Date: Thursday, May 3, 2018 @ 10:30:28 Author: arojas Revision: 323352
Fix CVE-2018-10380 Modified: kwallet-pam/trunk/PKGBUILD ----------+ PKGBUILD | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-05-03 09:33:10 UTC (rev 323351) +++ PKGBUILD 2018-05-03 10:30:28 UTC (rev 323352) @@ -3,7 +3,7 @@ pkgname=kwallet-pam pkgver=5.12.5 -pkgrel=1 +pkgrel=2 pkgdesc='KWallet PAM integration' arch=(x86_64) url='https://www.kde.org/workspaces/plasmadesktop/' @@ -11,9 +11,13 @@ depends=(pam libgcrypt socat) makedepends=(extra-cmake-modules qt5-base) groups=(plasma) -source=("https://download.kde.org/stable/plasma/$pkgver/$pkgname-$pkgver.tar.xz"{,.sig}) +source=("https://download.kde.org/stable/plasma/$pkgver/$pkgname-$pkgver.tar.xz"{,.sig} + CVE-2018-10380-1.patch::"https://cgit.kde.org/kwallet-pam.git/patch/?id=2134dec8"; + CVE-2018-10380-2.patch::"https://cgit.kde.org/kwallet-pam.git/patch/?id=01d4143f";) sha256sums=('6374132fe2d142c9eb999e90c636b973fe9715335de3cfa86f0b5f4258d5eba2' - 'SKIP') + 'SKIP' + 'bc509c7d04aa21c35caac263720967dd098af47e6d282e437f1b69de38f42d66' + 'b3c8500c7951b4a919875907abcefe817d8d613e31a2eb4ccf63b0038a4f5b62') validpgpkeys=('2D1D5B0588357787DE9EE225EC94D18F7F05997E' # Jonathan Riddell '0AAC775BB6437A8D9AF7A3ACFE0784117FBCE11D' # Bhushan Shah <[email protected]> 'D07BD8662C56CB291B316EB2F5675605C74E02CF' # David Edmundson @@ -21,6 +25,11 @@ prepare() { mkdir -p build{,4} + + cd $pkgname-$pkgver +# https://www.kde.org/info/security/advisory-20180503-1.txt + patch -p1 -i ../CVE-2018-10380-1.patch + patch -p1 -i ../CVE-2018-10380-2.patch } build() {
