix);
--        return;
--    }
--
--    if (chown(local.sun_path, userInfo->pw_uid, userInfo->pw_gid) == -1) {
--        pam_syslog(pamh, LOG_INFO, "%s: Couldn't change ownership of the socket", logPrefix);
--        return;
--    }
--
-     pid_t pid;
-     int status;
-     switch (pid = fork ()) {
-@@ -534,7 +529,7 @@ static void start_kwallet(pam_handle_t *pamh, struct passwd *userInfo, const cha
- 
-     //Child fork, will contain kwalletd
-     case 0:
--        execute_kwallet(pamh, userInfo, toWalletPipe, envSocket);
-+        execute_kwallet(pamh, userInfo, toWalletPipe, fullSocket);
-         /* Should never be reached */
-         break;
- 
--- 
-cgit v0.11.2
-
diff --git a/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-3.patch b/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-3.patch
deleted file mode 100644
index de882e454536..000000000000
--- a/kde-plasma/kwallet-pam/files/kwallet-pam-5.11.5-CVE-2018-10380-3.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 8da1a47035fc92bc1496059583772bc4bd6e8ba6 Mon Sep 17 00:00:00 2001
-From: Maximiliano Curia <maxy@gnuservers.com.ar>
-Date: Fri, 4 May 2018 22:06:06 +0200
-Subject: Avoid giving an stderr to kwallet
-
-Summary:
-The fixes for CVE-2018-10380 introduced a regression for most users not
-using kde, and some for kde sessions. In particular the reorder of the
-close calls and creating a new socket caused that the socket is always
-assigned the file descriptor 2, aka stderr.
-
-BUG: 393856
-
-Test Plan: It works
-
-Reviewers: #plasma, aacid
-
-Reviewed By: aacid
-
-Subscribers: asturmlechner, rdieter, davidedmundson, plasma-devel
-
-Tags: #plasma
-
-Differential Revision: https://phabricator.kde.org/D12702
----
- pam_kwallet.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/pam_kwallet.c b/pam_kwallet.c
-index b9c984a..661ed8d 100644
---- a/pam_kwallet.c
-+++ b/pam_kwallet.c
-@@ -375,7 +375,8 @@ static int drop_privileges(struct passwd *userInfo)
- static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toWalletPipe[2], char *fullSocket)
- {
-     //In the child pam_syslog does not work, using syslog directly
--    int x = 2;
-+    //keep stderr open so socket doesn't returns us that fd
-+    int x = 3;
-     //Close fd that are not of interest of kwallet
-     for (; x < 64; ++x) {
-         if (x != toWalletPipe[0]) {
-@@ -424,6 +425,8 @@ static void execute_kwallet(pam_handle_t *pamh, struct passwd *userInfo, int toW
-         pam_syslog(pamh, LOG_INFO, "%s-kwalletd: Couldn't listen in socket\n", logPrefix);
-         return;
-     }
-+    //finally close stderr
-+    close(2);
- 
-     // Fork twice to daemonize kwallet
-     setsid();
--- 
-cgit v0.11.2
-
diff --git a/kde-plasma/kwallet-pam/kwallet-pam-5.13.5.ebuild b/kde-plasma/kwallet-pam/kwallet-pam-5.13.5.ebuild
index 8c9a7437fc09..d697dd6f9f45 100644
--- a/kde-plasma/kwallet-pam/kwallet-pam-5.13.5.ebuild
+++ b/kde-plasma/kwallet-pam/kwallet-pam-5.13.5.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -7,7 +7,7 @@ inherit kde5
 
 DESCRIPTION="KWallet PAM module to not enter password again"
 LICENSE="LGPL-2.1"
-KEYWORDS="~amd64 ~arm ~x86"
+KEYWORDS="amd64 ~arm x86"
 IUSE=""
 
 DEPEND="
diff --git a/kde-plasma/kwallet-pam/kwallet-pam-5.12.5-r1.ebuild b/kde-plasma/kwallet-pam/kwallet-pam-5.14.1.ebuild
index a9886b94ab53..810eaac889ae 100644
--- a/kde-plasma/kwallet-pam/kwallet-pam-5.12.5-r1.ebuild
+++ b/kde-plasma/kwallet-pam/kwallet-pam-5.14.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -7,7 +7,7 @@ inherit kde5
 
 DESCRIPTION="KWallet PAM module to not enter password again"
 LICENSE="LGPL-2.1"
-KEYWORDS="amd64 ~arm x86"
+KEYWORDS="~amd64 ~arm ~x86"
 IUSE=""
 
 DEPEND="
@@ -18,8 +18,6 @@ RDEPEND="${DEPEND}
 	net-misc/socat
 "
 
-PATCHES=( "${FILESDIR}"/${PN}-5.11.5-CVE-2018-10380-{1,2,3}.patch )
-
 src_configure() {
 	local mycmakeargs=(
 		-DCMAKE_INSTALL_LIBDIR="/$(get_libdir)"
author	V3n3RiX <venerix@redcorelinux.org>	2018-10-22 11:09:47 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-10-22 11:09:47 +0100
commit	64e107b9b6058580ff0432107eb37cefb0b2a7d8 (patch)
tree	9a44e603e2ae365e2b1fe35ac37f73e830cdee1d /kde-plasma/kwallet-pam
parent	957235cf19a691360c720f7913672adda4258ed0 (diff)