commit lightdm for openSUSE:12.1

5 Nov 2011

Hello community,

here is the log from the commit of package lightdm for openSUSE:12.1 checked in at 2011-11-05 11:20:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.1/lightdm (Old)
 and      /work/SRC/openSUSE:12.1/.lightdm.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "lightdm", Maintainer is ""

Changes:
--------

--- /work/SRC/openSUSE:12.1/lightdm/lightdm.changes	2011-11-02 12:00:09.000000000 +0100
+++ /work/SRC/openSUSE:12.1/.lightdm.new/lightdm.changes	2011-11-05 11:49:52.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Nov  2 16:38:24 UTC 2011 - gber@opensuse.org
+
+- Update to version 1.0.6
+  - use lchown for correcting ownership of ~/.Xauthority instead of
+    chown, this fixes a security issue where using ~/.Xauthority as
+    a symlink would cause LightDM to set the destination of the
+    link to user ownership (CVE-2011-4105)
+
+-------------------------------------------------------------------

Old:
----
  lightdm-1.0.5.tar.gz

New:
----
  lightdm-1.0.6.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ lightdm.spec ++++++
--- /var/tmp/diff_new_pack.vmq96T/_old	2011-11-05 11:49:52.000000000 +0100
+++ /var/tmp/diff_new_pack.vmq96T/_new	2011-11-05 11:49:52.000000000 +0100
@@ -23,7 +23,7 @@
 %define qt_lib          lib%{qt_libname}-0
 
 Name:           lightdm
-Version:        1.0.5
+Version:        1.0.6
 Release:        1
 Summary:        Lightweight, Cross-desktop Display Manager
 Group:          System/X11/Displaymanagers

++++++ lightdm-1.0.5.tar.gz -> lightdm-1.0.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/NEWS new/lightdm-1.0.6/NEWS
--- old/lightdm-1.0.5/NEWS	2011-10-26 18:18:20.000000000 +0200
+++ new/lightdm-1.0.6/NEWS	2011-11-02 16:29:08.000000000 +0100
@@ -1,3 +1,7 @@
+Overview of changes in lightdm 1.0.6
+
+    * Use lchown for correcting ownership of ~/.Xauthority instead of chown
+
 Overview of changes in lightdm 1.0.5
 
     * Relax AppArmor guest profile to allow compiz to start
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/configure new/lightdm-1.0.6/configure
--- old/lightdm-1.0.5/configure	2011-10-26 18:18:46.000000000 +0200
+++ new/lightdm-1.0.6/configure	2011-11-02 16:27:41.000000000 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for lightdm 1.0.5.
+# Generated by GNU Autoconf 2.68 for lightdm 1.0.6.
 #
 #
 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -567,8 +567,8 @@
 # Identity of this package.
 PACKAGE_NAME='lightdm'
 PACKAGE_TARNAME='lightdm'
-PACKAGE_VERSION='1.0.5'
-PACKAGE_STRING='lightdm 1.0.5'
+PACKAGE_VERSION='1.0.6'
+PACKAGE_STRING='lightdm 1.0.6'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1434,7 +1434,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures lightdm 1.0.5 to adapt to many kinds of systems.
+\`configure' configures lightdm 1.0.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1504,7 +1504,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of lightdm 1.0.5:";;
+     short | recursive ) echo "Configuration of lightdm 1.0.6:";;
    esac
   cat <<\_ACEOF
 
@@ -1677,7 +1677,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-lightdm configure 1.0.5
+lightdm configure 1.0.6
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2163,7 +2163,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by lightdm $as_me 1.0.5, which was
+It was created by lightdm $as_me 1.0.6, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -2981,7 +2981,7 @@
 
 # Define the identity of the package.
  PACKAGE='lightdm'
- VERSION='1.0.5'
+ VERSION='1.0.6'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -18986,7 +18986,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by lightdm $as_me 1.0.5, which was
+This file was extended by lightdm $as_me 1.0.6, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -19052,7 +19052,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-lightdm config.status 1.0.5
+lightdm config.status 1.0.6
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/configure.ac new/lightdm-1.0.6/configure.ac
--- old/lightdm-1.0.5/configure.ac	2011-10-26 18:16:49.000000000 +0200
+++ new/lightdm-1.0.6/configure.ac	2011-11-02 16:27:27.000000000 +0100
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT(lightdm, 1.0.5)
+AC_INIT(lightdm, 1.0.6)
 AC_CONFIG_MACRO_DIR(m4)
 AC_CONFIG_HEADER(config.h)
 AM_INIT_AUTOMAKE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/src/seat-xvnc.c new/lightdm-1.0.6/src/seat-xvnc.c
--- old/lightdm-1.0.5/src/seat-xvnc.c	2011-10-26 18:14:12.000000000 +0200
+++ new/lightdm-1.0.6/src/seat-xvnc.c	2011-11-02 16:22:06.000000000 +0100
@@ -12,6 +12,7 @@
 #include "seat-xvnc.h"
 #include "xserver-xvnc.h"
 #include "xsession.h"
+#include "configuration.h"
 
 G_DEFINE_TYPE (SeatXVNC, seat_xvnc, SEAT_TYPE);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/src/xsession.c new/lightdm-1.0.6/src/xsession.c
--- old/lightdm-1.0.5/src/xsession.c	2011-10-14 05:48:37.000000000 +0200
+++ new/lightdm-1.0.6/src/xsession.c	2011-11-02 16:21:29.000000000 +0100
@@ -105,7 +105,7 @@
             if (getuid () == 0)
             {
                 int result;
-                result = chown (path, user_get_uid (session_get_user (session)), user_get_gid (session_get_user (session)));
+                result = lchown (path, user_get_uid (session_get_user (session)), user_get_gid (session_get_user (session)));
                 if (result < 0 && errno != ENOENT)
                     g_warning ("Failed to correct ownership of %s: %s", path, strerror (errno));                
             }

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit lightdm for openSUSE:12.1

root＠hilbert.suse.de