pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2007Q3]: pkgsrc/x11/gdm Pullup ticket 2200 - requested by hauke



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7678e3375ed2
branches:  pkgsrc-2007Q3
changeset: 534013:7678e3375ed2
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Mon Oct 22 09:14:36 2007 +0000

description:
Pullup ticket 2200 - requested by hauke
security fix for gdm

- pkgsrc/x11/gdm/Makefile                               1.133
- pkgsrc/x11/gdm/distinfo                               1.51
- pkgsrc/x11/gdm/patches/patch-am                       1.3
- pkgsrc/x11/gdm/patches/patch-an                       1.1

   Module Name: pkgsrc
   Committed By:        hauke
   Date:                Thu Oct 11 09:35:11 UTC 2007

   Added Files:
           pkgsrc/x11/gdm/patches: patch-am patch-an

   Log Message:
   The code to verify user and password provided in
   daemon/verify-{crypt,shadow}.c prints out the user name in various
   places, where daemon/verify-pam.c code does not. Get out of sync with
   the login dialog, and you'll have your password logged.

   Adapt patches from the gdm 2.20 branch for
   (1) not logging the user name in any sy slog error messages
   (2) not localizing the log messages.

   Fixes PR 31417.

diffstat:

 x11/gdm/Makefile         |    4 +-
 x11/gdm/distinfo         |    4 +-
 x11/gdm/patches/patch-am |  100 +++++++++++++++++++++++++++++++++++++++++++++++
 x11/gdm/patches/patch-an |  100 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 205 insertions(+), 3 deletions(-)

diffs (237 lines):

diff -r 3e6b944fb854 -r 7678e3375ed2 x11/gdm/Makefile
--- a/x11/gdm/Makefile  Mon Oct 22 08:50:34 2007 +0000
+++ b/x11/gdm/Makefile  Mon Oct 22 09:14:36 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.132 2007/09/21 13:04:29 wiz Exp $
+# $NetBSD: Makefile,v 1.132.2.1 2007/10/22 09:14:36 ghen Exp $
 #
 
 DISTNAME=      gdm-2.18.4
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    x11 gnome
 MASTER_SITES=  ${MASTER_SITE_GNOME:=sources/gdm/2.18/}
 EXTRACT_SUFX=  .tar.bz2
diff -r 3e6b944fb854 -r 7678e3375ed2 x11/gdm/distinfo
--- a/x11/gdm/distinfo  Mon Oct 22 08:50:34 2007 +0000
+++ b/x11/gdm/distinfo  Mon Oct 22 09:14:36 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2007/08/09 19:39:16 drochner Exp $
+$NetBSD: distinfo,v 1.50.2.1 2007/10/22 09:14:37 ghen Exp $
 
 SHA1 (gdm-2.18.4.tar.bz2) = 8bf2c8745d7c38f5f08641abed4ca103cad0ecb8
 RMD160 (gdm-2.18.4.tar.bz2) = 4922af1321f707279c1eb6354d1c56cc39bce20e
@@ -9,3 +9,5 @@
 SHA1 (patch-ae) = c95265b55c968a0466e1ae50bbe58c121f05b027
 SHA1 (patch-ak) = e3eaf2dfa1e393f9808d22fe4384710a46a83afc
 SHA1 (patch-al) = 3b66dd3f4cdea6a3af5cbd0ff65eb02ccdead483
+SHA1 (patch-am) = 12db3ab28d530096d03575a92c5493d6149c39ed
+SHA1 (patch-an) = 45a9d4a8b5c8fa6014664525ae3e27fe3ad15208
diff -r 3e6b944fb854 -r 7678e3375ed2 x11/gdm/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/gdm/patches/patch-am  Mon Oct 22 09:14:36 2007 +0000
@@ -0,0 +1,100 @@
+$NetBSD: patch-am,v 1.2.18.1 2007/10/22 09:14:38 ghen Exp $
+
+--- daemon/verify-shadow.c.orig        2007-07-30 22:06:56.000000000 +0200
++++ daemon/verify-shadow.c
+@@ -199,7 +199,7 @@ authenticate_again:
+ 
+     if (pwent == NULL) {
+           gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-          gdm_error (_("Couldn't authenticate user \"%s\""), login);
++          gdm_error ("Couldn't authenticate user");
+ 
+           print_cant_auth_errbox ();
+ 
+@@ -213,7 +213,7 @@ authenticate_again:
+     if (ppasswd == NULL || (ppasswd[0] != '\0' &&
+                           strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
+           gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-          gdm_error (_("Couldn't authenticate user \"%s\""), login);
++          gdm_error ("Couldn't authenticate user");
+ 
+           print_cant_auth_errbox ();
+ 
+@@ -226,7 +226,7 @@ authenticate_again:
+     if ( ( ! gdm_get_value_bool (GDM_KEY_ALLOW_ROOT)||
+         ( ! gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
+       pwent->pw_uid == 0) {
+-          gdm_error (_("Root login disallowed on display '%s'"), display);
++          gdm_error ("Root login disallowed on display '%s'", display);
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("The system administrator "
+                                           "is not allowed to login "
+@@ -244,7 +244,7 @@ authenticate_again:
+     /* Check with the 'loginrestrictions' function
+        if the user has been disallowed */
+     if (loginrestrictions (login, 0, NULL, &message) != 0) {
+-          gdm_error (_("User %s not allowed to log in"), login);
++          gdm_error ("User not allowed to log in");
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("\nThe system administrator "
+                                           "has disabled your "
+@@ -268,7 +268,7 @@ authenticate_again:
+       (strcmp (pwent->pw_shell, "/sbin/nologin") == 0 ||
+        strcmp (pwent->pw_shell, "/bin/true") == 0 ||
+        strcmp (pwent->pw_shell, "/bin/false") == 0)) {
+-          gdm_error (_("User %s not allowed to log in"), login);
++          gdm_error ("User not allowed to log in");
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("\nThe system administrator "
+                                           "has disabled your "
+@@ -293,7 +293,7 @@ authenticate_again:
+     }
+ 
+     if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-          gdm_error (_("Cannot set user group for %s"), login);
++          gdm_error ("Cannot set user group");
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("\nCannot set your user group; "
+                                           "you will not be able to log in. "
+@@ -306,7 +306,7 @@ authenticate_again:
+ 
+     switch (passwdexpired (login, &info_msg)) {
+     case 1 :
+-          gdm_error (_("Password of %s has expired"), login);
++          gdm_error ("User password has expired");
+           gdm_error_box (d, GTK_MESSAGE_ERROR,
+                          _("You are required to change your password.\n"
+                            "Please choose a new one."));
+@@ -380,7 +380,7 @@ authenticate_again:
+           break;
+ 
+     case 2 :
+-          gdm_error (_("Password of %s has expired"), login);
++          gdm_error ("User password has expired");
+           gdm_error_box (d, GTK_MESSAGE_ERROR,
+                          _("Your password has expired.\n"
+                            "Only a system administrator can now change it"));
+@@ -389,7 +389,7 @@ authenticate_again:
+           break;    
+ 
+     case -1 :
+-          gdm_error (_("Internal error on passwdexpired"));
++          gdm_error ("Internal error on passwdexpired");
+           gdm_error_box (d, GTK_MESSAGE_ERROR,
+                          _("An internal error occurred. You will not be able to log in.\n"
+                            "Please try again later or contact your system administrator."));
+@@ -426,12 +426,12 @@ gdm_verify_setup_user (GdmDisplay *d, co
+ 
+       pwent = getpwnam (login);
+       if (pwent == NULL) {
+-              gdm_error (_("Cannot get passwd structure for %s"), login);
++              gdm_error ("Cannot get passwd structure for user");
+               return FALSE;
+       }
+ 
+       if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-              gdm_error (_("Cannot set user group for %s"), login);
++              gdm_error ("Cannot set user group");
+               gdm_error_box (d,
+                              GTK_MESSAGE_ERROR,
+                              _("\nCannot set your user group; "
diff -r 3e6b944fb854 -r 7678e3375ed2 x11/gdm/patches/patch-an
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/gdm/patches/patch-an  Mon Oct 22 09:14:36 2007 +0000
@@ -0,0 +1,100 @@
+$NetBSD: patch-an,v 1.1.2.2 2007/10/22 09:14:39 ghen Exp $
+
+--- daemon/verify-crypt.c.orig 2007-07-30 22:06:56.000000000 +0200
++++ daemon/verify-crypt.c
+@@ -178,7 +178,7 @@ authenticate_again:
+ 
+     if (pwent == NULL) {
+           gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-          gdm_error (_("Couldn't authenticate user \"%s\""), login);
++          gdm_error ("Couldn't authenticate user");
+ 
+           print_cant_auth_errbox ();
+ 
+@@ -192,7 +192,7 @@ authenticate_again:
+     if (ppasswd == NULL || (ppasswd[0] != '\0' &&
+                           strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
+           gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-          gdm_error (_("Couldn't authenticate user \"%s\""), login);
++          gdm_error ("Couldn't authenticate user");
+ 
+           print_cant_auth_errbox ();
+ 
+@@ -205,7 +205,7 @@ authenticate_again:
+     if ( ( ! gdm_get_value_bool (GDM_KEY_ALLOW_ROOT)||
+         ( ! gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
+       pwent->pw_uid == 0) {
+-          gdm_error (_("Root login disallowed on display '%s'"), display);
++          gdm_error ("Root login disallowed on display '%s'", display);
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("The system administrator "
+                                           "is not allowed to login "
+@@ -223,7 +223,7 @@ authenticate_again:
+     /* Check with the 'loginrestrictions' function
+        if the user has been disallowed */
+     if (loginrestrictions (login, 0, NULL, &message) != 0) {
+-          gdm_error (_("User %s not allowed to log in"), login);
++          gdm_error ("User not allowed to log in");
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("\nThe system administrator "
+                                           "has disabled your "
+@@ -247,7 +247,7 @@ authenticate_again:
+       (strcmp (pwent->pw_shell, "/sbin/nologin") == 0 ||
+        strcmp (pwent->pw_shell, "/bin/true") == 0 ||
+        strcmp (pwent->pw_shell, "/bin/false") == 0)) {
+-          gdm_error (_("User %s not allowed to log in"), login);
++          gdm_error ("User not allowed to log in");
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("\nThe system administrator "
+                                           "has disabled your "
+@@ -272,7 +272,7 @@ authenticate_again:
+     }
+ 
+     if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-          gdm_error (_("Cannot set user group for %s"), login);
++          gdm_error ("Cannot set user group");
+           gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+                                         _("\nCannot set your user group; "
+                                           "you will not be able to log in. "
+@@ -285,7 +285,7 @@ authenticate_again:
+ 
+     switch (passwdexpired (login, &info_msg)) {
+     case 1 :
+-          gdm_error (_("Password of %s has expired"), login);
++          gdm_error ("User password has expired");
+           gdm_error_box (d, GTK_MESSAGE_ERROR,
+                          _("You are required to change your password.\n"
+                            "Please choose a new one."));
+@@ -358,7 +358,7 @@ authenticate_again:
+           break;
+ 
+     case 2 :
+-          gdm_error (_("Password of %s has expired"), login);
++          gdm_error ("User password has expired");
+           gdm_error_box (d, GTK_MESSAGE_ERROR,
+                          _("Your password has expired.\n"
+                            "Only a system administrator can now change it"));
+@@ -367,7 +367,7 @@ authenticate_again:
+           break;    
+ 
+     case -1 :
+-          gdm_error (_("Internal error on passwdexpired"));
++          gdm_error ("Internal error on passwdexpired");
+           gdm_error_box (d, GTK_MESSAGE_ERROR,
+                          _("An internal error occurred. You will not be able to log in.\n"
+                            "Please try again later or contact your system administrator."));
+@@ -405,12 +405,12 @@ gdm_verify_setup_user (GdmDisplay *d,
+ 
+       pwent = getpwnam (login);
+       if (pwent == NULL) {
+-              gdm_error (_("Cannot get passwd structure for %s"), login);
++              gdm_error ("Cannot get passwd structure for %s", login);
+               return FALSE;
+       }
+ 
+       if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-              gdm_error (_("Cannot set user group for %s"), login);
++              gdm_error ("Cannot set user group");
+               gdm_error_box (d,
+                              GTK_MESSAGE_ERROR,
+                              _("\nCannot set your user group; "



Home | Main Index | Thread Index | Old Index