pull in upstream xauth security fix (kde#358593), update URL

9 years ago · 53abed4574
parent 1ce53a3bbb
commit 53abed4574
2 changed files with 34 additions and 3 deletions
--- a/0001-Fix-permissions-of-tmp-xauth-xxx-_y.patch
+++ b/0001-Fix-permissions-of-tmp-xauth-xxx-_y.patch
@ -0,0 +1,25 @@
+From dece8fd89979cd1a86c03bcaceef6e9221e8d8cd Mon Sep 17 00:00:00 2001
+From: taro yamada <archer_ame@yahoo.co.jp>
+Date: Wed, 18 May 2016 00:08:09 +0200
+Subject: [PATCH] Fix permissions of /tmp/xauth-xxx-_y
+
+BUGS: 358593
+---
+ src/kdeinit/kinit.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/kdeinit/kinit.cpp b/src/kdeinit/kinit.cpp
+index ca18603..19e38b8 100644
+--- a/src/kdeinit/kinit.cpp
+++ b/src/kdeinit/kinit.cpp
+@@ -1531,6 +1531,7 @@ static void setupX()
+         QSaveFile xauthfile(xauth);
+         QFile xauthfrom(QFile::decodeName(qgetenv("XAUTHORITY")));
+         if (!xauthfrom.open(QFile::ReadOnly) || !xauthfile.open(QFile::WriteOnly)
+                || !xauthfile.setPermissions(QFile::ReadOwner | QFile::WriteOwner)
+                 || xauthfile.write(xauthfrom.readAll()) != xauthfrom.size() || !xauthfile.commit()) {
+             // error
+         } else {
+-- 
+2.7.4
+
--- a/kf5-kinit.spec
+++ b/kf5-kinit.spec
@ -3,11 +3,11 @@

 Name:           kf5-%{framework}
 Version:        5.22.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        KDE Frameworks 5 tier 3 solution for process launching

 License:        LGPLv2+ and BSD
-URL:            http://projects.kde.org/kinit
+URL:            https://quickgit.kde.org/?p=%{framework}.git

 %global versiondir %(echo %{version} | cut -d. -f1-2)
 %global revision %(echo %{version} | cut -d. -f3)
@ -20,6 +20,9 @@ Source0:        http://download.kde.org/%{stable}/frameworks/%{versiondir}/%{fra

 Source10:       macros.kf5-kinit

+## upstream patches
+Patch1: 0001-Fix-permissions-of-tmp-xauth-xxx-_y.patch
+
 BuildRequires:  extra-cmake-modules >= %{version}
 BuildRequires:  kf5-kconfig-devel >= %{version}
 BuildRequires:  kf5-kcrash-devel >= %{version}
@ -51,7 +54,7 @@ developing applications that use %{name}.


 %prep
-%setup -q -n %{framework}-%{version}
+%autosetup -n %{framework}-%{version} -p1


 %build
@ -91,6 +94,9 @@ install -p -m644 -D %{SOURCE10} \


 %changelog
+* Tue May 17 2016 Rex Dieter <rdieter@fedoraproject.org> - 5.22.0-2
+- pull in upstream xauth security fix (kde#358593), update URL
+
 * Mon May 16 2016 Rex Dieter <rdieter@fedoraproject.org> - 5.22.0-1
 - KDE Frameworks 5.22.0