Hello community,
here is the log from the commit of package lightdm for openSUSE:Factory checked in at 2011-11-16 17:19:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lightdm (Old)
and /work/SRC/openSUSE:Factory/.lightdm.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lightdm", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/lightdm/lightdm.changes 2011-11-10 15:50:27.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.lightdm.new/lightdm.changes 2011-11-16 17:19:47.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Nov 15 16:29:15 UTC 2011 - prusnak@opensuse.org
+
+- fix .dmrc handling (CVE-2011-3153) [bnc#728627]
+
+-------------------------------------------------------------------
@@ -7,2 +12,2 @@
- .Xauthrotiy as root never was in a released openSUSE version
- anyway
+ .Xauthority as root never was in a released openSUSE version
+ anyway (bnc#730062)
New:
----
lightdm-CVE-2011-3153.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lightdm.spec ++++++
--- /var/tmp/diff_new_pack.jLpvYh/_old 2011-11-16 17:19:48.000000000 +0100
+++ /var/tmp/diff_new_pack.jLpvYh/_new 2011-11-16 17:19:48.000000000 +0100
@@ -48,8 +48,10 @@
Patch5: lightdm-default-configuration.patch
# PATCH-FIX-UPSTREAM lightdm-lock-screen-before-switch.patch gber@opensuse.org -- Try to lock the screen before switching users
Patch7: lightdm-lock-screen-before-switch.patch
-# PATCH-FIX-UPSTREAM lightdm-remove-xauthority-ownership-fix.patch gber@opensuse.org -- Remove the code correcting the ownership of .Xauthority files, it is still not secure and the buggy LightDM version writing .Xauthrotiy as root never was in a released openSUSE version anyway
+# PATCH-FIX-UPSTREAM lightdm-remove-xauthority-ownership-fix.patch gber@opensuse.org -- Remove the code correcting the ownership of .Xauthority files, it is still not secure and the buggy LightDM version writing .Xauthority as root never was in a released openSUSE version anyway
Patch8: lightdm-remove-xauthority-ownership-fix.patch
+# PATCH-FIX-UPSTREAM lightdm-CVE-2011-3153.patch prusnak@opensuse.org -- fix vulnerability when reading .dmrc file
+Patch9: lightdm-CVE-2011-3153.patch
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(xcb)
BuildRequires: pkgconfig(xdmcp)
@@ -176,6 +178,7 @@
%patch5 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
%build
./autogen.sh
++++++ lightdm-CVE-2011-3153.patch ++++++
Description: drop privileges before reading ~/.dmrc
Author: Marc Deslauriers