rpms/kdebase/FC-4 post-3.5.0-kdebase-kdm.diff, NONE, 1.1 kdebase.spec, 1.120, 1.121

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Jun 14 22:21:47 UTC 2006


Author: than

Update of /cvs/dist/rpms/kdebase/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv13222

Modified Files:
	kdebase.spec 
Added Files:
	post-3.5.0-kdebase-kdm.diff 
Log Message:
- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
  thanks to KDE security team


post-3.5.0-kdebase-kdm.diff:
 client.c |   10 ----------
 1 files changed, 10 deletions(-)

--- NEW FILE post-3.5.0-kdebase-kdm.diff ---
Index: kdm/backend/client.c
===================================================================
--- kdm/backend/client.c	(revision 547560)
+++ kdm/backend/client.c	(working copy)
@@ -1537,16 +1542,6 @@ ReadDmrc()
 
 	if (!StrApp( &fname, p->pw_dir, "/.dmrc", (char *)0 ))
 		return GE_Error;
-	if ((curdmrc = iniLoad( fname ))) {
-		free( fname );
-		return GE_Ok;
-	}
-
-	if (errno != EACCES) {
-		free( fname );
-		return GE_NoFile;
-	}
-
 	if (pipe( pfd ))
 		return GE_Error;
 	if ((pid = Fork()) < 0) {


Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/FC-4/kdebase.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- kdebase.spec	6 Jun 2006 19:44:10 -0000	1.120
+++ kdebase.spec	14 Jun 2006 22:21:44 -0000	1.121
@@ -21,7 +21,7 @@
 Summary: K Desktop Environment - core files
 Name: kdebase
 Version: 3.5.3
-Release: 0.1.fc4
+Release: 0.2.fc4
 Epoch: 6
 Url: http://www.kde.org
 Group: User Interface/Desktops
@@ -56,6 +56,10 @@
 Patch16: kdebase-3.3.1-pam_krb5-bz#191049.patch
 Patch17: kdebase-3.5.2-kconf_update-klipper.patch
 
+# security fixes
+# Patch 100, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
+Patch100: post-3.3.0-kdebase-kdm.diff
+
 Requires: kdelibs >= 6:%{version}
 Requires: libxml2 >= 2.6.5
 Requires: /etc/X11/xdm/Xaccess
@@ -139,6 +143,9 @@
 %patch16 -p1 -b .pam_krb5-bz#191049
 %patch17 -p1 -b .klipper
 
+# security fixes
+%patch100 -p0 -b .CVE-2006-2449
+
 %if %{rhel}
    rm -rf kdeprint/kdeprintfax
    perl -pi -e "s,kdeprintfax,," kdeprint/Makefile.am
@@ -410,6 +417,10 @@
 %{_includedir}/kde/ksplash/*
 
 %changelog
+* Thu Jun 15 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.2.fc4
+- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
+  thanks to KDE security team
+
 * Tue Jun 06 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.1.fc4
 - update to 3.5.3
 




More information about the fedora-cvs-commits mailing list