rpms/kdebase/devel post-3.5.7-kdebase-kdm.diff, NONE, 1.1 post-3.5.7-kdebase-konqueror-2.diff, NONE, 1.1 kdebase.spec, 1.266, 1.267 post-3.5.7-kdebase-konqueror.diff, 1.1, NONE

Than Ngo (than) fedora-extras-commits at redhat.com
Tue Oct 2 14:06:19 UTC 2007 

Author: than

Update of /cvs/extras/rpms/kdebase/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26717

Modified Files:
	kdebase.spec 
Added Files:
	post-3.5.7-kdebase-kdm.diff 
	post-3.5.7-kdebase-konqueror-2.diff 
Removed Files:
	post-3.5.7-kdebase-konqueror.diff 
Log Message:
- rh#299731, CVE-2007-4569



post-3.5.7-kdebase-kdm.diff:

--- NEW FILE post-3.5.7-kdebase-kdm.diff ---
--- kdm/backend/session.c
+++ kdm/bakcend/session.c
@@ -121,8 +121,9 @@
 static void
 DoAutoLogon( void )
 {
-	StrDup( &curuser, td->autoUser );
-	StrDup( &curpass, td->autoPass );
+	ReStr( &curuser, td->autoUser );
+	ReStr( &curpass, td->autoPass );
+	ReStr( &curtype, "classic" );
 	cursource = PWSRC_AUTOLOGIN;
 }
 
@@ -141,7 +142,9 @@
 		td->hstent->npass = 0;
 		newdmrc = td->hstent->nargs;
 		td->hstent->nargs = 0;
+		ReStr( &curtype, "classic" );
 		cursource = (td->hstent->rLogin == 1) ? PWSRC_RELOGIN : PWSRC_MANUAL;
+		return 1;
 	} else if (*td->autoUser && !td->autoDelay && (tdiff > 0 || td->autoAgain))
 	{
 		unsigned int lmask;
@@ -153,11 +156,9 @@
 		if (lmask & ShiftMask)
 			return 0;
 		DoAutoLogon();
-	} else {
-		cursource = PWSRC_MANUAL;
-		return 0;
+		return 1;
 	}
-	return 1;
+	return 0;
 }
 
 
@@ -369,6 +370,7 @@
 			if (curtype) free( curtype );
 			curtype = GRecvStr();
 			Debug( " type %\"s\n", curtype );
+			cursource = PWSRC_MANUAL;
 			if (Verify( conv_interact, rootok )) {
 				Debug( " -> return success\n" );
 				GSendInt( V_OK );
@@ -378,7 +380,6 @@
 		case G_AutoLogin:
 			Debug( "G_AutoLogin\n" );
 			DoAutoLogon();
-			StrDup( &curtype, "classic" );
 			if (Verify( conv_auto, FALSE )) {
 				Debug( " -> return success\n" );
 				GSendInt( V_OK );
@@ -565,7 +566,7 @@
 	tdiff = td->autoAgain ? 
 	           1 : time( 0 ) - td->hstent->lastExit - td->openDelay;
 	if (AutoLogon( tdiff )) {
-		if (!StrDup( &curtype, "classic" ) || !Verify( conv_auto, FALSE ))
+		if (!Verify( conv_auto, FALSE ))
 			goto gcont;
 		if (greeter)
 			GSendInt( V_OK );

post-3.5.7-kdebase-konqueror-2.diff:

--- NEW FILE post-3.5.7-kdebase-konqueror-2.diff ---
--- konqueror/konq_combo.cc
+++ konqueror/konq_combo.cc
@@ -158,6 +158,9 @@ void KonqCombo::setURL( const QString& u
         kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
                                   "addToCombo(QString,QCString)", data);
     }
+    // important security consideration: always display the beginning
+    // of the url rather than its end to prevent spoofing attempts.
+    lineEdit()->setCursorPosition( 0 );
 }
 
 void KonqCombo::setTemporary( const QString& text )
--- konqueror/konq_mainwindow.cc
+++ konqueror/konq_mainwindow.cc
@@ -611,12 +611,11 @@ void KonqMainWindow::openURL( KonqView *
   }
   else // no known serviceType, use KonqRun
   {
-      if ( ( view && view == m_currentView ) ||
-              ( !view && !req.newTab ) ) // startup with argument
+      if ( ( !view || view->url().isEmpty() ) && !req.newTab ) // startup with argument
       {
           // Show it for now in the location bar, but we'll need to store it in the view
           // later on (can't do it yet since either view == 0 or updateHistoryEntry will be called).
-          kdDebug(1202) << "setLocationBarURL : url = " << url << endl;
+          kdDebug(1202) << "setLocationBarURL (startup) : url = " << url << endl;
           setLocationBarURL( url );
       }
 
@@ -819,8 +818,6 @@ bool KonqMainWindow::openView( QString s
         if ( childView )
         {
             enableAllActions( true );
-
-            m_pViewManager->setActivePart( childView->part() );
             m_currentView = childView;
         }
       }
--- konqueror/konq_viewmgr.cc
+++ konqueror/konq_viewmgr.cc
@@ -1395,6 +1395,8 @@ void KonqViewManager::slotActivePartChan
 
 void KonqViewManager::emitActivePartChanged()
 {
+    // prevent unnecessary multiple calls to slotPartActivated:
+    m_activePartChangedTimer->stop();
     m_pMainWindow->slotPartActivated( activePart() );
 }
 


Index: kdebase.spec
===================================================================
RCS file: /cvs/extras/rpms/kdebase/devel/kdebase.spec,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -r1.266 -r1.267
--- kdebase.spec	27 Sep 2007 11:52:42 -0000	1.266
+++ kdebase.spec	2 Oct 2007 14:05:45 -0000	1.267
@@ -18,7 +18,7 @@
 Name:    kdebase
 Epoch:   6
 Version: 3.5.7
-Release: 15%{?dist}
+Release: 16%{?dist}
 
 # programs: GPLv2, libs: LGPLv2
 # a lot(most/all?) of files are +, but we'll be conservative, for now. -- Rex
@@ -76,9 +76,11 @@
 # alternative to patch29, requires qt-copy 0078-argb-visual-hack.patch
 Patch200: kdebase-3.5.7-kde#83974.patch
 
-# security patches
-# http://www.kde.org/info/security/advisory-20070815-1.txt
-Patch502: ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.7-kdebase-konqueror.diff
+# security fixes
+# CVE-2007-4224, CVE-2007-4225, CVE-2007-3820, Konqueror address bar spoofing
+Patch500: post-3.5.7-kdebase-konqueror-2.diff
+# CVE-2007-4569, kdm password-less login vulnerability
+Patch501: post-3.5.7-kdebase-kdm.diff
 
 Provides: kdebase3 = %{version}-%{release}
 
@@ -237,7 +239,9 @@
 ## alternative to patch29, requires qt-copy 0078-argb-visual-hack.patch
 #patch200 -p4 -b .kde#83974
 
-%patch502 -p0 -b .advisory-20070815-1
+# security fixes
+%patch500 -p0 -b .CVE-2007-4224-CVE-2007-4225-CVE-2007-3820
+%patch501 -p0 -b .CVE-2007-4569
 
 %if %redhatify
    cp %{SOURCE1} konsole
@@ -646,6 +650,9 @@
 
 
 %changelog
+* Tue Oct 02 2007 Than Ngo <than at redhat.com> - 6:3.5.7-16
+- rh#299731, CVE-2007-4569
+
 * Thu Sep 27 2007 Than Ngo <than at redhat.com> - 6:3.5.7-15
 - rh#301841, "Root Shell" sessions will not close
 


--- post-3.5.7-kdebase-konqueror.diff DELETED ---

More information about the fedora-extras-commits mailing list