[gentoo-commits] proj/kde:master commit in: kde-apps/kwalletd-pam/files/, kde-apps/kwalletd-pam/

Tue, 01 Mar 2016 03:52:59 -0800 

commit:     591a6dd170e989be53af3e6e7fc55be53a6c7695
Author:     Andreas Sturmlechner <andreas.sturmlechner <AT> gmail <DOT> com>
AuthorDate: Sun Feb 28 20:19:02 2016 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Tue Mar  1 11:52:01 2016 +0000
URL:        https://gitweb.gentoo.org/proj/kde.git/commit/?id=591a6dd1

kde-apps/kwalletd-pam: Add pkg_postinst instructions, coverity patch

Package-Manager: portage-2.2.27

 .../files/kwalletd-pam-5.5.4-coverity.patch        | 31 +++++++++++
 kde-apps/kwalletd-pam/kwalletd-pam-5.5.3.ebuild    | 36 -------------
 kde-apps/kwalletd-pam/kwalletd-pam-5.5.4.ebuild    | 63 ++++++++++++++++++++++
 3 files changed, 94 insertions(+), 36 deletions(-)

diff --git a/kde-apps/kwalletd-pam/files/kwalletd-pam-5.5.4-coverity.patch 
b/kde-apps/kwalletd-pam/files/kwalletd-pam-5.5.4-coverity.patch
new file mode 100644
index 0000000..4cfd513
--- /dev/null
+++ b/kde-apps/kwalletd-pam/files/kwalletd-pam-5.5.4-coverity.patch
@@ -0,0 +1,31 @@
+From: Michael Pyne <[email protected]>
+Date: Mon, 28 Dec 2015 01:33:23 +0000
+Subject: Check sockaddr_un buffer size before strcpy()ing into it.
+X-Git-Url: 
http://quickgit.kde.org/?p=kwallet-pam.git&a=commitdiff&h=9543cc4058b24e4e5bfe8d324de309ca7050058b
+---
+Check sockaddr_un buffer size before strcpy()ing into it.
+
+Coverity strikes again, and notes in CID 1335116 that copying the socket name
+into a fixed-size buffer here could overflow the buffer. I don't see any reason
+it would be wrong in all cases, so best to double-check.
+
+REVIEW:126539
+---
+
+
+--- a/pam_kwallet.c
++++ b/pam_kwallet.c
+@@ -422,6 +422,12 @@
+ 
+     struct sockaddr_un local;
+     local.sun_family = AF_UNIX;
++
++    if ((size_t)len > sizeof(local.sun_path)) {
++        pam_syslog(pamh, LOG_ERR, "%s: socket path %s too long to open",
++                   logPrefix, fullSocket);
++        return;
++    }
+     strcpy(local.sun_path, fullSocket);
+     unlink(local.sun_path);//Just in case it exists from a previous login
+ 
+

diff --git a/kde-apps/kwalletd-pam/kwalletd-pam-5.5.3.ebuild 
b/kde-apps/kwalletd-pam/kwalletd-pam-5.5.3.ebuild
deleted file mode 100644
index 9fc7022..0000000
--- a/kde-apps/kwalletd-pam/kwalletd-pam-5.5.3.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-MY_PN="kwallet-pam"
-inherit cmake-utils multilib
-
-DESCRIPTION="KWallet PAM module to not enter password again"
-HOMEPAGE="https://www.kde.org/";
-SRC_URI="mirror://kde/stable/plasma/${PV}/${MY_PN}-${PV}.tar.xz"
-
-LICENSE="LGPL-2.1"
-SLOT="4"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-DEPEND="
-       dev-libs/libgcrypt:0=
-       virtual/pam
-"
-RDEPEND="${DEPEND}
-       net-misc/socat
-"
-
-S="${WORKDIR}/${MY_PN}-${PV}"
-
-src_configure() {
-       local mycmakeargs=(
-               -DCMAKE_INSTALL_LIBDIR="/$(get_libdir)"
-               -DKWALLET4=1
-       )
-
-       cmake-utils_src_configure
-}

diff --git a/kde-apps/kwalletd-pam/kwalletd-pam-5.5.4.ebuild 
b/kde-apps/kwalletd-pam/kwalletd-pam-5.5.4.ebuild
new file mode 100644
index 0000000..4be7775
--- /dev/null
+++ b/kde-apps/kwalletd-pam/kwalletd-pam-5.5.4.ebuild
@@ -0,0 +1,63 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+MY_PN="kwallet-pam"
+inherit cmake-utils multilib
+
+DESCRIPTION="KWallet PAM module to not enter password again"
+HOMEPAGE="https://www.kde.org/";
+SRC_URI="mirror://kde/stable/plasma/${PV}/${MY_PN}-${PV}.tar.xz"
+
+LICENSE="LGPL-2.1"
+SLOT="4"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND="
+       dev-libs/libgcrypt:0=
+       virtual/pam
+"
+RDEPEND="${DEPEND}
+       net-misc/socat
+"
+
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+PATCHES=( "${FILESDIR}/${P}-coverity.patch" )
+
+src_configure() {
+       local mycmakeargs=(
+               -DCMAKE_INSTALL_LIBDIR="/$(get_libdir)"
+               -DKWALLET4=1
+       )
+
+       cmake-utils_src_configure
+}
+
+pkg_postinst() {
+       check_dm() {
+               if [[ -e "${ROOT}${2}" ]] && \
+                       [[ -n $(egrep "auth\s+optional\s+pam_kwallet.so" 
"${ROOT}${2}") ]] && \
+                       [[ -n $(egrep "session\s+optional\s+pam_kwallet.so" 
"${ROOT}${2}") ]]; then
+                       elog "    ${1} - ${2} ...GOOD"
+               else
+                       ewarn "    ${1} - ${2} ...BAD"
+               fi
+       }
+       elog
+       elog "This package enables auto-unlocking of kde-apps/kwalletd:4."
+       elog "List of things to make it work:"
+       elog "1.  Use same password for login and kwallet"
+       elog "2.  A display manager with support for PAM"
+       elog "3.a Have the following lines in the display manager's pam.d file:"
+       elog "    -auth        optional        pam_kwallet.so kdehome=.kde4"
+       elog "    -session     optional        pam_kwallet.so"
+       elog "3.b Checking installed DMs..."
+       has_version "x11-misc/sddm" && check_dm "SDDM" "/etc/pam.d/sddm"
+       has_version "x11-misc/lightdm" && check_dm "LightDM" 
"/etc/pam.d/lightdm"
+       has_version "kde-base/kdm" && check_dm "KDM" "/etc/pam.d/kde"
+       elog
+}

Reply via email to