rpms/kdebase/devel kdebase-3.5.3.diff, NONE, 1.1 kdebase.spec, 1.191, 1.192
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jun 26 17:53:15 UTC 2006
Author: than
Update of /cvs/dist/rpms/kdebase/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9067
Modified Files:
kdebase.spec
Added Files:
kdebase-3.5.3.diff
Log Message:
apply patch to check return value
kdebase-3.5.3.diff:
drkonqi/main.cpp | 11 +++++++++--
ksysguard/ksysguardd/ksysguardd.c | 14 +++++++++-----
2 files changed, 18 insertions(+), 7 deletions(-)
--- NEW FILE kdebase-3.5.3.diff ---
Index: ksysguard/ksysguardd/ksysguardd.c
===================================================================
--- ksysguard/ksysguardd/ksysguardd.c (revision 549512)
+++ ksysguard/ksysguardd/ksysguardd.c (working copy)
@@ -207,15 +207,19 @@ static void dropPrivileges( void )
{
struct passwd *pwd;
- if ( ( pwd = getpwnam( "nobody" ) ) != NULL )
- setuid( pwd->pw_uid );
- else {
+ if ( ( pwd = getpwnam( "nobody" ) ) != NULL ) {
+ if ( !setgid(pwd->pw_gid) )
+ setuid(pwd->pw_uid);
+ if (!geteuid() && getuid() != pwd->pw_uid)
+ _exit(1);
+ }
+ else {
log_error( "User 'nobody' does not exist." );
/**
We exit here to avoid becoming vulnerable just because
user nobody does not exist.
*/
- exit( 1 );
+ _exit(1);
}
}
@@ -231,7 +235,7 @@ void makeDaemon( void )
chdir( "/" );
umask( 0 );
if ( createLockFile() < 0 )
- exit( 1 );
+ _exit( 1 );
dropPrivileges();
installSignalHandler();
Index: drkonqi/main.cpp
===================================================================
--- drkonqi/main.cpp (revision 549512)
+++ drkonqi/main.cpp (working copy)
@@ -61,7 +61,8 @@ int main( int argc, char* argv[] )
{
// Drop privs.
setgid(getgid());
- setuid(getuid());
+ if (setuid(getuid()) < 0 && geteuid() != getuid())
+ exit (255);
// Make sure that DrKonqi doesn't start DrKonqi when it crashes :-]
setenv("KDE_DEBUG", "true", 1);
--- kdm/kfrontend/kgreeter.cpp (revision 549445)
+++ kdm/kfrontend/kgreeter.cpp (working copy)
@@ -251,7 +251,12 @@ KGreeter::insertUsers()
// XXX remove seteuid-voodoo when we run as nobody
if (!(ps = getpwnam( "nobody" )))
return;
- seteuid( ps->pw_uid );
+ if (setegid( ps->pw_gid ))
+ return;
+ if (seteuid( ps->pw_uid )) {
+ setegid(0);
+ return;
+ }
QImage default_pix;
if (userView) {
@@ -318,6 +323,7 @@ KGreeter::insertUsers()
// XXX remove seteuid-voodoo when we run as nobody
seteuid( 0 );
+ setegid( 0 );
}
void
Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/devel/kdebase.spec,v
retrieving revision 1.191
retrieving revision 1.192
diff -u -r1.191 -r1.192
--- kdebase.spec 15 Jun 2006 14:24:49 -0000 1.191
+++ kdebase.spec 26 Jun 2006 17:53:13 -0000 1.192
@@ -15,12 +15,10 @@
%define arts 1
-%define disable_gcc_check_and_hidden_visibility 1
-
Summary: K Desktop Environment - core files
Name: kdebase
Version: 3.5.3
-Release: 6
+Release: 7
Epoch: 6
Url: http://www.kde.org
Group: User Interface/Desktops
@@ -62,6 +60,7 @@
Patch101: kdebase-3.5.3-kicker-panel.patch
Patch102: kdebase-3.5.3-kscreensaver.patch
Patch103: kdebase-3.5.3-kxkb-kcmlayout.patch
+Patch104: kdebase-3.5.3.diff
# Security fixes
# Patch 300, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
@@ -100,6 +99,7 @@
BuildRequires: autoconf
BuildRequires: pkgconfig
BuildRequires: doxygen
+BuildRequires: cdparanoia
BuildRequires: cdparanoia-devel
BuildRequires: dbus-devel >= 0.60
BuildRequires: hal-devel >= 0.5
@@ -176,6 +176,7 @@
%patch101 -p1 -b .kicker-panel
%patch102 -p1 -b .kscreensaver
%patch103 -p1 -b .kxkb-kcmlayout
+%patch104 -p0 -b .setuid-check
# security fixes
%patch300 -p0 -b .CVE-2006-2449
@@ -208,9 +209,7 @@
--with-kdm-pam=kdm \
--with-kcp-pam=kcheckpass \
--with-kss-pam=kscreensaver \
-%if %{disable_gcc_check_and_hidden_visibility}
--disable-gcc-hidden-visibility \
-%endif
--with-xinerama \
--without-shadow \
--disable-shadow \
@@ -386,19 +385,19 @@
%post
/sbin/ldconfig
-touch --no-create %{_datadir}/icons/crystalsvg || :
+touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
if [ -x %{_bindir}/gtk-update-icon-cache ]; then
- %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg || :
+ %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg 2> /dev/null || :
fi
-%{_bindir}/update-desktop-database > /dev/null 2>&1 || :
+%{_bindir}/update-desktop-database 2> /dev/null || :
%postun
/sbin/ldconfig
touch --no-create %{_datadir}/icons/crystalsvg || :
if [ -x %{_bindir}/gtk-update-icon-cache ]; then
- %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg || :
+ %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg 2> /dev/null || :
fi
-%{_bindir}/update-desktop-database > /dev/null 2>&1 || :
+%{_bindir}/update-desktop-database 2> /dev/null || :
%files
%defattr(-,root,root)
@@ -549,6 +548,9 @@
%exclude %{_libdir}/libkdeinit_*
%changelog
+* Mon Jun 26 2006 Than Ngo <than at redhat.com> 6:3.5.3-7
+- apply patch to check return value
+
* Wed Jun 14 2006 Than Ngo <than at redhat.com> 6:3.5.3-6
- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
thanks to KDE security team
More information about the fedora-cvs-commits
mailing list