aboutsummaryrefslogtreecommitdiffstats
path: root/main/pam-pgsql
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-02-07 13:09:39 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-02-07 13:09:39 +0000
commit5f0d8c570f2c0a4e6e9ac3fdec1d5b2bedebcbe5 (patch)
treee2695e1919031484c7122362ff9f772a77a0bb2a /main/pam-pgsql
parent085280c569e996faa7d507229d707002fa88d79f (diff)
downloadaports-5f0d8c570f2c0a4e6e9ac3fdec1d5b2bedebcbe5.tar.bz2
aports-5f0d8c570f2c0a4e6e9ac3fdec1d5b2bedebcbe5.tar.xz
main/pam-pgsql: fix CVE-2013-0191
fixes #1605
Diffstat (limited to 'main/pam-pgsql')
-rw-r--r--main/pam-pgsql/APKBUILD8
-rw-r--r--main/pam-pgsql/CVE-2013-0191.patch11
2 files changed, 16 insertions, 3 deletions
diff --git a/main/pam-pgsql/APKBUILD b/main/pam-pgsql/APKBUILD
index 771d4f1954..a085bf5aed 100644
--- a/main/pam-pgsql/APKBUILD
+++ b/main/pam-pgsql/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pam-pgsql
pkgver=0.7.3.1
-pkgrel=1
+pkgrel=2
pkgdesc="PAM module to authenticate using a PostgreSQL database"
url="http://sourceforge.net/projects/pam-pgsql/"
arch="all"
@@ -12,7 +12,8 @@ depends_dev=""
makedepends="$depends_dev linux-pam-dev postgresql-dev libgcrypt-dev"
install=""
subpackages="$pkgname-doc"
-source="http://downloads.sourceforge.net/project/pam-pgsql/pam-pgsql/0.7/pam-pgsql-$pkgver.tar.gz"
+source="http://downloads.sourceforge.net/project/pam-pgsql/pam-pgsql/0.7/pam-pgsql-$pkgver.tar.gz
+ CVE-2013-0191.patch"
_builddir="$srcdir"/pam-pgsql-$pkgver
prepare() {
@@ -39,4 +40,5 @@ package() {
|| return 1
}
-md5sums="16cb40a16ee1f286906a0d5a90254731 pam-pgsql-0.7.3.1.tar.gz"
+md5sums="16cb40a16ee1f286906a0d5a90254731 pam-pgsql-0.7.3.1.tar.gz
+4a8640edb8eaee4456fa91ad8c22ab7f CVE-2013-0191.patch"
diff --git a/main/pam-pgsql/CVE-2013-0191.patch b/main/pam-pgsql/CVE-2013-0191.patch
new file mode 100644
index 0000000000..d03fc30822
--- /dev/null
+++ b/main/pam-pgsql/CVE-2013-0191.patch
@@ -0,0 +1,11 @@
+--- ./src/backend_pgsql.c.orig 2013-02-07 13:06:48.982679657 +0000
++++ ./src/backend_pgsql.c 2013-02-07 13:09:00.973830056 +0000
+@@ -258,7 +258,7 @@
+ if(pg_execParam(conn, &res, options->query_auth, service, user, passwd, rhost) == PAM_SUCCESS) {
+ if(PQntuples(res) == 0) {
+ rc = PAM_USER_UNKNOWN;
+- } else {
++ } else if (!PQgetisnull(res, 0, 0)) {
+ char *stored_pw = PQgetvalue(res, 0, 0);
+ if (!strcmp(stored_pw, (tmp = password_encrypt(options, user, passwd, stored_pw)))) rc = PAM_SUCCESS;
+ free (tmp);