rpms/kdebase/devel post-3.5.0-kdebase-kdm.diff, NONE, 1.1 kdebase.spec, 1.187, 1.188

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Jun 14 22:44:17 UTC 2006 

Author: than

Update of /cvs/dist/rpms/kdebase/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv19876

Modified Files:
	kdebase.spec 
Added Files:
	post-3.5.0-kdebase-kdm.diff 
Log Message:
-  apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
  thanks to KDE security team



post-3.5.0-kdebase-kdm.diff:
 client.c |   10 ----------
 1 files changed, 10 deletions(-)

--- NEW FILE post-3.5.0-kdebase-kdm.diff ---
Index: kdm/backend/client.c
===================================================================
--- kdm/backend/client.c	(revision 547560)
+++ kdm/backend/client.c	(working copy)
@@ -1537,16 +1542,6 @@ ReadDmrc()
 
 	if (!StrApp( &fname, p->pw_dir, "/.dmrc", (char *)0 ))
 		return GE_Error;
-	if ((curdmrc = iniLoad( fname ))) {
-		free( fname );
-		return GE_Ok;
-	}
-
-	if (errno != EACCES) {
-		free( fname );
-		return GE_NoFile;
-	}
-
 	if (pipe( pfd ))
 		return GE_Error;
 	if ((pid = Fork()) < 0) {


Index: kdebase.spec
===================================================================
RCS file: /cvs/dist/rpms/kdebase/devel/kdebase.spec,v
retrieving revision 1.187
retrieving revision 1.188
diff -u -r1.187 -r1.188
--- kdebase.spec	9 Jun 2006 23:19:58 -0000	1.187
+++ kdebase.spec	14 Jun 2006 22:44:14 -0000	1.188
@@ -20,7 +20,7 @@
 Summary: K Desktop Environment - core files
 Name: kdebase
 Version: 3.5.3
-Release: 5
+Release: 6
 Epoch: 6
 Url: http://www.kde.org
 Group: User Interface/Desktops
@@ -63,6 +63,10 @@
 Patch102: kdebase-3.5.3-kscreensaver.patch
 Patch103: kdebase-3.5.3-kxkb-kcmlayout.patch
 
+# Security fixes
+# Patch 300, KDE Security Advisory, CVE-2006-2449, kdm file disclosure
+Patch300: post-3.3.0-kdebase-kdm.diff
+
 Requires: kdelibs >= %{kdelibs_epoch}:%{version}
 Requires: libxml2 >= 2.6.5
 Requires: /etc/X11/xdm/Xaccess
@@ -84,11 +88,7 @@
 Requires: redhat-artwork >= 0.92
 %endif
 
-BuildPrereq: qt-devel >= %{qt_version}
 BuildPrereq: kdelibs-devel >= %{kde_version}
-%if %{arts}
-BuildPrereq: arts-devel >= %{arts_epoch}:%{arts_version}
-%endif
 BuildPrereq: libxml2-devel >= 2.6.5
 BuildPrereq: openmotif-devel
 BuildPrereq: cdparanoia-libs
@@ -96,10 +96,6 @@
 BuildPrereq: samba >= 2.2.3a-5
 BuildPrereq: pam-devel
 BuildPrereq: gettext
-BuildPrereq: perl
-BuildPrereq: automake
-BuildPrereq: openssl-devel
-BuildPrereq: pkgconfig
 BuildPrereq: imake
 BuildPrereq: dbus-devel >= 0.60
 BuildPrereq: hal-devel >= 0.5
@@ -161,6 +157,10 @@
 %patch102 -p1 -b .kscreensaver
 %patch103 -p1 -b .kxkb-kcmlayout
 
+# security fixes
+%patch300 -p0 -b .CVE-2006-2449
+
+
 %if %{rhel}
    rm -rf kdeprint/kdeprintfax
    perl -pi -e "s,kdeprintfax,," kdeprint/Makefile.am
@@ -386,6 +386,7 @@
 
 %files
 %defattr(-,root,root)
+%doc AUTHORS COPYING README
 %doc %{_docdir}/HTML/en/*
 %config(noreplace) /etc/ksysguarddrc
 /etc/kde
@@ -532,6 +533,10 @@
 %exclude %{_libdir}/libkdeinit_*
 
 %changelog
+* Wed Jun 14 2006 Than Ngo <than at redhat.com> 6:3.5.3-6 
+- apply patch to to fix #194659, CVE-2006-2449 KDM symlink attack vulnerability
+  thanks to KDE security team
+
 * Sat Jun 10 2006 Than Ngo <than at redhat.com> 6:3.5.3-5
 - add several upstream patches

More information about the fedora-cvs-commits mailing list