Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=cdda33a290cb5f84d72627cb374f1e68c74fc94c
commit cdda33a290cb5f84d72627cb374f1e68c74fc94c
Author: voroskoi <[EMAIL PROTECTED]>
Date: Wed Jan 23 22:44:05 2008 +0100
kdebase-3.5.7-4sayshell1-x86_64
forgot the patch
diff --git a/source/kde/kdebase/CVE-2007-5963.diff
b/source/kde/kdebase/CVE-2007-5963.diff
new file mode 100644
index 0000000..70043e6
--- /dev/null
+++ b/source/kde/kdebase/CVE-2007-5963.diff
@@ -0,0 +1,123 @@
+--- kdm/backend/inifile.c
++++ kdm/backend/inifile.c
+@@ -37,6 +37,7 @@
+ #include "dm_error.h"
+
+ #include <sys/types.h>
++#include <sys/stat.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -47,17 +48,27 @@
+ {
+ char *data;
+ int fd, len;
++ struct stat st;
+
+ if ((fd = open( fname, O_RDONLY | O_NONBLOCK )) < 0) {
+ Debug( "cannot open ini-file %\"s: %m", fname );
+ return 0;
+ }
+- len = lseek( fd, 0, SEEK_END );
++ if (fstat( fd, &st ) || !S_ISREG( st.st_mode )) {
++ LogWarn( "Ini-file %\"s is no regular file\n", fname );
++ close( fd );
++ return 0;
++ }
++ if (st.st_size >= 0x10000) {
++ LogWarn( "Ini-file %\"s is too big\n", fname );
++ close( fd );
++ return 0;
++ }
++ len = st.st_size;
+ if (!(data = Malloc( len + 2 ))) {
+ close( fd );
+ return 0;
+ }
+- lseek( fd, 0, SEEK_SET );
+ if (read( fd, data, len ) != len) {
+ Debug( "cannot read ini-file %\"s: %m", fname );
+ free( data );
+--- kdm/kfrontend/kgreeter.cpp (revision 706109)
++++ kdm/kfrontend/kgreeter.cpp (working copy)
+@@ -42,6 +42,8 @@
+ #undef Unsorted // x headers suck - make qdir.h work with --enable-final
+ #include <qdir.h>
+ #include <qfile.h>
++#include <qbuffer.h>
++#include <qmemarray.h>
+ #include <qimage.h>
+ #include <qmovie.h>
+ #include <qpopupmenu.h>
+@@ -59,6 +61,7 @@
+ #include <grp.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <fcntl.h>
+ #include <sys/types.h>
+
+ #include <X11/Xlib.h>
+@@ -163,6 +166,9 @@
+ QString login;
+ };
+
++#define FILE_LIMIT_ICON 20
++#define FILE_LIMIT_IMAGE 200
++
+ void
+ KGreeter::insertUser( const QImage &default_pix,
+ const QString &username, struct passwd *ps )
+@@ -181,16 +187,44 @@
+ nd = 1;
+ QImage p;
+ do {
+- QString fn = dp ?
+- QFile::decodeName( ps->pw_dir ) + "/.face" :
+- _faceDir + '/' + username + ".face";
+- if (p.load( fn + ".icon" ) || p.load( fn )) {
+- QSize ns( 48, 48 );
+- if (p.size() != ns)
+- p = p.convertDepth( 32 ).smoothScale( ns,
QImage::ScaleMin );
+- goto gotit;
++ dp ^= 1;
++ QCString fn = !dp ?
++ QCString( ps->pw_dir ) + '/' :
++ QFile::encodeName( _faceDir + '/' + username );
++ fn += ".face.icon";
++ int fd, ico;
++ if ((fd = open( fn.data(), O_RDONLY | O_NONBLOCK )) < 0) {
++ fn.truncate( fn.length() - 5 );
++ if ((fd = open( fn.data(), O_RDONLY | O_NONBLOCK )) < 0)
++ continue;
++ ico = 0;
++ } else
++ ico = 1;
++ QFile f;
++ f.open( IO_ReadOnly, fd );
++ int fs = f.size();
++ if (fs > (ico ? FILE_LIMIT_ICON : FILE_LIMIT_IMAGE) * 1000) {
++ LogWarn( "%s exceeds file size limit (%dkB)\n",
++ fn.data(), ico ? FILE_LIMIT_ICON :
FILE_LIMIT_IMAGE );
++ continue;
+ }
+- dp = 1 - dp;
++ QByteArray fc( fs );
++ int rfs = f.readBlock( fc.data(), fs );
++ ::close( fd );
++ fc.resize( rfs > 0 ? rfs : 0 );
++ QBuffer buf( fc );
++ buf.open( IO_ReadOnly );
++ QImageIO ir;
++ ir.setIODevice( &buf );
++ if (!ir.read()) {
++ LogInfo( "%s is no valid image\n", fn.data() );
++ continue;
++ }
++ p = ir.image();
++ QSize ns( 48, 48 );
++ if (p.size() != ns)
++ p = p.convertDepth( 32 ).smoothScale( ns,
QImage::ScaleMin );
++ goto gotit;
+ } while (--nd >= 0);
+ p = default_pix;
+ gotit:
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
