rpms/kdebase/FC-5 post-3.5.0-kdebase-kdm.diff, NONE, 1.1 kdebase.spec, 1.170, 1.171
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jun 14 22:32:42 UTC 2006
Author: than
Update of /cvs/dist/rpms/kdebase/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv16665
Modified Files:
kdebase.spec
Added Files:
post-3.5.0-kdebase-kdm.diff
Log Message:
- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
thanks to KDE security team
post-3.5.0-kdebase-kdm.diff:
client.c | 10 ----------
1 files changed, 10 deletions(-)
--- NEW FILE post-3.5.0-kdebase-kdm.diff ---
Index: kdm/backend/client.c
===================================================================
--- kdm/backend/client.c (revision 547560)
+++ kdm/backend/client.c (working copy)
@@ -1537,16 +1542,6 @@ ReadDmrc()
if (!StrApp( &fname, p->pw_dir, "/.dmrc", (char *)0 ))
return GE_Error;
- if ((curdmrc = iniLoad( fname ))) {
- free( fname );
- return GE_Ok;
- }
-
- if (errno != EACCES) {
- free( fname );
- return GE_NoFile;
- }
-
if (pipe( pfd ))
return GE_Error;
if ((pid = Fork()) < 0) {
Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/FC-5/kdebase.spec,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- kdebase.spec 8 Jun 2006 18:10:33 -0000 1.170
+++ kdebase.spec 14 Jun 2006 22:32:40 -0000 1.171
@@ -20,7 +20,7 @@
Summary: K Desktop Environment - core files
Name: kdebase
Version: 3.5.3
-Release: 0.1.fc5
+Release: 0.2.fc5
Epoch: 6
Url: http://www.kde.org
Group: User Interface/Desktops
@@ -56,6 +56,10 @@
Patch17: kdebase-3.3.1-pam_krb5-bz#191049.patch
Patch18: kdebase-3.5.2-kconf_update-klipper.patch
+# security fixes
+# Patch 100, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
+Patch100: post-3.3.0-kdebase-kdm.diff
+
Requires: kdelibs >= %{kdelibs_epoch}:%{version}
Requires: libxml2 >= 2.6.5
Requires: /etc/X11/xdm/Xaccess
@@ -90,9 +94,7 @@
BuildPrereq: pam-devel
BuildPrereq: gettext
BuildPrereq: perl
-BuildPrereq: automake
BuildPrereq: openssl-devel
-BuildPrereq: pkgconfig
BuildPrereq: imake
BuildPrereq: dbus-devel >= 0.60
BuildPrereq: hal-devel >= 0.5
@@ -107,6 +109,7 @@
BuildPrereq: pkgconfig
BuildPrereq: autoconf
BuildPrereq: automake
+BuildPrereq: libtool
%description
Core applications for the K Desktop Environment. Included are: kdm
@@ -151,6 +154,9 @@
%patch17 -p1 -b .pam_krb5-bz#191049
%patch18 -p1 -b .klipper
+# security fixes
+%patch100 -p0 -b .CVE-2006-2449
+
%if %{rhel}
rm -rf kdeprint/kdeprintfax
perl -pi -e "s,kdeprintfax,," kdeprint/Makefile.am
@@ -521,6 +527,10 @@
%changelog
+* Wed Jun 14 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.2.fc5
+- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
+ thanks to KDE security team
+
* Thu Jun 08 2006 Than Ngo <than at redhat.com> 6:3.5.3-0.1.fc5
- update to 3.5.3
More information about the fedora-cvs-commits
mailing list