[Pkg-xfce-commits] r6034 - in goodies/trunk/lightdm/debian: . patches

Yves-Alexis Perez corsac at alioth.debian.org
Thu Sep 15 08:32:43 UTC 2011 

Author: corsac
Date: 2011-09-15 08:32:42 +0000 (Thu, 15 Sep 2011)
New Revision: 6034

Removed:
   goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch
Modified:
   goodies/trunk/lightdm/debian/changelog
   goodies/trunk/lightdm/debian/patches/01_set-default-path.patch
   goodies/trunk/lightdm/debian/patches/03_quit-plymouth.patch
   goodies/trunk/lightdm/debian/patches/05_dont-add-pkglibexecdir-path.patch
   goodies/trunk/lightdm/debian/patches/series
Log:
refresh patches, drop included ones


Modified: goodies/trunk/lightdm/debian/changelog
===================================================================
--- goodies/trunk/lightdm/debian/changelog	2011-09-15 08:30:49 UTC (rev 6033)
+++ goodies/trunk/lightdm/debian/changelog	2011-09-15 08:32:42 UTC (rev 6034)
@@ -1,15 +1,14 @@
 lightdm (0.9.6-1) UNRELEASED; urgency=low
 
-  * New upstream release.
+  * New upstream release:
+    - don't write user files as root to prevent symlinks attacks
+      [CVE-2011-3349]                                           closes: #639151
   * debian/patches:
     - 01_set-default-path, 02_default-config, 03_quit-plymouth,
       04_default-gtk-greeter-config refreshed.
     - 05_always-export-XAUTHORITY dropped, included upstream. 
     - 05_dont-add-pkglibexecdir-path added, don't add /usr/lib/lightdm/lightdm
       to the PATH, it's ugly.
-    - 06_drop-privileges-before-writing-user-files cherry-picked from Martin
-      Pitt merge request. Don't write user files as root to prevent symlinks
-      attacks [CVE-2011-3349]                                   closes: #639151
   * debian/rules:
     - don't install gdmflexiserver script for now until the PATH issue is
       solved.

Modified: goodies/trunk/lightdm/debian/patches/01_set-default-path.patch
===================================================================
--- goodies/trunk/lightdm/debian/patches/01_set-default-path.patch	2011-09-15 08:30:49 UTC (rev 6033)
+++ goodies/trunk/lightdm/debian/patches/01_set-default-path.patch	2011-09-15 08:32:42 UTC (rev 6034)
@@ -2,11 +2,11 @@
 Author: Lionel Le Folgoc <mrpouit at gmail.com>
 Bug: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/798277
 Description: Fix default PATH environment variable
-Index: lightdm-0.9.5/src/session.c
+Index: lightdm-0.9.6/src/session.c
 ===================================================================
---- lightdm-0.9.5.orig/src/session.c	2011-09-07 07:32:43.000000000 +0200
-+++ lightdm-0.9.5/src/session.c	2011-09-07 09:21:36.280133903 +0200
-@@ -199,7 +199,10 @@
+--- lightdm-0.9.6.orig/src/session.c	2011-09-11 07:48:18.000000000 +0200
++++ lightdm-0.9.6/src/session.c	2011-09-15 10:30:54.498966614 +0200
+@@ -194,7 +194,10 @@
      pam_session_open (session->priv->authentication);
  
      user = pam_session_get_user (session->priv->authentication);

Modified: goodies/trunk/lightdm/debian/patches/03_quit-plymouth.patch
===================================================================
--- goodies/trunk/lightdm/debian/patches/03_quit-plymouth.patch	2011-09-15 08:30:49 UTC (rev 6033)
+++ goodies/trunk/lightdm/debian/patches/03_quit-plymouth.patch	2011-09-15 08:32:42 UTC (rev 6034)
@@ -4,11 +4,11 @@
 plymouth has been deactivated before, so just quit it for now.
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632737
 Bug: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/799069
-Index: lightdm-0.9.4/src/xserver-local.c
+Index: lightdm-0.9.6/src/xserver-local.c
 ===================================================================
---- lightdm-0.9.4.orig/src/xserver-local.c	2011-07-25 13:36:24.000000000 +0200
-+++ lightdm-0.9.4/src/xserver-local.c	2011-09-07 09:21:02.463925039 +0200
-@@ -115,7 +115,7 @@
+--- lightdm-0.9.6.orig/src/xserver-local.c	2011-09-15 08:56:23.000000000 +0200
++++ lightdm-0.9.6/src/xserver-local.c	2011-09-15 10:31:02.015093674 +0200
+@@ -98,7 +98,7 @@
              g_debug ("X server %s will replace Plymouth", xserver_get_address (XSERVER (self)));
              self->priv->replacing_plymouth = TRUE;
              self->priv->vt = active_vt;

Modified: goodies/trunk/lightdm/debian/patches/05_dont-add-pkglibexecdir-path.patch
===================================================================
--- goodies/trunk/lightdm/debian/patches/05_dont-add-pkglibexecdir-path.patch	2011-09-15 08:30:49 UTC (rev 6033)
+++ goodies/trunk/lightdm/debian/patches/05_dont-add-pkglibexecdir-path.patch	2011-09-15 08:32:42 UTC (rev 6034)
@@ -1,8 +1,8 @@
-Index: lightdm-0.9.5/src/session.c
+Index: lightdm-0.9.6/src/session.c
 ===================================================================
---- lightdm-0.9.5.orig/src/session.c	2011-09-07 09:21:36.280133903 +0200
-+++ lightdm-0.9.5/src/session.c	2011-09-07 09:23:14.224738886 +0200
-@@ -209,19 +209,6 @@
+--- lightdm-0.9.6.orig/src/session.c	2011-09-15 10:30:54.498966614 +0200
++++ lightdm-0.9.6/src/session.c	2011-09-15 10:31:07.439185287 +0200
+@@ -204,19 +204,6 @@
      process_set_env (PROCESS (session), "SHELL", user_get_shell (user));
      set_env_from_authentication (session, session->priv->authentication);
  

Deleted: goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch
===================================================================
--- goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch	2011-09-15 08:30:49 UTC (rev 6033)
+++ goodies/trunk/lightdm/debian/patches/06_drop-privileges-before-writing-user-files.patch	2011-09-15 08:32:42 UTC (rev 6034)
@@ -1,106 +0,0 @@
-=== modified file 'src/dmrc.c'
-Index: lightdm-0.9.5/src/dmrc.c
-===================================================================
---- lightdm-0.9.5.orig/src/dmrc.c	2011-07-20 05:54:37.000000000 +0200
-+++ lightdm-0.9.5/src/dmrc.c	2011-09-13 16:20:50.731421337 +0200
-@@ -9,6 +9,8 @@
-  * license.
-  */
- 
-+/* for setres*id() */
-+#define _GNU_SOURCE
- #include <errno.h>
- #include <string.h>
- #include <unistd.h>
-@@ -80,11 +82,22 @@
-     /* Update the users .dmrc */
-     if (user)
-     {
-+	gboolean drop_privs = (geteuid () == 0);
-+
-+	/* Guard against privilege escalation through symlinks, etc. */
-+	if (drop_privs)
-+	{
-+	    g_assert (setresgid (user_get_gid (user), user_get_gid (user), -1) == 0);
-+	    g_assert (setresuid (user_get_uid (user), user_get_uid (user), -1) == 0);
-+	}
-         path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL);
-         g_file_set_contents (path, data, length, NULL);
--        if (getuid () == 0 && chown (path, user_get_uid (user), user_get_gid (user)) < 0)
--            g_warning ("Error setting ownership on %s: %s", path, strerror (errno));
-         g_free (path);
-+	if (drop_privs)
-+	{
-+	    g_assert (setresuid (0, 0, -1) == 0);
-+	    g_assert (setresgid (0, 0, -1) == 0);
-+	}
-     }
- 
-     /* Update the .dmrc cache */
-Index: lightdm-0.9.5/src/xauthority.c
-===================================================================
---- lightdm-0.9.5.orig/src/xauthority.c	2011-09-07 07:16:54.000000000 +0200
-+++ lightdm-0.9.5/src/xauthority.c	2011-09-13 16:20:50.731421337 +0200
-@@ -9,6 +9,8 @@
-  * license.
-  */
- 
-+/* for setres*id() */
-+#define _GNU_SOURCE
- #include <string.h>
- #include <errno.h>
- #include <unistd.h>
-@@ -244,6 +246,16 @@
-     XAuthority *a;
-     gboolean result;
-     gboolean matched = FALSE;
-+    gboolean drop_privs = (user && geteuid () == 0);
-+    gboolean retval = FALSE;
-+
-+    /* Guard against privilege escalation through symlinks, etc. */
-+    if (drop_privs)
-+    {
-+	g_debug ("Dropping privileges to uid %i", user_get_uid (user));
-+	g_assert (setresgid (user_get_gid (user), user_get_gid (user), -1) == 0);
-+	g_assert (setresuid (user_get_uid (user), user_get_uid (user), -1) == 0);
-+    }
- 
-     /* Read out existing records */
-     if (mode != XAUTH_WRITE_MODE_SET)
-@@ -317,7 +329,7 @@
- 
-     output_stream = g_file_replace (file, NULL, FALSE, G_FILE_CREATE_PRIVATE, NULL, error);
-     if (!output_stream)
--        return FALSE;
-+        goto out;
- 
-     /* Workaround because g_file_replace () generates a file does not exist error even though it can replace it */
-     g_clear_error (error);
-@@ -345,18 +357,18 @@
-     g_object_unref (output_stream);
- 
-     if (!result)
--        return FALSE;
-+        goto out;
- 
--    /* NOTE: Would like to do:
--     * g_file_set_attribute_string (file, G_FILE_ATTRIBUTE_OWNER_USER, username, G_FILE_QUERY_INFO_NONE, NULL, error))
--     * but not supported. */
--    if (user && getuid () == 0)
-+    retval = TRUE;
-+  
-+out:
-+    /* reclaim privileges */
-+    if (drop_privs)
-     {
--        if (chown (g_file_get_path (file), user_get_uid (user), user_get_gid (user)) < 0)
--            g_warning ("Failed to set authorization owner: %s", strerror (errno));
-+	g_assert (setresuid (0, 0, -1) == 0);
-+	g_assert (setresgid (0, 0, -1) == 0);
-     }
--  
--    return TRUE;
-+    return retval;
- }
- 
- static void

Modified: goodies/trunk/lightdm/debian/patches/series
===================================================================
--- goodies/trunk/lightdm/debian/patches/series	2011-09-15 08:30:49 UTC (rev 6033)
+++ goodies/trunk/lightdm/debian/patches/series	2011-09-15 08:32:42 UTC (rev 6034)
@@ -3,4 +3,3 @@
 03_quit-plymouth.patch
 04_default-gtk-greeter-config.patch
 05_dont-add-pkglibexecdir-path.patch
-06_drop-privileges-before-writing-user-files.patch

More information about the Pkg-xfce-commits mailing list