diff options
5 files changed, 126 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam-xdg-support/files/CVE-2013-1052.patch b/meta/recipes-extended/pam-xdg-support/files/CVE-2013-1052.patch new file mode 100644 index 00000000000..a2b7ed2a150 --- /dev/null +++ b/meta/recipes-extended/pam-xdg-support/files/CVE-2013-1052.patch @@ -0,0 +1,16 @@ +Description: fix code execution via unsafe PATH +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam-xdg-support/+bug/1155337 + +Index: pam-xdg-support-0.2/pam_xdg_support.c +=================================================================== +--- pam-xdg-support-0.2.orig/pam_xdg_support.c 2012-10-01 23:07:38.000000000 -0400 ++++ pam-xdg-support-0.2/pam_xdg_support.c 2013-03-15 09:27:26.241969147 -0400 +@@ -44,7 +44,7 @@ + char *command = NULL; + + /* Cheese out for now and just use rm -rf. */ +- if (asprintf (&command, "rm -rf %s", dir) < 0) ++ if (asprintf (&command, "/bin/rm -rf %s", dir) < 0) + { + pam_syslog (pamh, LOG_ERR, "Allocation failure"); + return PAM_SESSION_ERR; diff --git a/meta/recipes-extended/pam-xdg-support/files/add-ar.patch b/meta/recipes-extended/pam-xdg-support/files/add-ar.patch new file mode 100644 index 00000000000..92ae8ced0e4 --- /dev/null +++ b/meta/recipes-extended/pam-xdg-support/files/add-ar.patch @@ -0,0 +1,21 @@ +Newer autotools give this warning: + + "warning: 'pam_xdg_support.la': linking libtool libraries using a non-POSIX archiver requires 'AM_PROG_AR' in 'configure.ac'" + +So add AM_PROG_AR. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +=== modified file 'configure.ac' +--- configure.ac 2013-06-19 15:05:17 +0000 ++++ configure.ac 2013-06-19 15:21:09 +0000 +@@ -11,6 +11,7 @@ + + AC_PROG_CC + AC_DISABLE_STATIC ++AM_PROG_AR + AC_PROG_LIBTOOL + + # Save flags to aclocal + diff --git a/meta/recipes-extended/pam-xdg-support/files/remove-dbus.patch b/meta/recipes-extended/pam-xdg-support/files/remove-dbus.patch new file mode 100644 index 00000000000..b39d60dff3e --- /dev/null +++ b/meta/recipes-extended/pam-xdg-support/files/remove-dbus.patch @@ -0,0 +1,41 @@ +DBus isn't used by this so don't bother checking for it. + +https://bugs.launchpad.net/ubuntu/+source/pam-xdg-support/+bug/1192600 + +Upstream-Status: Submitted +Signed-off-by: Ross Burton <ross.burton@intel.com> + +=== modified file 'Makefile.am' +--- Makefile.am 2012-09-27 06:53:57 +0000 ++++ Makefile.am 2013-06-19 15:05:17 +0000 +@@ -1,6 +1,3 @@ +-AM_CPPFLAGS = \ +- $(LIBDBUS_CFLAGS) +- + pammoddir = /lib/security + pammod_LTLIBRARIES = \ + pam_xdg_support.la +@@ -8,8 +5,7 @@ + pam_xdg_support_la_SOURCES = pam_xdg_support.c + pam_xdg_support_la_LDFLAGS = -no-undefined -module -avoid-version + pam_xdg_support_la_LIBADD = \ +- $(PAM_LIBS) \ +- $(LIBDBUS_LIBS) ++ $(PAM_LIBS) + + man_MANS = pam_xdg_support.8 + + +=== modified file 'configure.ac' +--- configure.ac 2012-10-02 03:09:28 +0000 ++++ configure.ac 2013-06-19 15:05:17 +0000 +@@ -22,8 +22,6 @@ + AC_CHECK_HEADERS(paths.h) + AC_CHECK_HEADERS(sys/consio.h) + +-PKG_CHECK_MODULES(LIBDBUS, dbus-1) +- + dnl --------------------------------------------------------------------------- + dnl Check for PAM + dnl --------------------------------------------------------------------------- + diff --git a/meta/recipes-extended/pam-xdg-support/files/volatiles b/meta/recipes-extended/pam-xdg-support/files/volatiles new file mode 100644 index 00000000000..1e9d94e1916 --- /dev/null +++ b/meta/recipes-extended/pam-xdg-support/files/volatiles @@ -0,0 +1,2 @@ +# pam-xdg-support won't create /run/user itself, so ensure that it exists +d root root 0755 /run/user none diff --git a/meta/recipes-extended/pam-xdg-support/pam-xdg-support_0.2.bb b/meta/recipes-extended/pam-xdg-support/pam-xdg-support_0.2.bb new file mode 100644 index 00000000000..b63b1ae20fb --- /dev/null +++ b/meta/recipes-extended/pam-xdg-support/pam-xdg-support_0.2.bb @@ -0,0 +1,46 @@ +SUMMARY = "PAM hook to create XDG_RUNTIME_DIR on login" +HOMEPAGE = "https://launchpad.net/pam-xdg-support" +LICENSE = "LGPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02 \ + file://pam_xdg_support.c;beginline=1;endline=21;md5=5c28ea20c0fa549a9b3c48e1d147546f" + +SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/main/p/${BPN}/${BPN}_${PV}.orig.tar.bz2 \ + file://remove-dbus.patch;pnum=0 \ + file://add-ar.patch;pnum=0 \ + file://CVE-2013-1052.patch \ + file://volatiles" + +SRC_URI[md5sum] = "1311fdb880ed61301fb559e822ef0793" +SRC_URI[sha256sum] = "cb240bcc80f7f6fed326b3f392b7a491992c12c247ad926ba0f8b63ee64da8f2" + +DEPENDS = "libpam" + +inherit autotools + +do_install_append () { + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles ${D}${sysconfdir}/default/volatiles/99_pam_xdg_support +} + +FILES_${PN} += "${base_libdir}/security/*.so" +FILES_${PN}-dbg += "${base_libdir}/security/.debug" + +RDEPENDS_${PN} += "libpam-runtime" + +pkg_postinst_${PN} () { + set -e + add_xdg_module () { + grep -q pam_xdg_support "$1" || echo "session optional pam_xdg_support.so" >> "$1" + } + add_xdg_module $D${sysconfdir}/pam.d/common-session + add_xdg_module $D${sysconfdir}/pam.d/common-session-noninteractive +} + +pkg_prerm_${PN} () { + set -e + remove_xdg_module () { + sed -i "/pam_xdg_support\.so/d" "$1" + } + remove_xdg_module $D${sysconfdir}/pam.d/common-session + remove_xdg_module $D${sysconfdir}/pam.d/common-session-noninteractive +} |