Hello community, here is the log from the commit of package lightdm for openSUSE:12.1 checked in at 2011-11-05 11:20:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1/lightdm (Old) and /work/SRC/openSUSE:12.1/.lightdm.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lightdm", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:12.1/lightdm/lightdm.changes 2011-11-02 12:00:09.000000000 +0100 +++ /work/SRC/openSUSE:12.1/.lightdm.new/lightdm.changes 2011-11-05 11:49:52.000000000 +0100 @@ -1,0 +2,9 @@ +Wed Nov 2 16:38:24 UTC 2011 - gber@opensuse.org + +- Update to version 1.0.6 + - use lchown for correcting ownership of ~/.Xauthority instead of + chown, this fixes a security issue where using ~/.Xauthority as + a symlink would cause LightDM to set the destination of the + link to user ownership (CVE-2011-4105) + +------------------------------------------------------------------- Old: ---- lightdm-1.0.5.tar.gz New: ---- lightdm-1.0.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lightdm.spec ++++++ --- /var/tmp/diff_new_pack.vmq96T/_old 2011-11-05 11:49:52.000000000 +0100 +++ /var/tmp/diff_new_pack.vmq96T/_new 2011-11-05 11:49:52.000000000 +0100 @@ -23,7 +23,7 @@ %define qt_lib lib%{qt_libname}-0 Name: lightdm -Version: 1.0.5 +Version: 1.0.6 Release: 1 Summary: Lightweight, Cross-desktop Display Manager Group: System/X11/Displaymanagers ++++++ lightdm-1.0.5.tar.gz -> lightdm-1.0.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/NEWS new/lightdm-1.0.6/NEWS --- old/lightdm-1.0.5/NEWS 2011-10-26 18:18:20.000000000 +0200 +++ new/lightdm-1.0.6/NEWS 2011-11-02 16:29:08.000000000 +0100 @@ -1,3 +1,7 @@ +Overview of changes in lightdm 1.0.6 + + * Use lchown for correcting ownership of ~/.Xauthority instead of chown + Overview of changes in lightdm 1.0.5 * Relax AppArmor guest profile to allow compiz to start diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/configure new/lightdm-1.0.6/configure --- old/lightdm-1.0.5/configure 2011-10-26 18:18:46.000000000 +0200 +++ new/lightdm-1.0.6/configure 2011-11-02 16:27:41.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for lightdm 1.0.5. +# Generated by GNU Autoconf 2.68 for lightdm 1.0.6. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -567,8 +567,8 @@ # Identity of this package. PACKAGE_NAME='lightdm' PACKAGE_TARNAME='lightdm' -PACKAGE_VERSION='1.0.5' -PACKAGE_STRING='lightdm 1.0.5' +PACKAGE_VERSION='1.0.6' +PACKAGE_STRING='lightdm 1.0.6' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1434,7 +1434,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lightdm 1.0.5 to adapt to many kinds of systems. +\`configure' configures lightdm 1.0.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1504,7 +1504,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lightdm 1.0.5:";; + short | recursive ) echo "Configuration of lightdm 1.0.6:";; esac cat <<\_ACEOF @@ -1677,7 +1677,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lightdm configure 1.0.5 +lightdm configure 1.0.6 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2163,7 +2163,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lightdm $as_me 1.0.5, which was +It was created by lightdm $as_me 1.0.6, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2981,7 +2981,7 @@ # Define the identity of the package. PACKAGE='lightdm' - VERSION='1.0.5' + VERSION='1.0.6' cat >>confdefs.h <<_ACEOF @@ -18986,7 +18986,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lightdm $as_me 1.0.5, which was +This file was extended by lightdm $as_me 1.0.6, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19052,7 +19052,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lightdm config.status 1.0.5 +lightdm config.status 1.0.6 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/configure.ac new/lightdm-1.0.6/configure.ac --- old/lightdm-1.0.5/configure.ac 2011-10-26 18:16:49.000000000 +0200 +++ new/lightdm-1.0.6/configure.ac 2011-11-02 16:27:27.000000000 +0100 @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(lightdm, 1.0.5) +AC_INIT(lightdm, 1.0.6) AC_CONFIG_MACRO_DIR(m4) AC_CONFIG_HEADER(config.h) AM_INIT_AUTOMAKE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/src/seat-xvnc.c new/lightdm-1.0.6/src/seat-xvnc.c --- old/lightdm-1.0.5/src/seat-xvnc.c 2011-10-26 18:14:12.000000000 +0200 +++ new/lightdm-1.0.6/src/seat-xvnc.c 2011-11-02 16:22:06.000000000 +0100 @@ -12,6 +12,7 @@ #include "seat-xvnc.h" #include "xserver-xvnc.h" #include "xsession.h" +#include "configuration.h" G_DEFINE_TYPE (SeatXVNC, seat_xvnc, SEAT_TYPE); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lightdm-1.0.5/src/xsession.c new/lightdm-1.0.6/src/xsession.c --- old/lightdm-1.0.5/src/xsession.c 2011-10-14 05:48:37.000000000 +0200 +++ new/lightdm-1.0.6/src/xsession.c 2011-11-02 16:21:29.000000000 +0100 @@ -105,7 +105,7 @@ if (getuid () == 0) { int result; - result = chown (path, user_get_uid (session_get_user (session)), user_get_gid (session_get_user (session))); + result = lchown (path, user_get_uid (session_get_user (session)), user_get_gid (session_get_user (session))); if (result < 0 && errno != ENOENT) g_warning ("Failed to correct ownership of %s: %s", path, strerror (errno)); } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org