rpms/kdebase/FC-4 post-3.5.0-kdebase-kdm.diff, NONE, 1.1 kdebase.spec, 1.120, 1.121
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jun 14 22:21:47 UTC 2006
- Previous message (by thread): rpms/libgnome-java/devel .cvsignore, 1.12, 1.13 libgnome-java.spec, 1.33, 1.34 sources, 1.13, 1.14
- Next message (by thread): rpms/anaconda/devel .cvsignore, 1.277, 1.278 anaconda.spec, 1.401, 1.402 sources, 1.398, 1.399
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: than
Update of /cvs/dist/rpms/kdebase/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv13222
Modified Files:
kdebase.spec
Added Files:
post-3.5.0-kdebase-kdm.diff
Log Message:
- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
thanks to KDE security team
post-3.5.0-kdebase-kdm.diff:
client.c | 10 ----------
1 files changed, 10 deletions(-)
--- NEW FILE post-3.5.0-kdebase-kdm.diff ---
Index: kdm/backend/client.c
===================================================================
--- kdm/backend/client.c (revision 547560)
+++ kdm/backend/client.c (working copy)
@@ -1537,16 +1542,6 @@ ReadDmrc()
if (!StrApp( &fname, p->pw_dir, "/.dmrc", (char *)0 ))
return GE_Error;
- if ((curdmrc = iniLoad( fname ))) {
- free( fname );
- return GE_Ok;
- }
-
- if (errno != EACCES) {
- free( fname );
- return GE_NoFile;
- }
-
if (pipe( pfd ))
return GE_Error;
if ((pid = Fork()) < 0) {
Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/FC-4/kdebase.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- kdebase.spec 6 Jun 2006 19:44:10 -0000 1.120
+++ kdebase.spec 14 Jun 2006 22:21:44 -0000 1.121
@@ -21,7 +21,7 @@
Summary: K Desktop Environment - core files
Name: kdebase
Version: 3.5.3
-Release: 0.1.fc4
+Release: 0.2.fc4
Epoch: 6
Url: http://www.kde.org
Group: User Interface/Desktops
@@ -56,6 +56,10 @@
Patch16: kdebase-3.3.1-pam_krb5-bz#191049.patch
Patch17: kdebase-3.5.2-kconf_update-klipper.patch
+# security fixes
+# Patch 100, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
+Patch100: post-3.3.0-kdebase-kdm.diff
+
Requires: kdelibs >= 6:%{version}
Requires: libxml2 >= 2.6.5
Requires: /etc/X11/xdm/Xaccess
@@ -139,6 +143,9 @@
%patch16 -p1 -b .pam_krb5-bz#191049
%patch17 -p1 -b .klipper
+# security fixes
+%patch100 -p0 -b .CVE-2006-2449
+
%if %{rhel}
rm -rf kdeprint/kdeprintfax
perl -pi -e "s,kdeprintfax,," kdeprint/Makefile.am
@@ -410,6 +417,10 @@
%{_includedir}/kde/ksplash/*
%changelog
+* Thu Jun 15 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.2.fc4
+- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
+ thanks to KDE security team
+
* Tue Jun 06 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.1.fc4
- update to 3.5.3
- Previous message (by thread): rpms/libgnome-java/devel .cvsignore, 1.12, 1.13 libgnome-java.spec, 1.33, 1.34 sources, 1.13, 1.14
- Next message (by thread): rpms/anaconda/devel .cvsignore, 1.277, 1.278 anaconda.spec, 1.401, 1.402 sources, 1.398, 1.399
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list