rpms/kdebase/FC-5 post-3.5.0-kdebase-kdm.diff, NONE, 1.1 kdebase.spec, 1.170, 1.171

[fedora-cvs-commits at redhat.com]

Author: than

Update of /cvs/dist/rpms/kdebase/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv16665

Modified Files:
	kdebase.spec 
Added Files:
	post-3.5.0-kdebase-kdm.diff 
Log Message:
- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
  thanks to KDE security team


post-3.5.0-kdebase-kdm.diff:
 client.c |   10 ----------
 1 files changed, 10 deletions(-)

--- NEW FILE post-3.5.0-kdebase-kdm.diff ---
Index: kdm/backend/client.c
===================================================================
--- kdm/backend/client.c	(revision 547560)
+++ kdm/backend/client.c	(working copy)
@@ -1537,16 +1542,6 @@ ReadDmrc()
 
 	if (!StrApp( &fname, p->pw_dir, "/.dmrc", (char *)0 ))
 		return GE_Error;
-	if ((curdmrc = iniLoad( fname ))) {
-		free( fname );
-		return GE_Ok;
-	}
-
-	if (errno != EACCES) {
-		free( fname );
-		return GE_NoFile;
-	}
-
 	if (pipe( pfd ))
 		return GE_Error;
 	if ((pid = Fork()) < 0) {


Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/FC-5/kdebase.spec,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- kdebase.spec	8 Jun 2006 18:10:33 -0000	1.170
+++ kdebase.spec	14 Jun 2006 22:32:40 -0000	1.171
@@ -20,7 +20,7 @@
 Summary: K Desktop Environment - core files
 Name: kdebase
 Version: 3.5.3
-Release: 0.1.fc5
+Release: 0.2.fc5
 Epoch: 6
 Url: http://www.kde.org
 Group: User Interface/Desktops
@@ -56,6 +56,10 @@
 Patch17: kdebase-3.3.1-pam_krb5-bz#191049.patch
 Patch18: kdebase-3.5.2-kconf_update-klipper.patch
 
+# security fixes
+# Patch 100, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
+Patch100: post-3.3.0-kdebase-kdm.diff
+
 Requires: kdelibs >= %{kdelibs_epoch}:%{version}
 Requires: libxml2 >= 2.6.5
 Requires: /etc/X11/xdm/Xaccess
@@ -90,9 +94,7 @@
 BuildPrereq: pam-devel
 BuildPrereq: gettext
 BuildPrereq: perl
-BuildPrereq: automake
 BuildPrereq: openssl-devel
-BuildPrereq: pkgconfig
 BuildPrereq: imake
 BuildPrereq: dbus-devel >= 0.60
 BuildPrereq: hal-devel >= 0.5
@@ -107,6 +109,7 @@
 BuildPrereq: pkgconfig
 BuildPrereq: autoconf
 BuildPrereq: automake
+BuildPrereq: libtool
 
 %description
 Core applications for the K Desktop Environment.  Included are: kdm
@@ -151,6 +154,9 @@
 %patch17 -p1 -b .pam_krb5-bz#191049
 %patch18 -p1 -b .klipper
 
+# security fixes
+%patch100 -p0 -b .CVE-2006-2449
+
 %if %{rhel}
    rm -rf kdeprint/kdeprintfax
    perl -pi -e "s,kdeprintfax,," kdeprint/Makefile.am
@@ -521,6 +527,10 @@
 
 
 %changelog
+* Wed Jun 14 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.2.fc5 
+- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
+  thanks to KDE security team
+
 * Thu Jun 08 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.1.fc5
 - update to 3.5.3