git » kwallet-pam.git » commit 96d2678

Fix CVE-2018-10380

author Antonio Rojas
2018-05-03 10:30:28 UTC
committer Antonio Rojas
2018-05-03 10:30:28 UTC
parent 34fad75e8af0fc601d699f128e4352f86f46e200
Fix CVE-2018-10380
PKGBUILD +12 -3 
diff --git a/PKGBUILD b/PKGBUILD
index cbf73bd..deca0e4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 
 pkgname=kwallet-pam
 pkgver=5.12.5
-pkgrel=1
+pkgrel=2
 pkgdesc='KWallet PAM integration'
 arch=(x86_64)
 url='https://www.kde.org/workspaces/plasmadesktop/'
@@ -10,9 +10,13 @@ license=(LGPL)
 depends=(pam libgcrypt socat)
 makedepends=(extra-cmake-modules qt5-base)
 groups=(plasma)
-source=("https://download.kde.org/stable/plasma/$pkgver/$pkgname-$pkgver.tar.xz"{,.sig})
+source=("https://download.kde.org/stable/plasma/$pkgver/$pkgname-$pkgver.tar.xz"{,.sig}
+        CVE-2018-10380-1.patch::"https://cgit.kde.org/kwallet-pam.git/patch/?id=2134dec8"
+        CVE-2018-10380-2.patch::"https://cgit.kde.org/kwallet-pam.git/patch/?id=01d4143f")
 sha256sums=('6374132fe2d142c9eb999e90c636b973fe9715335de3cfa86f0b5f4258d5eba2'
-            'SKIP')
+            'SKIP'
+            'bc509c7d04aa21c35caac263720967dd098af47e6d282e437f1b69de38f42d66'
+            'b3c8500c7951b4a919875907abcefe817d8d613e31a2eb4ccf63b0038a4f5b62')
 validpgpkeys=('2D1D5B0588357787DE9EE225EC94D18F7F05997E'  # Jonathan Riddell
               '0AAC775BB6437A8D9AF7A3ACFE0784117FBCE11D'  # Bhushan Shah <bshah@kde.org>
               'D07BD8662C56CB291B316EB2F5675605C74E02CF'  # David Edmundson
@@ -20,6 +24,11 @@ validpgpkeys=('2D1D5B0588357787DE9EE225EC94D18F7F05997E'  # Jonathan Riddell
 
 prepare() {
   mkdir -p build{,4}
+
+  cd $pkgname-$pkgver
+# https://www.kde.org/info/security/advisory-20180503-1.txt
+  patch -p1 -i ../CVE-2018-10380-1.patch
+  patch -p1 -i ../CVE-2018-10380-2.patch
 }
 
 build() {