rpms/kdebase-workspace/F-12 kdebase-workspace-4.3.5-CVE-2010-0436.diff, NONE, 1.1 kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch, NONE, 1.1 kdebase-workspace.spec, 1.335, 1.336
Rex Dieter
rdieter at fedoraproject.org
Tue Apr 13 18:55:40 UTC 2010
- Previous message: rpms/kdebase-workspace/F-13 kdebase-workspace-4.3.5-CVE-2010-0436.diff, NONE, 1.1 kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch, NONE, 1.1 kdebase-workspace.spec, 1.380, 1.381
- Next message: rpms/kdebase-workspace/F-11 kdebase-workspace-4.3.5-CVE-2010-0436.diff, NONE, 1.1 kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch, NONE, 1.1 kdebase-workspace.spec, 1.270, 1.271
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rdieter
Update of /cvs/pkgs/rpms/kdebase-workspace/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv5657
Modified Files:
kdebase-workspace.spec
Added Files:
kdebase-workspace-4.3.5-CVE-2010-0436.diff
kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch
Log Message:
* Tue Apr 13 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.4.2-5
- powerdevil only autosuspends once/twice (kde#221648)
- CVE-2010-0436
kdebase-workspace-4.3.5-CVE-2010-0436.diff:
ConfigureChecks.cmake | 29 ++++++++++++++++++
backend/ctrl.c | 79 ++++++++++++++++++++++++++++++++++++++++++++------
backend/dm.h | 3 +
config-kdm.h.cmake | 4 +-
4 files changed, 105 insertions(+), 10 deletions(-)
--- NEW FILE kdebase-workspace-4.3.5-CVE-2010-0436.diff ---
--- kdm/ConfigureChecks.cmake
+++ kdm/ConfigureChecks.cmake
@@ -37,6 +37,35 @@ int main()
}
" HAVE_SETLOGIN)
+check_c_source_runs("
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+int main()
+{
+ int fd, fd2;
+ struct sockaddr_un sa;
+
+ if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+ return 2;
+ sa.sun_family = AF_UNIX;
+ strcpy(sa.sun_path, \"testsock\");
+ unlink(sa.sun_path);
+ if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)))
+ return 2;
+ chmod(sa.sun_path, 0);
+ setuid(getuid() + 1000);
+ if ((fd2 = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+ return 2;
+ connect(fd2, (struct sockaddr *)&sa, sizeof(sa));
+ return errno != EACCES;
+}
+" HONORS_SOCKET_PERMS)
+
# for config-kdm.h
check_function_exists(seteuid HAVE_SETEUID)
--- kdm/backend/ctrl.c
+++ kdm/backend/ctrl.c
@@ -79,7 +79,25 @@ nukeSock( struct cmdsock *cs )
}
+#ifdef HONORS_SOCKET_PERMS
static CtrlRec ctrl = { 0, 0, -1, 0 };
+#else
+static CtrlRec ctrl = { 0, 0, 0, -1, 0 };
+
+static int mkTempDir( char *dir )
+{
+ int i, l = strlen( dir ) - 6;
+
+ for (i = 0; i < 100; i++) {
+ randomStr( dir + l );
+ if (!mkdir( dir, 0700 ))
+ return True;
+ if (errno != EEXIST)
+ break;
+ }
+ return False;
+}
+#endif
void
openCtrl( struct display *d )
@@ -113,22 +131,50 @@ openCtrl( struct display *d )
if (strlen( cr->path ) >= sizeof(sa.sun_path))
logError( "path %\"s too long; control socket will not be available\n",
cr->path );
- else if (mkdir( sockdir, 0755 ) && errno != EEXIST)
+#ifdef HONORS_SOCKET_PERMS
+ else if (mkdir( sockdir, 0700 ) && errno != EEXIST)
logError( "mkdir %\"s failed: %m; control socket will not be available\n",
sockdir );
+ else if (unlink( cr->path ) && errno != ENOENT)
+ logError( "unlink %\"s failed: %m; control socket will not be available\n",
+ cr->path );
else {
- if (!d)
- chown( sockdir, -1, fifoGroup );
+#else
+ else if (unlink( sockdir ) && errno != ENOENT)
+ logError( "unlink %\"s failed: %m; control socket will not be available\n",
+ sockdir );
+ else if (!strApp( &cr->realdir, sockdir, "-XXXXXX", (char *)0))
+ ;
+ else if (!mkTempDir( cr->realdir )) {
+ logError( "mkdir %\"s failed: %m; control socket will not be available\n",
+ cr->realdir );
+ free( cr->realdir );
+ cr->realdir = 0;
+ } else if (symlink( cr->realdir, sockdir )) {
+ logError( "symlink %\"s => %\"s failed: %m; control socket will not be available\n",
+ sockdir, cr->realdir );
+ rmdir( cr->realdir );
+ free( cr->realdir );
+ cr->realdir = 0;
+ } else {
+ chown( sockdir, 0, d ? 0 : fifoGroup );
chmod( sockdir, 0750 );
+#endif
if ((cr->fd = socket( PF_UNIX, SOCK_STREAM, 0 )) < 0)
logError( "Cannot create control socket: %m\n" );
else {
- unlink( cr->path );
sa.sun_family = AF_UNIX;
strcpy( sa.sun_path, cr->path );
if (!bind( cr->fd, (struct sockaddr *)&sa, sizeof(sa) )) {
if (!listen( cr->fd, 5 )) {
+#ifdef HONORS_SOCKET_PERMS
+ chmod( cr->path, 0660 );
+ if (!d)
+ chown( cr->path, -1, fifoGroup );
+ chmod( sockdir, 0755 );
+#else
chmod( cr->path, 0666 );
+#endif
registerCloseOnFork( cr->fd );
registerInput( cr->fd );
free( sockdir );
@@ -143,6 +189,14 @@ openCtrl( struct display *d )
close( cr->fd );
cr->fd = -1;
}
+#ifdef HONORS_SOCKET_PERMS
+ rmdir( sockdir );
+#else
+ unlink( sockdir );
+ rmdir( cr->realdir );
+ free( cr->realdir );
+ cr->realdir = 0;
+#endif
}
free( cr->path );
cr->path = 0;
@@ -163,7 +217,14 @@ closeCtrl( struct display *d )
cr->fd = -1;
unlink( cr->path );
*strrchr( cr->path, '/' ) = 0;
+#ifdef HONORS_SOCKET_PERMS
rmdir( cr->path );
+#else
+ unlink( cr->path );
+ rmdir( cr->realdir );
+ free( cr->realdir );
+ cr->realdir = 0;
+#endif
free( cr->path );
cr->path = 0;
while (cr->css) {
@@ -177,12 +238,12 @@ closeCtrl( struct display *d )
void
chownCtrl( CtrlRec *cr, int uid )
{
- if (cr->path) {
- char *ptr = strrchr( cr->path, '/' );
- *ptr = 0;
+ if (cr->path)
+#ifdef HONORS_SOCKET_PERMS
chown( cr->path, uid, -1 );
- *ptr = '/';
- }
+#else
+ chown( cr->realdir, uid, -1 );
+#endif
}
void
--- kdm/backend/dm.h
+++ kdm/backend/dm.h
@@ -232,6 +232,9 @@ typedef struct {
struct cmdsock *css; /* open connections */
char *path; /* filename of the socket */
+#ifndef HONORS_SOCKET_PERMS
+ char *realdir; /* real dirname of the socket */
+#endif
int fd; /* fd of the socket */
int gid; /* owner group of the socket */
} CtrlRec;
--- kdm/config-kdm.h.cmake
+++ kdm/config-kdm.h.cmake
@@ -129,6 +129,9 @@
/* Define to 1 if the ck-connector library is found */
#cmakedefine HAVE_CKCONNECTOR 1
+/* Define to 1 if OS honors permission bits on socket inodes */
+#cmakedefine HONORS_SOCKET_PERMS 1
+
/* $PATH defaults set by KDM */
#cmakedefine KDM_DEF_USER_PATH "${KDM_DEF_USER_PATH}"
#cmakedefine KDM_DEF_SYSTEM_PATH "${KDM_DEF_SYSTEM_PATH}"
--
1.6.6.20.g9bfff
kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch:
PowerDevilDaemon.cpp | 2 ++
1 file changed, 2 insertions(+)
--- NEW FILE kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch ---
--- kdebase-workspace-4.4.2.orig/powerdevil/daemon/PowerDevilDaemon.cpp
+++ kdebase-workspace-4.4.2/powerdevil/daemon/PowerDevilDaemon.cpp
@@ -280,6 +280,8 @@
}
Solid::Control::PowerManager::setBrightness(d->brightness);
+
+ d->status = NoAction;
}
void PowerDevilDaemon::refreshStatus()
Index: kdebase-workspace.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kdebase-workspace/F-12/kdebase-workspace.spec,v
retrieving revision 1.335
retrieving revision 1.336
diff -u -p -r1.335 -r1.336
--- kdebase-workspace.spec 13 Apr 2010 15:27:31 -0000 1.335
+++ kdebase-workspace.spec 13 Apr 2010 18:55:40 -0000 1.336
@@ -16,7 +16,7 @@
Summary: KDE Workspace
Name: kdebase-workspace
Version: 4.4.2
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
Group: User Interface/Desktops
@@ -67,9 +67,14 @@ Patch50: kdebase-workspace-4.3.3-kde#171
Patch51: kdebase-workspace-4.3.95-brightness_keys.patch
# http://bugs.kde.org/221637
Patch52: kdebase-workspace-4.4.2-powerdevil_kdebug221637.patch
+# http://bugs.kde.org/221648
+Patch53: kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch
# 4.4 patches
Patch100: kdebase-workspace-4.4.2-qt47.patch
+# http://www.kde.org/info/security/advisory-20100413-1.txt
+# f12 tested to set HONORS_SOCKET_PERMS, so seems not affected by this
+Patch101: ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff
# 4.5 patches
@@ -332,8 +337,10 @@ Requires: akonadi
# kubuntu patches
%patch51 -p1 -b .brightness_keys
%patch52 -p1 -b .powerdevil_kdebug221637
+%patch53 -p1 -b .powerdevil_kdebug221648
# 4.4 patches
%patch100 -p1 -b .qt47
+%patch101 -p0 -b .CVE-2010-0436
%build
@@ -686,9 +693,13 @@ fi
%changelog
+* Tue Apr 13 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.4.2-5
+- powerdevil only autosuspends once/twice (kde#221648)
+- CVE-2010-0436
+
* Mon Apr 12 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.4.2-4
- another stab at f13 kdm/plymouth love (#577482)
-- powerdevil always suspends twice (#221637)
+- powerdevil always suspends twice (kde#221637)
* Wed Apr 07 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.4.2-3
- rip out bulletproof X changes (cf. kubuntu_33_kdm_bulletproof_x.diff) from
- Previous message: rpms/kdebase-workspace/F-13 kdebase-workspace-4.3.5-CVE-2010-0436.diff, NONE, 1.1 kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch, NONE, 1.1 kdebase-workspace.spec, 1.380, 1.381
- Next message: rpms/kdebase-workspace/F-11 kdebase-workspace-4.3.5-CVE-2010-0436.diff, NONE, 1.1 kdebase-workspace-4.4.2-powerdevil_kdebug221648.patch, NONE, 1.1 kdebase-workspace.spec, 1.270, 1.271
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list