rpms/slim/F-12 slim-1.3.1-CVE-2009-1756.patch, NONE, 1.1 slim-1.3.1-fix-insecure-mcookie-generation.patch, NONE, 1.1 slim-1.3.1-gcc44.patch, NONE, 1.1 slim.spec, 1.18, 1.19
Lorenzo Villani
arbiter at fedoraproject.org
Tue Dec 22 00:09:38 UTC 2009
- Previous message: rpms/slim/F-11 slim-1.3.1-CVE-2009-1756.patch, NONE, 1.1 slim-1.3.1-fix-insecure-mcookie-generation.patch, NONE, 1.1 slim-1.3.1-gcc44.patch, NONE, 1.1 slim.spec, 1.16, 1.17
- Next message: rpms/blitz/F-12 blitz.spec,1.10,1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: arbiter
Update of /cvs/pkgs/rpms/slim/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29643
Modified Files:
slim.spec
Added Files:
slim-1.3.1-CVE-2009-1756.patch
slim-1.3.1-fix-insecure-mcookie-generation.patch
slim-1.3.1-gcc44.patch
Log Message:
* Tue Dec 22 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-9
- Fix CVE-2009-1756 (bugzilla: 544024)
- Fix MIT insecure cookie generation (patch from Debian)
- Fix build with GCC 4.4
slim-1.3.1-CVE-2009-1756.patch:
Makefile | 5 +++--
Makefile.freebsd | 3 ++-
Makefile.netbsd | 3 ++-
Makefile.openbsd | 3 ++-
app.cpp | 5 +++--
switchuser.cpp | 7 ++++---
util.cpp | 32 ++++++++++++++++++++++++++++++++
util.h | 19 +++++++++++++++++++
8 files changed, 67 insertions(+), 10 deletions(-)
--- NEW FILE slim-1.3.1-CVE-2009-1756.patch ---
Index: slim-1.3.1/Makefile
===================================================================
--- slim-1.3.1.orig/Makefile
+++ slim-1.3.1/Makefile
@@ -8,7 +8,7 @@ CC=/usr/bin/gcc
OPTFLAGS=-O2 -g -Wall
CFLAGS=$(OPTFLAGS) -I. -I/usr/include/freetype2 -I/usr/include/freetype2/config -I/usr/include/libpng12 -I/usr/include
CXXFLAGS=$(CFLAGS)
-LDFLAGS=-lXft -lX11 -lfreetype -lXrender -lfontconfig -lpng12 -lz -lm -lcrypt -lXmu -lpng -ljpeg
+LDFLAGS=-lXft -lX11 -lfreetype -lXrender -lfontconfig -lpng12 -lz -lm -lcrypt -lXmu -lpng -ljpeg -lrt
CUSTOM=-DHAVE_SHADOW
ifdef USE_PAM
LDFLAGS+= -lpam
@@ -26,7 +26,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
ifdef USE_PAM
OBJECTS+=PAM.o
endif
Index: slim-1.3.1/Makefile.freebsd
===================================================================
--- slim-1.3.1.orig/Makefile.freebsd
+++ slim-1.3.1/Makefile.freebsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
Index: slim-1.3.1/Makefile.netbsd
===================================================================
--- slim-1.3.1.orig/Makefile.netbsd
+++ slim-1.3.1/Makefile.netbsd
@@ -24,7 +24,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ panel.o util.o
.ifdef USE_PAM
OBJECTS+=PAM.o
.endif
Index: slim-1.3.1/Makefile.openbsd
===================================================================
--- slim-1.3.1.orig/Makefile.openbsd
+++ slim-1.3.1/Makefile.openbsd
@@ -20,7 +20,8 @@ VERSION=1.3.1
DEFINES=-DPACKAGE=\"$(NAME)\" -DVERSION=\"$(VERSION)\" \
-DPKGDATADIR=\"$(PREFIX)/share/slim\" -DSYSCONFDIR=\"$(CFGDIR)\"
-OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o panel.o
+OBJECTS=jpeg.o png.o main.o image.o numlock.o cfg.o switchuser.o app.o \
+ util.o panel.o
.SUFFIXES: .c.o .cpp.o
Index: slim-1.3.1/app.cpp
===================================================================
--- slim-1.3.1.orig/app.cpp
+++ slim-1.3.1/app.cpp
@@ -24,6 +24,7 @@
#include <algorithm>
#include "app.h"
#include "numlock.h"
+#include "util.h"
#ifdef HAVE_SHADOW
@@ -1185,8 +1186,8 @@ void App::CreateServerAuth() {
authfile = cfg->getOption("authfile");
remove(authfile.c_str());
putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
- cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie;
- system(cmd.c_str());
+ Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
char* App::StrConcat(const char* str1, const char* str2) {
Index: slim-1.3.1/switchuser.cpp
===================================================================
--- slim-1.3.1.orig/switchuser.cpp
+++ slim-1.3.1/switchuser.cpp
@@ -10,6 +10,7 @@
*/
#include "switchuser.h"
+#include "util.h"
using namespace std;
@@ -53,10 +54,10 @@ void SwitchUser::Execute(const char* cmd
}
void SwitchUser::SetClientAuth(const char* mcookie) {
- int r;
+ bool r;
string home = string(Pw->pw_dir);
string authfile = home + "/.Xauthority";
remove(authfile.c_str());
- string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie;
- r = system(cmd.c_str());
+ r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
+ authfile);
}
Index: slim-1.3.1/util.cpp
===================================================================
--- /dev/null
+++ slim-1.3.1/util.cpp
@@ -0,0 +1,32 @@
+/* SLiM - Simple Login Manager
+ Copyright (C) 2009 Eygene Ryabinkin <rea at codelabs.ru>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+*/
+
+#include <stdio.h>
+#include "util.h"
+
+/*
+ * Adds the given cookie to the specified Xauthority file.
+ * Returns true on success, false on fault.
+ */
+bool Util::add_mcookie(const std::string &mcookie, const char *display,
+ const std::string &xauth_cmd, const std::string &authfile)
+{
+ FILE *fp;
+ std::string cmd = xauth_cmd + " -f " + authfile + " -q";
+
+ fp = popen(cmd.c_str(), "w");
+ if (!fp)
+ return false;
+ fprintf(fp, "remove %s\n", display);
+ fprintf(fp, "add %s %s %s\n", display, ".", mcookie.c_str());
+ fprintf(fp, "exit\n");
+
+ pclose(fp);
+ return true;
+}
Index: slim-1.3.1/util.h
===================================================================
--- /dev/null
+++ slim-1.3.1/util.h
@@ -0,0 +1,19 @@
+/* SLiM - Simple Login Manager
+ Copyright (C) 2009 Eygene Ryabinkin <rea at codelabs.ru>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+*/
+#ifndef __UTIL_H__
+#define __UTIL_H__
+
+#include <string>
+
+namespace Util {
+ bool add_mcookie(const std::string &mcookie, const char *display,
+ const std::string &xauth_cmd, const std::string &authfile);
+};
+
+#endif /* __UTIL_H__ */
slim-1.3.1-fix-insecure-mcookie-generation.patch:
app.cpp | 51 +++++++++++++++++++++++++++------------------------
app.h | 2 ++
util.cpp | 37 +++++++++++++++++++++++++++++++++++++
util.h | 9 +++++++--
4 files changed, 73 insertions(+), 26 deletions(-)
--- NEW FILE slim-1.3.1-fix-insecure-mcookie-generation.patch ---
Index: slim-1.3.1/app.cpp
===================================================================
--- slim-1.3.1.orig/app.cpp
+++ slim-1.3.1/app.cpp
@@ -129,15 +129,18 @@ void User1Signal(int sig) {
#ifdef USE_PAM
-App::App(int argc, char** argv):
- pam(conv, static_cast<void*>(&LoginPanel)){
+App::App(int argc, char** argv)
+ : pam(conv, static_cast<void*>(&LoginPanel)),
#else
-App::App(int argc, char** argv){
+App::App(int argc, char** argv)
+ :
#endif
+ mcookiesize(32)// Must be divisible by 4
+{
int tmp;
ServerPID = -1;
testing = false;
- mcookie = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+ mcookie = string(App::mcookiesize, 'a');
daemonmode = false;
force_nodaemon = false;
firstlogin = true;
@@ -1128,13 +1131,13 @@ string App::findValidRandomTheme(const s
name = name.substr(0, name.length() - 1);
}
- srandom(getpid()+time(NULL));
+ Util::srandom(Util::makeseed());
vector<string> themes;
string themefile;
Cfg::split(themes, name, ',');
do {
- int sel = random() % themes.size();
+ int sel = Util::random() % themes.size();
name = Cfg::Trim(themes[sel]);
themefile = string(THEMESDIR) +"/" + name + THEMESFILE;
@@ -1161,27 +1164,27 @@ void App::replaceVariables(string& input
}
+/*
+ * We rely on the fact that all bits generated by Util::random()
+ * are usable, so we are taking full words from its output.
+ */
void App::CreateServerAuth() {
/* create mit cookie */
- int i, r;
- int hexcount = 0;
- string authfile;
- string cmd;
+ uint16_t word;
+ uint8_t hi, lo;
+ int i;
+ string authfile;
const char *digits = "0123456789abcdef";
- srand( time(NULL) );
- for ( i = 0; i < 31; i++ ) {
- r = rand()%16;
- mcookie[i] = digits[r];
- if (r>9)
- hexcount++;
- }
- /* MIT-COOKIE: even occurrences of digits and hex digits */
- if ((hexcount%2) == 0) {
- r = rand()%10;
- } else {
- r = rand()%5+10;
- }
- mcookie[31] = digits[r];
+ Util::srandom(Util::makeseed());
+ for (i = 0; i < App::mcookiesize; i+=4) {
+ word = Util::random() & 0xffff;
+ lo = word & 0xff;
+ hi = word >> 8;
+ mcookie[i] = digits[lo & 0x0f];
+ mcookie[i+1] = digits[lo >> 4];
+ mcookie[i+2] = digits[hi & 0x0f];
+ mcookie[i+3] = digits[hi >> 4];
+ }
/* reinitialize auth file */
authfile = cfg->getOption("authfile");
remove(authfile.c_str());
Index: slim-1.3.1/app.h
===================================================================
--- slim-1.3.1.orig/app.h
+++ slim-1.3.1/app.h
@@ -101,6 +101,8 @@ private:
std::string themeName;
std::string mcookie;
+
+ const int mcookiesize;
};
Index: slim-1.3.1/util.cpp
===================================================================
--- slim-1.3.1.orig/util.cpp
+++ slim-1.3.1/util.cpp
@@ -7,7 +7,13 @@
(at your option) any later version.
*/
+#include <sys/types.h>
+
#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <unistd.h>
+
#include "util.h"
/*
@@ -30,3 +36,34 @@ bool Util::add_mcookie(const std::string
pclose(fp);
return true;
}
+
+/*
+ * Interface for random number generator. Just now it uses ordinary
+ * random/srandom routines and serves as a wrapper for them.
+ */
+void Util::srandom(unsigned long seed)
+{
+::srandom(seed);
+}
+
+long Util::random(void)
+{
+return ::random();
+}
+
+/*
+ * Makes seed for the srandom() using "random" values obtained from
+ * getpid(), time(NULL) and others.
+ */
+long Util::makeseed(void)
+{
+struct timespec ts;
+long pid = getpid();
+long tm = time(NULL);
+
+if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
+ts.tv_sec = ts.tv_nsec = 0;
+}
+
+return pid + tm + (ts.tv_sec ^ ts.tv_nsec);
+}
Index: slim-1.3.1/util.h
===================================================================
--- slim-1.3.1.orig/util.h
+++ slim-1.3.1/util.h
@@ -12,8 +12,13 @@
#include <string>
namespace Util {
- bool add_mcookie(const std::string &mcookie, const char *display,
- const std::string &xauth_cmd, const std::string &authfile);
+ bool add_mcookie(const std::string &mcookie, const char *display,
+ const std::string &xauth_cmd, const std::string &authfile);
+
+ void srandom(unsigned long seed);
+ long random(void);
+
+ long makeseed(void);
};
#endif /* __UTIL_H__ */
slim-1.3.1-gcc44.patch:
app.cpp | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE slim-1.3.1-gcc44.patch ---
Index: slim-1.3.1/app.cpp
===================================================================
--- slim-1.3.1.orig/app.cpp
+++ slim-1.3.1/app.cpp
@@ -12,6 +12,7 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <stdint.h>
#include <unistd.h>
#include <fcntl.h>
#include <cstring>
Index: slim.spec
===================================================================
RCS file: /cvs/pkgs/rpms/slim/F-12/slim.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -p -r1.18 -r1.19
--- slim.spec 10 Oct 2009 13:08:12 -0000 1.18
+++ slim.spec 22 Dec 2009 00:09:37 -0000 1.19
@@ -1,6 +1,6 @@
Name: slim
Version: 1.3.1
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: Simple Login Manager
Group: User Interface/X
@@ -15,13 +15,18 @@ Source3: slim-fedora.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# TODO: Post these patches to upstream BTS
-Patch0: slim-1.3.1-make.patch
-Patch1: slim-1.3.1-usexwd.patch
-Patch2: slim-1.3.1-fedora.patch
-Patch3: slim-1.3.1-strtol.patch
-Patch4: slim-1.3.1-remove.patch
-Patch5: slim-1.3.1-curdir.patch
-Patch6: slim-1.3.1-selinux.patch
+Patch0: slim-1.3.1-make.patch
+Patch1: slim-1.3.1-usexwd.patch
+Patch2: slim-1.3.1-fedora.patch
+Patch3: slim-1.3.1-strtol.patch
+Patch4: slim-1.3.1-remove.patch
+Patch5: slim-1.3.1-curdir.patch
+Patch6: slim-1.3.1-selinux.patch
+# This is from Debian, I just added -lrt to LDFLAGS
+Patch7: slim-1.3.1-CVE-2009-1756.patch
+# This one is from Debian, too
+Patch8: slim-1.3.1-fix-insecure-mcookie-generation.patch
+Patch9: slim-1.3.1-gcc44.patch
BuildRequires: libXmu-devel libXft-devel libXrender-devel
BuildRequires: libpng-devel libjpeg-devel freetype-devel fontconfig-devel
@@ -43,7 +48,7 @@ desktop environments.
SLiM is based on latest stable release of Login.app by Per Lidén.
In the distribution, slim may be called through a wrapper, slim-dynwm,
-which determines the available window managers using the freedesktop
+which determines the available window managers using the freedesktop
information and modifies the slim configuration file accordingly,
before launching slim.
@@ -56,6 +61,9 @@ before launching slim.
%patch4 -p1 -b .gcc44
%patch5 -p1 -b .curdir
%patch6 -p1 -b .selinux
+%patch7 -p1 -b .CVE-2009-1756
+%patch8 -p1 -b .mcookie
+%patch9 -p1 -b .gcc44again
cp -p %{SOURCE3} README.Fedora
%build
@@ -107,6 +115,11 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Tue Dec 22 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-9
+- Fix CVE-2009-1756 (bugzilla: 544024)
+- Fix MIT insecure cookie generation (patch from Debian)
+- Fix build with GCC 4.4
+
* Sat Oct 10 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-8
- Fix BZ #518068
- Previous message: rpms/slim/F-11 slim-1.3.1-CVE-2009-1756.patch, NONE, 1.1 slim-1.3.1-fix-insecure-mcookie-generation.patch, NONE, 1.1 slim-1.3.1-gcc44.patch, NONE, 1.1 slim.spec, 1.16, 1.17
- Next message: rpms/blitz/F-12 blitz.spec,1.10,1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list