Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
* Thu Dec 10 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-71 - Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
This commit is contained in:
parent
cdf75c236b
commit
e28f8c1fc2
|
@ -0,0 +1,38 @@
|
|||
diff -ur kdelibs-3.5.10/kinit/lnusertemp.c kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c
|
||||
--- kdelibs-3.5.10/kinit/lnusertemp.c 2007-05-14 09:52:34.000000000 +0200
|
||||
+++ kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c 2015-12-10 10:04:02.934321515 +0100
|
||||
@@ -178,7 +178,11 @@
|
||||
if (result == 0) return 0; /* Success */
|
||||
unlink(kde_tmp_dir);
|
||||
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
||||
+#if 0
|
||||
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
||||
+#else
|
||||
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
||||
+#endif
|
||||
return create_link(kde_tmp_dir, user_tmp_dir);
|
||||
}
|
||||
if ((result == -1) || (!S_ISLNK(stat_buf.st_mode)))
|
||||
@@ -204,14 +208,22 @@
|
||||
if (result == 0) return 0; /* Success */
|
||||
unlink(kde_tmp_dir);
|
||||
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
||||
+#if 0
|
||||
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
||||
+#else
|
||||
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
||||
+#endif
|
||||
return create_link(kde_tmp_dir, user_tmp_dir);
|
||||
}
|
||||
result = check_tmp_dir(tmp_buf);
|
||||
if (result == 0) return 0; /* Success */
|
||||
unlink(kde_tmp_dir);
|
||||
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
||||
+#if 0
|
||||
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
||||
+#else
|
||||
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
||||
+#endif
|
||||
return create_link(kde_tmp_dir, user_tmp_dir);
|
||||
}
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
Summary: KDE 3 Libraries
|
||||
Name: kdelibs3
|
||||
Version: 3.5.10
|
||||
Release: 70%{?dist}
|
||||
Release: 71%{?dist}
|
||||
|
||||
License: LGPLv2
|
||||
Url: http://www.kde.org/
|
||||
|
@ -108,6 +108,11 @@ Patch207: libltdl-CVE-2009-3736.patch
|
|||
Patch208: kdelibs-3.5.x-CVE-2011-3365.patch
|
||||
# CVE-2013-2074, prints passwords contained in HTTP URLs in error messages
|
||||
Patch209: kdelibs-3.5.10-CVE-2013-2074.patch
|
||||
# CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
|
||||
# backport upstream fix (the lnusertemp.c change) from kdelibs 4:
|
||||
# http://commits.kde.org/kdelibs/cc5515ed7ce8884c9b18169158ba29ab2f7a3db7
|
||||
# upstream fix by Joseph Wenninger, rediffed for kdelibs 3.5.10 by Kevin Kofler
|
||||
Patch210: kdelibs-3.5.10-CVE-2015-7543.patch
|
||||
|
||||
## fixes to common KDE 3 autotools machinery
|
||||
# tweak autoconfigury so that it builds with autoconf 2.64 or 2.65
|
||||
|
@ -271,6 +276,7 @@ format for easy browsing
|
|||
%patch207 -p1 -b .CVE-2009-3736
|
||||
%patch208 -p1 -b .CVE-2011-3365
|
||||
%patch209 -p1 -b .CVE-2013-2074
|
||||
%patch210 -p1 -b .CVE-2015-7543
|
||||
|
||||
%patch300 -p1 -b .acinclude
|
||||
%patch301 -p1 -b .automake-version
|
||||
|
@ -592,6 +598,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Dec 10 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-71
|
||||
- Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-70
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue