[kde-workspace/f19] 4.10.5-3
Rex Dieter
rdieter at fedoraproject.org
Thu Jul 11 15:47:31 UTC 2013
commit b7903f428b81f2daf1d2eb1d84109ba074707e6a
Author: Rex Dieter <rdieter at math.unl.edu>
Date: Thu Jul 11 10:47:24 2013 -0500
4.10.5-3
- backport systray icons memleak fix (kde #314919)
- backport potential kcheckpass security issue
...ass-Check-for-NULL-return-from-crypt-3-an.patch | 103 ++++++++++++++++++++
...leak-when-the-tray-icon-changes-e.g.-when.patch | 60 +++++++++++
kde-workspace.spec | 10 ++-
3 files changed, 172 insertions(+), 1 deletions(-)
---
diff --git a/0001-kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.patch b/0001-kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.patch
new file mode 100644
index 0000000..1b6a432
--- /dev/null
+++ b/0001-kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.patch
@@ -0,0 +1,103 @@
+From 45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7 Mon Sep 17 00:00:00 2001
+From: Michael Pyne <mpyne at kde.org>
+Date: Sat, 29 Jun 2013 16:13:20 -0400
+Subject: [PATCH 1/6] kdm, kcheckpass: Check for NULL return from crypt(3) and
+ friends.
+
+Potential issue noted and fixed by Mancha <mancha1 at hush.com>.
+
+Patch reviewed by myself and ossi. Backported to 4.10 by myself.
+
+REVIEW:111261
+FIXED-IN:4.10.5
+---
+ kcheckpass/checkpass_etcpasswd.c | 3 ++-
+ kcheckpass/checkpass_osfc2passwd.c | 3 ++-
+ kcheckpass/checkpass_shadow.c | 2 +-
+ kdm/backend/client.c | 7 +++++--
+ 4 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/kcheckpass/checkpass_etcpasswd.c b/kcheckpass/checkpass_etcpasswd.c
+index 1dbe06f..e261b7c 100644
+--- a/kcheckpass/checkpass_etcpasswd.c
++++ b/kcheckpass/checkpass_etcpasswd.c
+@@ -35,6 +35,7 @@ AuthReturn Authenticate(const char *method,
+ {
+ struct passwd *pw;
+ char *passwd;
++ char *crpt_passwd;
+
+ if (strcmp(method, "classic"))
+ return AuthError;
+@@ -49,7 +50,7 @@ AuthReturn Authenticate(const char *method,
+ if (!(passwd = conv(ConvGetHidden, 0)))
+ return AuthAbort;
+
+- if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {
++ if ((crpt_passwd = crypt(passwd, pw->pw_passwd)) && !strcmp(pw->pw_passwd, crpt_passwd)) {
+ dispose(passwd);
+ return AuthOk; /* Success */
+ }
+diff --git a/kcheckpass/checkpass_osfc2passwd.c b/kcheckpass/checkpass_osfc2passwd.c
+index 9a074f9..d181233 100644
+--- a/kcheckpass/checkpass_osfc2passwd.c
++++ b/kcheckpass/checkpass_osfc2passwd.c
+@@ -38,6 +38,7 @@ AuthReturn Authenticate(const char *method,
+ const char *login, char *(*conv) (ConvRequest, const char *))
+ {
+ char *passwd;
++ char *crpt_passwd;
+ char c2passwd[256];
+
+ if (strcmp(method, "classic"))
+@@ -52,7 +53,7 @@ AuthReturn Authenticate(const char *method,
+ if (!(passwd = conv(ConvGetHidden, 0)))
+ return AuthAbort;
+
+- if (!strcmp(c2passwd, osf1c2crypt(passwd, c2passwd))) {
++ if ((crpt_passwd = osf1c2crypt(passwd, c2passwd)) && !strcmp(c2passwd, crpt_passwd)) {
+ dispose(passwd);
+ return AuthOk; /* Success */
+ }
+diff --git a/kcheckpass/checkpass_shadow.c b/kcheckpass/checkpass_shadow.c
+index ec3a4e0..c0f6913 100644
+--- a/kcheckpass/checkpass_shadow.c
++++ b/kcheckpass/checkpass_shadow.c
+@@ -69,7 +69,7 @@ AuthReturn Authenticate(const char *method,
+ crpt_passwd = crypt(typed_in_password, password);
+ #endif
+
+- if (!strcmp(password, crpt_passwd )) {
++ if (crpt_passwd && !strcmp(password, crpt_passwd )) {
+ dispose(typed_in_password);
+ return AuthOk; /* Success */
+ }
+diff --git a/kdm/backend/client.c b/kdm/backend/client.c
+index bdff6da..26bb0b4 100644
+--- a/kdm/backend/client.c
++++ b/kdm/backend/client.c
+@@ -540,6 +540,9 @@ verify(GConvFunc gconv, int rootok)
+ # if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
+ int tim, expir, warntime, quietlog;
+ # endif
++# if !defined(ultrix) && !defined(__ultrix__) && (defined(HAVE_PW_ENCRYPT) || defined(HAVE_CRYPT))
++ char *crpt_passwd;
++# endif
+ #endif
+
+ debug("verify ...\n");
+@@ -752,9 +755,9 @@ verify(GConvFunc gconv, int rootok)
+ # if defined(ultrix) || defined(__ultrix__)
+ if (authenticate_user(p, curpass, 0) < 0)
+ # elif defined(HAVE_PW_ENCRYPT)
+- if (strcmp(pw_encrypt(curpass, p->pw_passwd), p->pw_passwd))
++ if (!(crpt_passwd = pw_encrypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
+ # elif defined(HAVE_CRYPT)
+- if (strcmp(crypt(curpass, p->pw_passwd), p->pw_passwd))
++ if (!(crpt_passwd = crypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
+ # else
+ if (strcmp(curpass, p->pw_passwd))
+ # endif
+--
+1.8.3.1
+
diff --git a/0006-Fix-pixmap-leak-when-the-tray-icon-changes-e.g.-when.patch b/0006-Fix-pixmap-leak-when-the-tray-icon-changes-e.g.-when.patch
new file mode 100644
index 0000000..0edd682
--- /dev/null
+++ b/0006-Fix-pixmap-leak-when-the-tray-icon-changes-e.g.-when.patch
@@ -0,0 +1,60 @@
+From 2c810db3e41d56ad7dd8ec3436f3cf3abcc31983 Mon Sep 17 00:00:00 2001
+From: Andreas Hartmetz <ahartmetz at gmail.com>
+Date: Tue, 2 Jul 2013 18:35:35 +0200
+Subject: [PATCH 6/6] Fix pixmap leak when the tray icon changes (e.g. when
+ it's animated).
+
+This could easily leak 4KB/second of X pixmap memory.
+All the actual difference comes from the QPixmap::ExplicitlyShared
+argument, the rest is making some wonky-looking but working code look
+less wonky.
+
+BUG: 314919
+(cherry picked from commit ec8e405ca447ba5bc5a9f6a2a12e2fa90412a0d4)
+---
+ .../systemtray/protocols/fdo/x11embedcontainer.cpp | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/plasma/generic/applets/systemtray/protocols/fdo/x11embedcontainer.cpp b/plasma/generic/applets/systemtray/protocols/fdo/x11embedcontainer.cpp
+index 1826512..a5bc826 100644
+--- a/plasma/generic/applets/systemtray/protocols/fdo/x11embedcontainer.cpp
++++ b/plasma/generic/applets/systemtray/protocols/fdo/x11embedcontainer.cpp
+@@ -194,8 +194,7 @@ void X11EmbedContainer::paintEvent(QPaintEvent *event)
+
+ // Taking a detour via a QPixmap is unfortunately the only way we can get
+ // the window contents into Qt's backing store.
+- QPixmap pixmap(size());
+- pixmap = toX11Pixmap(pixmap);
++ QPixmap pixmap = toX11Pixmap(QPixmap(size()));
+ pixmap.fill(Qt::transparent);
+ XRenderComposite(x11Info().display(), PictOpSrc, d->picture, None, pixmap.x11PictureHandle(),
+ 0, 0, 0, 0, 0, 0, width(), height());
+@@ -232,16 +231,18 @@ void X11EmbedContainer::setBackgroundPixmap(QPixmap background)
+ // NOTE: The alpha-channel is not preserved if it exists, but for X pixmaps it generally should not be needed anyway.
+ QPixmap X11EmbedContainer::toX11Pixmap(const QPixmap& pix)
+ {
+- if(pix.handle() != 0) // X11 pixmap
++ if (pix.handle() != 0) // X11 pixmap
+ return pix;
++ QPixmap ret;
+ Pixmap xpix = XCreatePixmap(pix.x11Info().display(), RootWindow(pix.x11Info().display(), pix.x11Info().screen()),
+ pix.width(), pix.height(), QX11Info::appDepth());
+- QPixmap wrk = QPixmap::fromX11Pixmap(xpix);
+- QPainter paint(&wrk);
+- paint.drawPixmap(0, 0, pix);
+- paint.end();
+- QPixmap ret = wrk.copy();
+- wrk = QPixmap(); // reset, so that xpix can be freed (QPixmap does not own it)
++ {
++ QPixmap wrk = QPixmap::fromX11Pixmap(xpix, QPixmap::ExplicitlyShared);
++ QPainter paint(&wrk);
++ paint.drawPixmap(0, 0, pix);
++ paint.end();
++ ret = wrk.copy();
++ } // free resources so that xpix can be freed (QPixmap does not own it)
+ XFreePixmap(pix.x11Info().display(), xpix);
+ return ret;
+ }
+--
+1.8.3.1
+
diff --git a/kde-workspace.spec b/kde-workspace.spec
index 3d0d3eb..c315ca6 100644
--- a/kde-workspace.spec
+++ b/kde-workspace.spec
@@ -17,7 +17,7 @@
Summary: KDE Workspace
Name: kde-workspace
Version: 4.10.5
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
URL: https://projects.kde.org/projects/kde/kde-workspace
@@ -120,6 +120,8 @@ Patch62: kde-workspace-4.10.2-systemd-displaymanager.patch
## upstream patches
Patch100: kde-workspace-4.11-bz#921781-check-max-viewport-size.patch
Patch101: kde-workspace-4.10-bz#921742.patch
+Patch102: 0001-kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.patch
+Patch103: 0006-Fix-pixmap-leak-when-the-tray-icon-changes-e.g.-when.patch
## plasma active patches
@@ -473,6 +475,8 @@ Requires: akonadi
# upstream patches
%patch100 -p1 -b .bug921781
%patch101 -p1 -b .bug921742
+%patch102 -p1 -b .kcheckpass
+%patch103 -p1 -b .systray_icons_memleak
# Fedora patches
%if 0%{?fedora} && 0%{?rhel} > 6
@@ -1025,6 +1029,10 @@ fi
%changelog
+* Thu Jul 11 2013 Rex Dieter <rdieter at fedoraproject.org> - 4.10.5-3
+- backport systray icons memleak fix (kde #314919)
+- backport potential kcheckpass security issue
+
* Tue Jul 02 2013 Than Ngo <than at redhat.com> - 4.10.5-2
- drop the rejected KMix memory leak workaround
More information about the scm-commits
mailing list