[Frugalware-darcs] frugalware-0.6: gdm-2.18.0-2terminus1-i686

voroskoi voroskoi at frugalware.org
Fri Sep 7 08:47:27 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070907063715-dd049-3885e04063a127d9b91f00cfb647fa4ac5a7a374.gz;

[gdm-2.18.0-2terminus1-i686
voroskoi <voroskoi at frugalware.org>**20070907063715
 secfix relbump, closes #2329
] {
addfile ./source/gnome/gdm/CVE-2007-3381.diff
hunk ./source/gnome/gdm/CVE-2007-3381.diff 1
+--- gnome-2-18/daemon/gdm.c	2007/04/09 02:31:48	4777
++++ gnome-2-18/daemon/gdm.c	2007/07/12 00:06:52	5062
+@@ -2557,190 +2557,216 @@
+ 				     NULL, 0, NULL, NULL, NULL);
+        } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_ERROR_DIALOG,
+ 			   strlen ("opcode="GDM_SOP_SHOW_ERROR_DIALOG)) == 0) {
+-		GdmDisplay *d;
+-		GtkMessageType type;
+ 		char **list;
+-		char *ptr;
+-		char *error;
+-		char *details_label;
+-		char *details_file;
+-		long slave_pid;
+-		int uid, gid;
+-
+ 		list = g_strsplit (msg, "$$", -1);
+ 
+-		ptr = strchr (list[1], '=');
+-		slave_pid = atol (ptr + 1);
+-
+-		ptr = strchr (list[2], '=');
+-		type = atoi (ptr + 1);
+-
+-		ptr = strchr (list[3], '=');
+-		error = g_malloc0 (strlen (ptr));
+-		strcpy (error, ptr + 1);
+-
+-		ptr = strchr (list[4], '=');
+-		details_label = g_malloc0 (strlen (ptr));
+-		strcpy (details_label, ptr + 1);
+-
+-		ptr = strchr (list[5], '=');
+-		details_file = g_malloc0 (strlen (ptr));
+-		strcpy (details_file, ptr + 1);
+-
+-		ptr = strchr (list[6], '=');
+-		uid = atoi (ptr + 1);
+-
+-		ptr = strchr (list[7], '=');
+-		gid = atoi (ptr + 1);
++		if (ve_vector_len (list) == 8) {
++			GdmDisplay *d;
++			GtkMessageType type;
++			char *ptr;
++			char *error;
++			char *details_label;
++			char *details_file;
++			long slave_pid;
++			int uid, gid;
++
++			ptr = strchr (list[1], '=');
++			slave_pid = atol (ptr + 1);
++
++			ptr = strchr (list[2], '=');
++			type = atoi (ptr + 1);
++
++			ptr = strchr (list[3], '=');
++			error = g_malloc0 (strlen (ptr));
++			strcpy (error, ptr + 1);
++
++			ptr = strchr (list[4], '=');
++			details_label = g_malloc0 (strlen (ptr));
++			strcpy (details_label, ptr + 1);
++
++			ptr = strchr (list[5], '=');
++			details_file = g_malloc0 (strlen (ptr));
++			strcpy (details_file, ptr + 1);
++
++			ptr = strchr (list[6], '=');
++			uid = atoi (ptr + 1);
++
++			ptr = strchr (list[7], '=');
++			gid = atoi (ptr + 1);
++
++			d = gdm_display_lookup (slave_pid);
++
++			if (d != NULL) {
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0644));
++				}
+ 
+-		d = gdm_display_lookup (slave_pid);
++				gdm_error_box_full (d, type, error,
++					details_label, details_file, 0, 0);
+ 
+-		if (d != NULL) {
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0644));
+-			}
+-
+-			gdm_error_box_full (d, type, error, details_label, details_file, 0, 0);
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0640));
++				}
+ 
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0640));
++				send_slave_ack_dialog_char (d,
++					GDM_SLAVE_NOTIFY_ERROR_RESPONSE, NULL);
+ 			}
+-
+-			send_slave_ack_dialog_char (d, GDM_SLAVE_NOTIFY_ERROR_RESPONSE, NULL);
++			g_free (error);
++			g_free (details_label);
++			g_free (details_file);
+ 		}
+ 
+-		g_free (error);
+-		g_free (details_label);
+-		g_free (details_file);
+ 		g_strfreev (list);
+        } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_YESNO_DIALOG,
+-                            strlen ("opcode="GDM_SOP_SHOW_YESNO_DIALOG)) == 0) {
+-		GdmDisplay *d;
++                           strlen ("opcode="GDM_SOP_SHOW_YESNO_DIALOG)) == 0) {
+ 		char **list;
+-		char *ptr;
+-		char *yesno_msg;
+-		long slave_pid;
+-		gboolean response_yesno;
+-
+ 		list = g_strsplit (msg, "$$", -1);
+ 
+-		ptr = strchr (list [1], '=');
+-		slave_pid = atol (ptr + 1);
+-
+-		ptr = strchr (list [2], '=');
+-		yesno_msg = g_malloc0 (strlen (ptr));
+-		strcpy (yesno_msg, ptr + 1);
+-
+-		d = gdm_display_lookup (slave_pid);
+-		if (d != NULL) {
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0644));
+-			}
+-
+-			response_yesno =  gdm_failsafe_yesno (d, yesno_msg);
++		if (ve_vector_len (list) == 3) {
++			GdmDisplay *d;
++			char *ptr;
++			char *yesno_msg;
++			long slave_pid;
++			gboolean resp;
++
++			ptr = strchr (list [1], '=');
++			slave_pid = atol (ptr + 1);
++
++			ptr = strchr (list [2], '=');
++			yesno_msg = g_malloc0 (strlen (ptr));
++			strcpy (yesno_msg, ptr + 1);
++
++			d = gdm_display_lookup (slave_pid);
++			if (d != NULL) {
++				if (GDM_AUTHFILE (d)) {
++				VE_IGNORE_EINTR (
++					chmod (GDM_AUTHFILE (d), 0644));
++				}
+ 
+-			send_slave_ack_dialog_int (d, GDM_SLAVE_NOTIFY_YESNO_RESPONSE, response_yesno);
++				resp =  gdm_failsafe_yesno (d, yesno_msg);
+ 
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0640));
++				send_slave_ack_dialog_int (d,
++					GDM_SLAVE_NOTIFY_YESNO_RESPONSE,
++					resp);
++
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0640));
++				}
+ 			}
+-		}
+ 
+-		g_free (yesno_msg);
++			g_free (yesno_msg);
++		}
+ 		g_strfreev (list);
+        } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_QUESTION_DIALOG,
+                             strlen ("opcode="GDM_SOP_SHOW_QUESTION_DIALOG)) == 0) {
+-		GdmDisplay *d;
+ 		char **list;
+-		char *ptr;
+-		char *question_msg;
+-		char *response_question;
+-		long slave_pid;
+-		gboolean echo;
+-
+ 		list = g_strsplit (msg, "$$", -1);
+ 
+-		ptr = strchr (list [1], '=');
+-		slave_pid = atol (ptr + 1);
+-
+-		ptr = strchr (list [2], '=');
+-		question_msg = g_malloc0 (strlen (ptr));
+-		strcpy (question_msg, ptr + 1);
+-
+-		ptr = strchr (list [3], '=');
+-		echo = atoi (ptr + 1);
+-
+-		d = gdm_display_lookup (slave_pid);
+-		if (d != NULL) {
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0644));
+-			}
+-
+-			response_question = gdm_failsafe_question (d, question_msg, echo);
++                if (ve_vector_len (list) == 4) {
++			GdmDisplay *d;
++			char *ptr;
++			char *question_msg;
++			char *resp;
++			long slave_pid;
++			gboolean echo;
++
++			ptr = strchr (list [1], '=');
++			slave_pid = atol (ptr + 1);
++
++			ptr = strchr (list [2], '=');
++			question_msg = g_malloc0 (strlen (ptr));
++			strcpy (question_msg, ptr + 1);
++
++			ptr = strchr (list [3], '=');
++			echo = atoi (ptr + 1);
++
++			d = gdm_display_lookup (slave_pid);
++			if (d != NULL) {
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0644));
++				}
+ 
+-			send_slave_ack_dialog_char (d, GDM_SLAVE_NOTIFY_QUESTION_RESPONSE, response_question);
++				resp = gdm_failsafe_question (d,
++					question_msg, echo);
+ 
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0640));
++				send_slave_ack_dialog_char (d,
++					GDM_SLAVE_NOTIFY_QUESTION_RESPONSE,
++					resp);
++
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0640));
++				}
+ 			}
+-		}
+ 
+-		g_free (question_msg);
++			g_free (question_msg);
++		}
+ 		g_strfreev (list);
+        } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_ASKBUTTONS_DIALOG,
+                             strlen ("opcode="GDM_SOP_SHOW_ASKBUTTONS_DIALOG)) == 0) {
+-		GdmDisplay *d;
+-		char *askbuttons_msg;
+ 		char **list;
+-		char *ptr;
+-		char *options[4];
+-		long slave_pid;
+-		int i;
+-		int response_askbuttons;
+-
+ 		list = g_strsplit (msg, "$$", -1);
+ 
+-		ptr = strchr (list [1], '=');
+-		slave_pid = atol (ptr + 1);
+-
+-		ptr = strchr (list [2], '=');
+-		askbuttons_msg = g_malloc0 (strlen (ptr));
+-		strcpy (askbuttons_msg, ptr + 1);
+-
+-		ptr = strchr (list [3], '=');
+-		options[0] = g_malloc0 (strlen (ptr));
+-		strcpy (options[0], ptr + 1);
+-
+-		ptr = strchr (list [4], '=');
+-		options[1] = g_malloc0 (strlen (ptr));
+-		strcpy (options[1], ptr + 1);
+-
+-		ptr = strchr (list [5], '=');
+-		options[2] = g_malloc0 (strlen (ptr));
+-		strcpy (options[2], ptr + 1);
+-
+-		ptr = strchr (list [6], '=');
+-		options[3] = g_malloc0 (strlen (ptr));
+-		strcpy (options[3], ptr + 1);
+-
+-		d = gdm_display_lookup (slave_pid);
+-		if (d != NULL) {
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0644));
+-			}
++		if (ve_vector_len (list) == 7) {
++			GdmDisplay *d;
++			char *askbuttons_msg;
++			char *ptr;
++			char *options[4];
++			long slave_pid;
++			int i;
++			int resp;
++
++			ptr = strchr (list [1], '=');
++			slave_pid = atol (ptr + 1);
++
++			ptr = strchr (list [2], '=');
++			askbuttons_msg = g_malloc0 (strlen (ptr));
++			strcpy (askbuttons_msg, ptr + 1);
++
++			ptr = strchr (list [3], '=');
++			options[0] = g_malloc0 (strlen (ptr));
++			strcpy (options[0], ptr + 1);
++
++			ptr = strchr (list [4], '=');
++			options[1] = g_malloc0 (strlen (ptr));
++			strcpy (options[1], ptr + 1);
++
++			ptr = strchr (list [5], '=');
++			options[2] = g_malloc0 (strlen (ptr));
++			strcpy (options[2], ptr + 1);
++
++			ptr = strchr (list [6], '=');
++			options[3] = g_malloc0 (strlen (ptr));
++			strcpy (options[3], ptr + 1);
++
++			d = gdm_display_lookup (slave_pid);
++			if (d != NULL) {
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0644));
++				}
+ 
+-			response_askbuttons = gdm_failsafe_ask_buttons (d, askbuttons_msg, options);
++				resp = gdm_failsafe_ask_buttons (d,
++					askbuttons_msg, options);
+ 
+-			send_slave_ack_dialog_int (d, GDM_SLAVE_NOTIFY_ASKBUTTONS_RESPONSE, response_askbuttons);
+-			if (GDM_AUTHFILE (d)) {
+-				VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d), 0640));
++				send_slave_ack_dialog_int (d,
++					GDM_SLAVE_NOTIFY_ASKBUTTONS_RESPONSE,
++					resp);
++				if (GDM_AUTHFILE (d)) {
++					VE_IGNORE_EINTR (
++						chmod (GDM_AUTHFILE (d), 0640));
++				}
+ 			}
+-		}
+ 
+-		g_free (askbuttons_msg);
++			g_free (askbuttons_msg);
+ 
+-		for (i = 0; i < 3; i ++) 
+-			g_free (options[i]);
++			for (i = 0; i < 3; i ++) 
++				g_free (options[i]);
++		}
+ 		g_strfreev (list);
+ 	}
+ }
+@@ -3481,9 +3507,13 @@
+  
+ 	} else if (strncmp (msg, GDM_SUP_GET_SERVER_DETAILS " ",
+ 		     strlen (GDM_SUP_GET_SERVER_DETAILS " ")) == 0) {
+-		const gchar *server = &msg[strlen (GDM_SUP_GET_SERVER_DETAILS " ")];
+-		gchar   **splitstr = g_strsplit (server, " ", 2);
+-		GdmXserver  *svr   = gdm_find_xserver ((gchar *)splitstr[0]);
++		const gchar  *server   = &msg[strlen (GDM_SUP_GET_SERVER_DETAILS " ")];
++		gchar       **splitstr = g_strsplit (server, " ", 2);
++		GdmXserver   *svr      = NULL;
++
++		if (splitstr != NULL && splitstr[0] != NULL) {
++			svr = gdm_find_xserver ((gchar *)splitstr[0]);
++		}
+ 
+ 		if (svr != NULL) {
+ 			if (g_strcasecmp (splitstr[1], "ID") == 0)
+@@ -3520,12 +3550,11 @@
+ 			   gdm_connection_printf (conn, "OK false\n");
+ 			else
+ 			   gdm_connection_printf (conn, "ERROR 2 Key not valid\n");
+-
+-			g_strfreev (splitstr);
+ 		} else {
+                		gdm_connection_printf (conn, "ERROR 1 Server not found\n");
+ 		}
+  
++		g_strfreev (splitstr);
+ 	} else if (strcmp (msg, GDM_SUP_GREETERPIDS) == 0) {
+ 		GString *msg;
+ 		GSList *li;
+@@ -3555,10 +3584,15 @@
+ 	} else if (strncmp (msg, GDM_SUP_GET_CONFIG " ",
+ 		     strlen (GDM_SUP_GET_CONFIG " ")) == 0) {
+ 		const gchar *parms = &msg[strlen (GDM_SUP_GET_CONFIG " ")];
+-		gchar **splitstr = g_strsplit (parms, " ", 2);
+-		gchar *retval = NULL;
++		gchar **splitstr   = g_strsplit (parms, " ", 2);
++		gchar *retval      = NULL;
+ 		static gboolean done_prefetch = FALSE;
+ 
++		if (splitstr == NULL || splitstr[0] == NULL) {
++               		gdm_connection_printf (conn, "ERROR 50 Unsupported key <null>\n");
++			return;
++		}
++		
+ 		/*
+ 		 * It is not meaningful to manage this in a per-display 
+ 		 * fashion since the prefetch program is only run once the
+--- gnome-2-18/daemon/gdmconfig.c	2007/03/20 08:50:41	4684
++++ gnome-2-18/daemon/gdmconfig.c	2007/07/12 00:06:52	5062
+@@ -850,9 +850,10 @@
+ 
+    file = gdm_get_per_display_custom_config_file (display);
+ 
+-   if (strcmp (ve_sure_string (splitstr[0]), "greeter") == 0 ||
+-       strcmp (ve_sure_string (splitstr[0]), "gui") == 0 ||
+-       is_key (key, GDM_KEY_PAM_STACK)) {
++   if (splitstr != NULL &&
++       (strcmp (ve_sure_string (splitstr[0]), "greeter") == 0 ||
++        strcmp (ve_sure_string (splitstr[0]), "gui") == 0 ||
++        is_key (key, GDM_KEY_PAM_STACK))) {
+       gdm_config_key_to_string (file, key, retval);
+    }
+ 
+@@ -878,7 +879,7 @@
+    *retval = NULL;
+ 
+    /* Should not fail, all keys should have a category. */
+-   if (splitstr[0] == NULL)
++   if (splitstr == NULL || splitstr[0] == NULL)
+       return;
+ 
+    /* If file doesn't exist, then just return */
+@@ -1768,7 +1769,7 @@
+    if (custom_cfg != NULL) {
+        gchar **splitstr = g_strsplit (key, "/", 2);
+ 
+-       if (splitstr[0] != NULL) {
++       if (splitstr != NULL && splitstr[0] != NULL) {
+           GList *list = ve_config_get_keys (custom_cfg, splitstr[0]);
+ 
+           while (list != NULL) {
+@@ -1956,7 +1957,7 @@
+       /* First check the custom file */
+       if (cfgfiles->custom_cfg != NULL) {
+           gchar **splitstr = g_strsplit (key_in, "/", 2);
+-          if (splitstr[0] != NULL) {
++          if (splitstr != NULL && splitstr[0] != NULL) {
+              GList *list = ve_config_get_keys (cfgfiles->custom_cfg, splitstr[0]);
+ 
+              while (list != NULL) {
+--- gnome-2-18/gui/gdmflexiserver.c	2007/04/09 05:07:27	4796
++++ gnome-2-18/gui/gdmflexiserver.c	2007/07/12 00:06:52	5062
+@@ -136,9 +136,10 @@
+ 	for (i = 0; vec[i] != NULL; i++) {
+ 		char **rvec;
+ 		rvec = g_strsplit (vec[i], ",", -1);
+-		if (rvec == NULL ||
+-		    ve_vector_len (rvec) != 3)
++		if (ve_vector_len (rvec) != 3) {
++			g_strfreev (rvec);
+ 			continue;
++		}
+ 
+ 		if (strcmp (rvec[0], vtpart) == 0) {
+ 			/* could be nested? */
+@@ -177,9 +178,10 @@
+ 		char **rvec;
+ 		int vt;
+ 		rvec = g_strsplit (vec[i], ",", -1);
+-		if (rvec == NULL ||
+-		    ve_vector_len (rvec) != 3)
++		if (ve_vector_len (rvec) != 3) {
++			g_strfreev (rvec);
+ 			continue;
++		}
+ 
+ 		vt = get_vt_num (vec, rvec[2], 5);
+ 
+@@ -516,9 +518,10 @@
+ 		char **rvec;
+ 		int vt;
+ 		rvec = g_strsplit (vec[i], ",", -1);
+-		if (rvec == NULL ||
+-		    ve_vector_len (rvec) != 3)
++		if (ve_vector_len (rvec) != 3) {
++			g_strfreev (rvec);
+ 			continue;
++		}
+ 
+ 		vt = get_vt_num (vec, rvec[2], 5);
+ 
+--- gnome-2-18/gui/gdmsetup.c	2007/04/02 05:28:30	4743
++++ gnome-2-18/gui/gdmsetup.c	2007/07/12 00:06:52	5062
+@@ -4220,7 +4220,7 @@
+     msg = g_string_new ("");
+ 
+     actions = g_strsplit (strings_list, sep, -1);
+-        for (i = 0; actions[i]; i++) {
++    for (i = 0; actions != NULL && actions[i] != NULL; i++) {
+         if (strncmp (actions[i], string, strlen (string)) == 0)
+             continue;
+         g_string_append_printf (msg, "%s%s", separator, actions[i]);
+--- gnome-2-18/gui/greeter/greeter_item_ulist.c	2007/04/09 02:36:08	4778
++++ gnome-2-18/gui/greeter/greeter_item_ulist.c	2007/07/12 00:06:52	5062
+@@ -140,8 +140,10 @@
+ 		char **rvec;
+ 
+ 		rvec = g_strsplit (vec[i], ",", -1);
+-		if (rvec == NULL || ve_vector_len (rvec) != 3)
++		if (ve_vector_len (rvec) != 3) {
++			g_strfreev (rvec);
+ 			continue;
++		}
+ 
+ 		g_hash_table_insert (displays_hash,
+ 				     g_strdup (rvec[1]),
+--- gnome-2-18/gui/gdmconfig.c	2007/03/20 08:50:41	4684
++++ gnome-2-18/gui/gdmconfig.c	2007/07/12 00:06:52	5062
+@@ -214,11 +214,11 @@
+ 	}
+ 
+ 	/* skip the "OK " */
+-        splitstr = g_strsplit (result + 3, ";", 0);
+-	sec = splitstr;
++	splitstr = g_strsplit (result + 3, ";", 0);
++	sec      = splitstr;
+ 	g_free (result);
+ 
+-        while (*sec != NULL) {
++	while (sec != NULL && *sec != NULL) {
+ 		GdmXserver *svr = g_new0 (GdmXserver, 1);
+ 
+ 		temp = gdm_config_get_xserver_details (*sec, "ID");
hunk ./source/gnome/gdm/FrugalBuild 6
-pkgrel=1
+pkgrel=2terminus1
hunk ./source/gnome/gdm/FrugalBuild 21
+	CVE-2007-3381.diff \
hunk ./source/gnome/gdm/FrugalBuild 24
-	  'a61f7c9569a2d73a5cf078e61a17cfed7d280b12' \
+          'a61f7c9569a2d73a5cf078e61a17cfed7d280b12' \
hunk ./source/gnome/gdm/FrugalBuild 26
-	  '82bb42ae2217465196b8de03b18efcdd832ff137' \
+          '82bb42ae2217465196b8de03b18efcdd832ff137' \
+          '67949c3a0c4a32e9dd52927272c37946325b8553' \
}


More information about the Frugalware-darcs mailing list