Hello community,
here is the log from the commit of package lightdm for openSUSE:12.1 checked in
at 2011-11-05 11:20:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1/lightdm (Old)
and /work/SRC/openSUSE:12.1/.lightdm.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lightdm", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:12.1/lightdm/lightdm.changes 2011-11-02
12:00:09.000000000 +0100
+++ /work/SRC/openSUSE:12.1/.lightdm.new/lightdm.changes 2011-11-05
11:49:52.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Nov 2 16:38:24 UTC 2011 - g...@opensuse.org
+
+- Update to version 1.0.6
+ - use lchown for correcting ownership of ~/.Xauthority instead of
+ chown, this fixes a security issue where using ~/.Xauthority as
+ a symlink would cause LightDM to set the destination of the
+ link to user ownership (CVE-2011-4105)
+
+-------------------------------------------------------------------
Old:
----
lightdm-1.0.5.tar.gz
New:
----
lightdm-1.0.6.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lightdm.spec ++++++
--- /var/tmp/diff_new_pack.vmq96T/_old 2011-11-05 11:49:52.000000000 +0100
+++ /var/tmp/diff_new_pack.vmq96T/_new 2011-11-05 11:49:52.000000000 +0100
@@ -23,7 +23,7 @@
%define qt_lib lib%{qt_libname}-0
Name: lightdm
-Version: 1.0.5
+Version: 1.0.6
Release: 1
Summary: Lightweight, Cross-desktop Display Manager
Group: System/X11/Displaymanagers
++++++ lightdm-1.0.5.tar.gz -> lightdm-1.0.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightdm-1.0.5/NEWS new/lightdm-1.0.6/NEWS
--- old/lightdm-1.0.5/NEWS 2011-10-26 18:18:20.000000000 +0200
+++ new/lightdm-1.0.6/NEWS 2011-11-02 16:29:08.000000000 +0100
@@ -1,3 +1,7 @@
+Overview of changes in lightdm 1.0.6
+
+ * Use lchown for correcting ownership of ~/.Xauthority instead of chown
+
Overview of changes in lightdm 1.0.5
* Relax AppArmor guest profile to allow compiz to start
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightdm-1.0.5/configure new/lightdm-1.0.6/configure
--- old/lightdm-1.0.5/configure 2011-10-26 18:18:46.000000000 +0200
+++ new/lightdm-1.0.6/configure 2011-11-02 16:27:41.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for lightdm 1.0.5.
+# Generated by GNU Autoconf 2.68 for lightdm 1.0.6.
#
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -567,8 +567,8 @@
# Identity of this package.
PACKAGE_NAME='lightdm'
PACKAGE_TARNAME='lightdm'
-PACKAGE_VERSION='1.0.5'
-PACKAGE_STRING='lightdm 1.0.5'
+PACKAGE_VERSION='1.0.6'
+PACKAGE_STRING='lightdm 1.0.6'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1434,7 +1434,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures lightdm 1.0.5 to adapt to many kinds of systems.
+\`configure' configures lightdm 1.0.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1504,7 +1504,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of lightdm 1.0.5:";;
+ short | recursive ) echo "Configuration of lightdm 1.0.6:";;
esac
cat <<\_ACEOF
@@ -1677,7 +1677,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-lightdm configure 1.0.5
+lightdm configure 1.0.6
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2163,7 +2163,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by lightdm $as_me 1.0.5, which was
+It was created by lightdm $as_me 1.0.6, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -2981,7 +2981,7 @@
# Define the identity of the package.
PACKAGE='lightdm'
- VERSION='1.0.5'
+ VERSION='1.0.6'
cat >>confdefs.h <<_ACEOF
@@ -18986,7 +18986,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by lightdm $as_me 1.0.5, which was
+This file was extended by lightdm $as_me 1.0.6, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -19052,7 +19052,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-lightdm config.status 1.0.5
+lightdm config.status 1.0.6
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightdm-1.0.5/configure.ac
new/lightdm-1.0.6/configure.ac
--- old/lightdm-1.0.5/configure.ac 2011-10-26 18:16:49.000000000 +0200
+++ new/lightdm-1.0.6/configure.ac 2011-11-02 16:27:27.000000000 +0100
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(lightdm, 1.0.5)
+AC_INIT(lightdm, 1.0.6)
AC_CONFIG_MACRO_DIR(m4)
AC_CONFIG_HEADER(config.h)
AM_INIT_AUTOMAKE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightdm-1.0.5/src/seat-xvnc.c
new/lightdm-1.0.6/src/seat-xvnc.c
--- old/lightdm-1.0.5/src/seat-xvnc.c 2011-10-26 18:14:12.000000000 +0200
+++ new/lightdm-1.0.6/src/seat-xvnc.c 2011-11-02 16:22:06.000000000 +0100
@@ -12,6 +12,7 @@
#include "seat-xvnc.h"
#include "xserver-xvnc.h"
#include "xsession.h"
+#include "configuration.h"
G_DEFINE_TYPE (SeatXVNC, seat_xvnc, SEAT_TYPE);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lightdm-1.0.5/src/xsession.c
new/lightdm-1.0.6/src/xsession.c
--- old/lightdm-1.0.5/src/xsession.c 2011-10-14 05:48:37.000000000 +0200
+++ new/lightdm-1.0.6/src/xsession.c 2011-11-02 16:21:29.000000000 +0100
@@ -105,7 +105,7 @@
if (getuid () == 0)
{
int result;
- result = chown (path, user_get_uid (session_get_user
(session)), user_get_gid (session_get_user (session)));
+ result = lchown (path, user_get_uid (session_get_user
(session)), user_get_gid (session_get_user (session)));
if (result < 0 && errno != ENOENT)
g_warning ("Failed to correct ownership of %s: %s", path,
strerror (errno));
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
