rpms/slim/F-12 slim-1.3.1-fix-debian-secfix.patch, NONE, 1.1 slim.spec, 1.19, 1.20

Tue Feb 2 21:08:13 UTC 2010

Author: arbiter

Update of /cvs/pkgs/rpms/slim/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv2995

Modified Files:
	slim.spec 
Added Files:
	slim-1.3.1-fix-debian-secfix.patch 
Log Message:
* Tue Feb 02 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-10
- Fix bz#552491
- Patch to fix Debian patch (patch n. 7)


slim-1.3.1-fix-debian-secfix.patch:
 app.cpp        |    4 ++--
 switchuser.cpp |    6 ++----
 util.cpp       |   21 ---------------------
 3 files changed, 4 insertions(+), 27 deletions(-)

--- NEW FILE slim-1.3.1-fix-debian-secfix.patch ---
Index: slim-1.3.1/switchuser.cpp
===================================================================
--- slim-1.3.1.orig/switchuser.cpp
+++ slim-1.3.1/switchuser.cpp
@@ -54,10 +54,8 @@ void SwitchUser::Execute(const char* cmd
 }
 
 void SwitchUser::SetClientAuth(const char* mcookie) {
-    bool r;
     string home = string(Pw->pw_dir);
     string authfile = home + "/.Xauthority";
-    remove(authfile.c_str());
-    r = Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
-      authfile);
+    string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie;
+    system(cmd.c_str());
 }
Index: slim-1.3.1/app.cpp
===================================================================
--- slim-1.3.1.orig/app.cpp
+++ slim-1.3.1/app.cpp
@@ -1190,8 +1190,8 @@ void App::CreateServerAuth() {
     authfile = cfg->getOption("authfile");
     remove(authfile.c_str());
     putenv(StrConcat("XAUTHORITY=", authfile.c_str()));
-    Util::add_mcookie(mcookie, ":0", cfg->getOption("xauth_path"),
-      authfile);
+    string cmd = cfg->getOption("xauth_path") + " -q -f " + authfile + " add :0 . " + mcookie;
+    system(cmd.c_str());
 }
 
 char* App::StrConcat(const char* str1, const char* str2) {
Index: slim-1.3.1/util.cpp
===================================================================
--- slim-1.3.1.orig/util.cpp
+++ slim-1.3.1/util.cpp
@@ -17,27 +17,6 @@
 #include "util.h"
 
 /*
- * Adds the given cookie to the specified Xauthority file.
- * Returns true on success, false on fault.
- */
-bool Util::add_mcookie(const std::string &mcookie, const char *display,
-    const std::string &xauth_cmd, const std::string &authfile)
-{
-	FILE *fp;
-	std::string cmd = xauth_cmd + " -f " + authfile + " -q";
-
-	fp = popen(cmd.c_str(), "w");
-	if (!fp)
-		return false;
-	fprintf(fp, "remove %s\n", display);
-	fprintf(fp, "add %s %s %s\n", display, ".", mcookie.c_str());
-	fprintf(fp, "exit\n");
-
-	pclose(fp);
-	return true;
-}
-
-/*
  * Interface for random number generator.  Just now it uses ordinary
  * random/srandom routines and serves as a wrapper for them.
  */


Index: slim.spec
===================================================================
RCS file: /cvs/pkgs/rpms/slim/F-12/slim.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -p -r1.19 -r1.20
--- slim.spec	22 Dec 2009 00:09:37 -0000	1.19
+++ slim.spec	2 Feb 2010 21:08:13 -0000	1.20
@@ -1,6 +1,6 @@
 Name:           slim
 Version:        1.3.1
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        Simple Login Manager
 
 Group:          User Interface/X
@@ -27,6 +27,8 @@ Patch7: slim-1.3.1-CVE-2009-1756.patch
 # This one is from Debian, too
 Patch8: slim-1.3.1-fix-insecure-mcookie-generation.patch
 Patch9: slim-1.3.1-gcc44.patch
+# Fix weirdness introduced in patch 7
+Patch10: slim-1.3.1-fix-debian-secfix.patch
 
 BuildRequires:  libXmu-devel libXft-devel libXrender-devel
 BuildRequires:  libpng-devel libjpeg-devel freetype-devel fontconfig-devel
@@ -64,6 +66,7 @@ before launching slim.
 %patch7 -p1 -b .CVE-2009-1756
 %patch8 -p1 -b .mcookie
 %patch9 -p1 -b .gcc44again
+%patch10 -p1 -b .fixdebpatch
 cp -p %{SOURCE3} README.Fedora
 
 %build
@@ -115,6 +118,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Tue Feb 02 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-10
+- Fix bz#552491
+- Patch to fix Debian patch (patch n. 7)
+
 * Tue Dec 22 2009 Lorenzo Villani <lvillani at binaryhelix.net> - 1.3.1-9
 - Fix CVE-2009-1756 (bugzilla: 544024)
 - Fix MIT insecure cookie generation (patch from Debian)

