Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
* Thu Dec 10 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-71 - Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
This commit is contained in:
parent
cdf75c236b
commit
e28f8c1fc2
38
kdelibs-3.5.10-CVE-2015-7543.patch
Normal file
38
kdelibs-3.5.10-CVE-2015-7543.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
diff -ur kdelibs-3.5.10/kinit/lnusertemp.c kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c
|
||||||
|
--- kdelibs-3.5.10/kinit/lnusertemp.c 2007-05-14 09:52:34.000000000 +0200
|
||||||
|
+++ kdelibs-3.5.10-CVE-2015-7543/kinit/lnusertemp.c 2015-12-10 10:04:02.934321515 +0100
|
||||||
|
@@ -178,7 +178,11 @@
|
||||||
|
if (result == 0) return 0; /* Success */
|
||||||
|
unlink(kde_tmp_dir);
|
||||||
|
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
||||||
|
+#if 0
|
||||||
|
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
||||||
|
+#else
|
||||||
|
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
||||||
|
+#endif
|
||||||
|
return create_link(kde_tmp_dir, user_tmp_dir);
|
||||||
|
}
|
||||||
|
if ((result == -1) || (!S_ISLNK(stat_buf.st_mode)))
|
||||||
|
@@ -204,14 +208,22 @@
|
||||||
|
if (result == 0) return 0; /* Success */
|
||||||
|
unlink(kde_tmp_dir);
|
||||||
|
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
||||||
|
+#if 0
|
||||||
|
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
||||||
|
+#else
|
||||||
|
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
||||||
|
+#endif
|
||||||
|
return create_link(kde_tmp_dir, user_tmp_dir);
|
||||||
|
}
|
||||||
|
result = check_tmp_dir(tmp_buf);
|
||||||
|
if (result == 0) return 0; /* Success */
|
||||||
|
unlink(kde_tmp_dir);
|
||||||
|
strncat(user_tmp_dir, "XXXXXX", PATH_MAX - strlen(user_tmp_dir));
|
||||||
|
+#if 0
|
||||||
|
mktemp(user_tmp_dir); /* We want a directory, not a file, so using mkstemp makes no sense and is wrong */
|
||||||
|
+#else
|
||||||
|
+ if (mkdtemp(user_tmp_dir)==0) return 1; /*JOWENN: isn't that the better solution ?? */
|
||||||
|
+#endif
|
||||||
|
return create_link(kde_tmp_dir, user_tmp_dir);
|
||||||
|
}
|
||||||
|
|
@ -18,7 +18,7 @@
|
|||||||
Summary: KDE 3 Libraries
|
Summary: KDE 3 Libraries
|
||||||
Name: kdelibs3
|
Name: kdelibs3
|
||||||
Version: 3.5.10
|
Version: 3.5.10
|
||||||
Release: 70%{?dist}
|
Release: 71%{?dist}
|
||||||
|
|
||||||
License: LGPLv2
|
License: LGPLv2
|
||||||
Url: http://www.kde.org/
|
Url: http://www.kde.org/
|
||||||
@ -108,6 +108,11 @@ Patch207: libltdl-CVE-2009-3736.patch
|
|||||||
Patch208: kdelibs-3.5.x-CVE-2011-3365.patch
|
Patch208: kdelibs-3.5.x-CVE-2011-3365.patch
|
||||||
# CVE-2013-2074, prints passwords contained in HTTP URLs in error messages
|
# CVE-2013-2074, prints passwords contained in HTTP URLs in error messages
|
||||||
Patch209: kdelibs-3.5.10-CVE-2013-2074.patch
|
Patch209: kdelibs-3.5.10-CVE-2013-2074.patch
|
||||||
|
# CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC
|
||||||
|
# backport upstream fix (the lnusertemp.c change) from kdelibs 4:
|
||||||
|
# http://commits.kde.org/kdelibs/cc5515ed7ce8884c9b18169158ba29ab2f7a3db7
|
||||||
|
# upstream fix by Joseph Wenninger, rediffed for kdelibs 3.5.10 by Kevin Kofler
|
||||||
|
Patch210: kdelibs-3.5.10-CVE-2015-7543.patch
|
||||||
|
|
||||||
## fixes to common KDE 3 autotools machinery
|
## fixes to common KDE 3 autotools machinery
|
||||||
# tweak autoconfigury so that it builds with autoconf 2.64 or 2.65
|
# tweak autoconfigury so that it builds with autoconf 2.64 or 2.65
|
||||||
@ -271,6 +276,7 @@ format for easy browsing
|
|||||||
%patch207 -p1 -b .CVE-2009-3736
|
%patch207 -p1 -b .CVE-2009-3736
|
||||||
%patch208 -p1 -b .CVE-2011-3365
|
%patch208 -p1 -b .CVE-2011-3365
|
||||||
%patch209 -p1 -b .CVE-2013-2074
|
%patch209 -p1 -b .CVE-2013-2074
|
||||||
|
%patch210 -p1 -b .CVE-2015-7543
|
||||||
|
|
||||||
%patch300 -p1 -b .acinclude
|
%patch300 -p1 -b .acinclude
|
||||||
%patch301 -p1 -b .automake-version
|
%patch301 -p1 -b .automake-version
|
||||||
@ -592,6 +598,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 10 2015 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-71
|
||||||
|
- Backport CVE-2015-7543 fix (Joseph Wenninger) from kdelibs 4 (#1289235)
|
||||||
|
|
||||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-70
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5.10-70
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user