rpms/kdebase/devel kdebase-3.5.3.diff, NONE, 1.1 kdebase.spec, 1.191, 1.192

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Jun 26 17:53:15 UTC 2006 

Author: than

Update of /cvs/dist/rpms/kdebase/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9067

Modified Files:
	kdebase.spec 
Added Files:
	kdebase-3.5.3.diff 
Log Message:
apply patch to check return value


kdebase-3.5.3.diff:
 drkonqi/main.cpp                  |   11 +++++++++--
 ksysguard/ksysguardd/ksysguardd.c |   14 +++++++++-----
 2 files changed, 18 insertions(+), 7 deletions(-)

--- NEW FILE kdebase-3.5.3.diff ---
Index: ksysguard/ksysguardd/ksysguardd.c
===================================================================
--- ksysguard/ksysguardd/ksysguardd.c	(revision 549512)
+++ ksysguard/ksysguardd/ksysguardd.c	(working copy)
@@ -207,15 +207,19 @@ static void dropPrivileges( void )
 {
   struct passwd *pwd;
 
-  if ( ( pwd = getpwnam( "nobody" ) ) != NULL )
-    setuid( pwd->pw_uid );
-	else {
+  if ( ( pwd = getpwnam( "nobody" ) ) != NULL ) {
+    if ( !setgid(pwd->pw_gid) )
+      setuid(pwd->pw_uid);
+    if (!geteuid() && getuid() != pwd->pw_uid)
+      _exit(1);
+  }
+  else {
     log_error( "User 'nobody' does not exist." );
     /**
       We exit here to avoid becoming vulnerable just because
       user nobody does not exist.
      */
-    exit( 1 );
+    _exit(1);
   }
 }
 
@@ -231,7 +235,7 @@ void makeDaemon( void )
       chdir( "/" );
       umask( 0 );
       if ( createLockFile() < 0 )
-        exit( 1 );
+        _exit( 1 );
 
       dropPrivileges();
       installSignalHandler();
Index: drkonqi/main.cpp
===================================================================
--- drkonqi/main.cpp	(revision 549512)
+++ drkonqi/main.cpp	(working copy)
@@ -61,7 +61,8 @@ int main( int argc, char* argv[] )
 {
   // Drop privs.
   setgid(getgid());
-  setuid(getuid());
+  if (setuid(getuid()) < 0 && geteuid() != getuid())
+     exit (255);
 
   // Make sure that DrKonqi doesn't start DrKonqi when it crashes :-]
   setenv("KDE_DEBUG", "true", 1);
--- kdm/kfrontend/kgreeter.cpp	(revision 549445)
+++ kdm/kfrontend/kgreeter.cpp	(working copy)
@@ -251,7 +251,12 @@ KGreeter::insertUsers()
 	// XXX remove seteuid-voodoo when we run as nobody
 	if (!(ps = getpwnam( "nobody" )))
 		return;
-	seteuid( ps->pw_uid );
+        if (setegid( ps->pw_gid )) 
+                return;
+        if (seteuid( ps->pw_uid )) {
+                setegid(0);
+                return;
+        }
 
 	QImage default_pix;
 	if (userView) {
@@ -318,6 +323,7 @@ KGreeter::insertUsers()
 
 	// XXX remove seteuid-voodoo when we run as nobody
 	seteuid( 0 );
+        setegid( 0 );
 }
 
 void


Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/devel/kdebase.spec,v
retrieving revision 1.191
retrieving revision 1.192
diff -u -r1.191 -r1.192
--- kdebase.spec	15 Jun 2006 14:24:49 -0000	1.191
+++ kdebase.spec	26 Jun 2006 17:53:13 -0000	1.192
@@ -15,12 +15,10 @@
 
 %define arts 1
 
-%define disable_gcc_check_and_hidden_visibility 1
-
 Summary: K Desktop Environment - core files
 Name: kdebase
 Version: 3.5.3
-Release: 6
+Release: 7
 Epoch: 6
 Url: http://www.kde.org
 Group: User Interface/Desktops
@@ -62,6 +60,7 @@
 Patch101: kdebase-3.5.3-kicker-panel.patch
 Patch102: kdebase-3.5.3-kscreensaver.patch
 Patch103: kdebase-3.5.3-kxkb-kcmlayout.patch
+Patch104: kdebase-3.5.3.diff
 
 # Security fixes
 # Patch 300, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
@@ -100,6 +99,7 @@
 BuildRequires: autoconf
 BuildRequires: pkgconfig
 BuildRequires: doxygen
+BuildRequires: cdparanoia
 BuildRequires: cdparanoia-devel
 BuildRequires: dbus-devel >= 0.60
 BuildRequires: hal-devel >= 0.5
@@ -176,6 +176,7 @@
 %patch101 -p1 -b .kicker-panel
 %patch102 -p1 -b .kscreensaver
 %patch103 -p1 -b .kxkb-kcmlayout
+%patch104 -p0 -b .setuid-check
 
 # security fixes
 %patch300 -p0 -b .CVE-2006-2449
@@ -208,9 +209,7 @@
    --with-kdm-pam=kdm \
    --with-kcp-pam=kcheckpass \
    --with-kss-pam=kscreensaver \
-%if %{disable_gcc_check_and_hidden_visibility}
    --disable-gcc-hidden-visibility \
-%endif
    --with-xinerama \
    --without-shadow \
    --disable-shadow \
@@ -386,19 +385,19 @@
 
 %post
 /sbin/ldconfig
-touch --no-create %{_datadir}/icons/crystalsvg || :
+touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
 if [ -x %{_bindir}/gtk-update-icon-cache ]; then
-   %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg || :
+   %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg  2> /dev/null || :
 fi
-%{_bindir}/update-desktop-database > /dev/null 2>&1 || : 
+%{_bindir}/update-desktop-database 2> /dev/null || : 
 
 %postun
 /sbin/ldconfig 
 touch --no-create %{_datadir}/icons/crystalsvg || :
 if [ -x %{_bindir}/gtk-update-icon-cache ]; then
-   %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg || :
+   %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/crystalsvg  2> /dev/null || :
 fi
-%{_bindir}/update-desktop-database > /dev/null 2>&1 || : 
+%{_bindir}/update-desktop-database 2> /dev/null || : 
 
 %files
 %defattr(-,root,root)
@@ -549,6 +548,9 @@
 %exclude %{_libdir}/libkdeinit_*
 
 %changelog
+* Mon Jun 26 2006 Than Ngo <than at redhat.com> 6:3.5.3-7
+- apply patch to check return value
+
 * Wed Jun 14 2006 Than Ngo <than at redhat.com> 6:3.5.3-6 
 - apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
   thanks to KDE security team

More information about the fedora-cvs-commits mailing list