rev 7236 - in trunk/packages/kdebase/debian: . patches
Sune Vuorela
pusling-guest at alioth.debian.org
Wed Sep 19 18:31:01 UTC 2007
Author: pusling-guest
Date: 2007-09-19 18:31:00 +0000 (Wed, 19 Sep 2007)
New Revision: 7236
Added:
trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff
Modified:
trunk/packages/kdebase/debian/changelog
Log:
CVE-2007-4569 - kdm issues
Modified: trunk/packages/kdebase/debian/changelog
===================================================================
--- trunk/packages/kdebase/debian/changelog 2007-09-17 23:51:07 UTC (rev 7235)
+++ trunk/packages/kdebase/debian/changelog 2007-09-19 18:31:00 UTC (rev 7236)
@@ -1,3 +1,10 @@
+kdebase (4:3.5.7-4) unstable; urgency=low
+
+ * Add patch to fix unauthorized login problem in kdm.
+ CVE-2007-4569.
+
+ -- Sune Vuorela <debian at pusling.com> Wed, 19 Sep 2007 20:30:01 +0200
+
kdebase (4:3.5.7-3) unstable; urgency=low
+++ Changes by Ana Beatriz Guerrero Lopez:
Added: trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff
===================================================================
--- trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff (rev 0)
+++ trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff 2007-09-19 18:31:00 UTC (rev 7236)
@@ -0,0 +1,63 @@
+--- kdm/backend/session.c
++++ kdm/bakcend/session.c
+@@ -121,8 +121,9 @@
+ static void
+ DoAutoLogon( void )
+ {
+- StrDup( &curuser, td->autoUser );
+- StrDup( &curpass, td->autoPass );
++ ReStr( &curuser, td->autoUser );
++ ReStr( &curpass, td->autoPass );
++ ReStr( &curtype, "classic" );
+ cursource = PWSRC_AUTOLOGIN;
+ }
+
+@@ -141,7 +142,9 @@
+ td->hstent->npass = 0;
+ newdmrc = td->hstent->nargs;
+ td->hstent->nargs = 0;
++ ReStr( &curtype, "classic" );
+ cursource = (td->hstent->rLogin == 1) ? PWSRC_RELOGIN : PWSRC_MANUAL;
++ return 1;
+ } else if (*td->autoUser && !td->autoDelay && (tdiff > 0 || td->autoAgain))
+ {
+ unsigned int lmask;
+@@ -153,11 +156,9 @@
+ if (lmask & ShiftMask)
+ return 0;
+ DoAutoLogon();
+- } else {
+- cursource = PWSRC_MANUAL;
+- return 0;
++ return 1;
+ }
+- return 1;
++ return 0;
+ }
+
+
+@@ -369,6 +370,7 @@
+ if (curtype) free( curtype );
+ curtype = GRecvStr();
+ Debug( " type %\"s\n", curtype );
++ cursource = PWSRC_MANUAL;
+ if (Verify( conv_interact, rootok )) {
+ Debug( " -> return success\n" );
+ GSendInt( V_OK );
+@@ -378,7 +380,6 @@
+ case G_AutoLogin:
+ Debug( "G_AutoLogin\n" );
+ DoAutoLogon();
+- StrDup( &curtype, "classic" );
+ if (Verify( conv_auto, FALSE )) {
+ Debug( " -> return success\n" );
+ GSendInt( V_OK );
+@@ -565,7 +566,7 @@
+ tdiff = td->autoAgain ?
+ 1 : time( 0 ) - td->hstent->lastExit - td->openDelay;
+ if (AutoLogon( tdiff )) {
+- if (!StrDup( &curtype, "classic" ) || !Verify( conv_auto, FALSE ))
++ if (!Verify( conv_auto, FALSE ))
+ goto gcont;
+ if (greeter)
+ GSendInt( V_OK );
More information about the pkg-kde-commits
mailing list