From 2e6967f4d1f70a2a6583743c52b30b03c659c7ca Mon Sep 17 00:00:00 2001 From: Brian Cameron Date: Jul 30 2007 19:06:36 +0000 Subject: Update to new release version. Updated 2007-07-30 Brian Cameron * Release 2.18.4: * configure.ac: Update to new release version. * NEWS: Updated svn path=/branches/gnome-2-18/; revision=5099 --- diff --git a/ChangeLog b/ChangeLog index a067336..16727f8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ -2007-07-11 Brian Cameron +2007-07-30 Brian Cameron + + * Release 2.18.4: + * configure.ac: Update to new release version. + * NEWS: Updated +2007-07-30 Brian Cameron + + More work to fix CVE-2007-3381. * gui/gdmsetup.c: Use an assert to check that the array is not NULL before the loop rather than in the loop. @@ -11,6 +18,9 @@ 2007-07-11 Brian Cameron + This fixes CVE-2007-3381 - a denial of service attack where + the user can crash the GDM daemon with a carefully crafted GDM + sockets command and cause GDM to stop managing future displays. * daemon/gdm.c, daemon/gdmconfig.c, gui/gdmsetup.c, gui/gdmconfig.c, gui/gdmflexiserver.c, gui/greeter/greeter_item_ulist.c: Fix g_strsplit calls @@ -24,8 +34,8 @@ 2007-07-02 Brian Cameron - * Release 2.18.3: - * configure.ac: Update to new release version. + * Release 2.18.3: + * configure.ac: Update to new release version. * NEWS: Updated 2007-06-17 Brian Cameron @@ -36,8 +46,8 @@ 2007-05-28 William Jon McCann - * Release 2.18.2: - * configure.ac: Update to new release version. + * Release 2.18.2: + * configure.ac: Update to new release version. * NEWS: Updated 2007-05-10 Brian Cameron @@ -64,25 +74,25 @@ This ensures that the error message is the same for invalid user and incorrect password, making it harder to tell whether an account is a valid one or not. Fixes - bug #436812. Patch by Lo\357c Minier + bug #436812. Patch by Lo\357c Minier 2007-04-11 Brian Cameron - * daemon/verify-pam.c, daemon/verify-shadow.c, daemon/verify-crypt.c, - daemon/verify.h, daemon/slave.c: Fix for bug #428630. This was - introduced by Ludwig Nussel when he rewrote the way the PAM logic - works. If you call gdm_verify_user with a userid, then it will allow - you to retry 3 times without asking for password again to better - support the Face Browser. However, when we ask for root password for - the configurator, we don't want this behavior. This patch fixes - this. + * daemon/verify-pam.c, daemon/verify-shadow.c, daemon/verify-crypt.c, + daemon/verify.h, daemon/slave.c: Fix for bug #428630. This was + introduced by Ludwig Nussel when he rewrote the way the PAM logic + works. If you call gdm_verify_user with a userid, then it will allow + you to retry 3 times without asking for password again to better + support the Face Browser. However, when we ask for root password for + the configurator, we don't want this behavior. This patch fixes + this. 2007-04-09 Brian Cameron - * Release 2.18.1: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.18.1: + * configure.ac: Update to new release version. + * NEWS: Updated. * gui/gdmflexiserver.c: Report an error message when the gdmcomm_check test fails. @@ -107,7 +117,7 @@ 2007-04-06 Brian Cameron - * daemon/gdm.in: Fix script so it works with Solaris /bin/sh. + * daemon/gdm.in: Fix script so it works with Solaris /bin/sh. 2006-04-02 Brian Cameron @@ -119,15 +129,15 @@ 2006-04-02 Brian Cameron - * gui/gdmchooser.glade, gui/gdmsetup.glade, gui/gdmsetup.c: - Remove gnome glade, since it is not used anymore. Fixes - bug #424696. Patch by Kristof Vansant . + * gui/gdmchooser.glade, gui/gdmsetup.glade, gui/gdmsetup.c: + Remove gnome glade, since it is not used anymore. Fixes + bug #424696. Patch by Kristof Vansant . 2006-04-02 Brian Cameron - * gui/gdmlanguages.c: Fix strcpy so source and destination do not - overlap. Fixes bug #424299. Patch by Ray Strode - . + * gui/gdmlanguages.c: Fix strcpy so source and destination do not + overlap. Fixes bug #424299. Patch by Ray Strode + . 2006-03-27 Brian Cameron @@ -140,25 +150,25 @@ 2006-03-27 Brian Cameron - * gui/greeter/greeter_item_pam.c: Partially fix #412576 by adding - ATK label for the entry field. Patch provided by David Zeuthen - . + * gui/greeter/greeter_item_pam.c: Partially fix #412576 by adding + ATK label for the entry field. Patch provided by David Zeuthen + . 2006-03-27 Brian Cameron - * gui/greeter/greeter_item_customlist.c: Fix check so the - language combo style works. Fixes bug #423063. Patch - provided by Simon . + * gui/greeter/greeter_item_customlist.c: Fix check so the + language combo style works. Fixes bug #423063. Patch + provided by Simon . 2006-03-21 Brian Cameron - * gui/gdmphotosetup.desktop.in: Change Category to - GNOME;GTK;Settings. Fixes bug #417350. + * gui/gdmphotosetup.desktop.in: Change Category to + GNOME;GTK;Settings. Fixes bug #417350. 2006-03-20 Brian Cameron - * gui/gdmsetup.desktop.in.in, gui/gdmphotosetup.desktop.in: - Change to category "GNOME;GTK;Settings;System;". Fixes + * gui/gdmsetup.desktop.in.in, gui/gdmphotosetup.desktop.in: + Change to category "GNOME;GTK;Settings;System;". Fixes bug #417350. 2006-03-13 Brian Cameron @@ -216,9 +226,9 @@ 2006-03-12 Brian Cameron - * Release 2.18.0: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.18.0: + * configure.ac: Update to new release version. + * NEWS: Updated. * docs/C/gdm.xml: Update version number to 2.18.0. 2007-03-12 Brian Cameron @@ -254,7 +264,7 @@ * config/Makefile.am, config/gdm.conf-custom.in, config/gdm.conf.in: Now expand the GDM configuration files so that they point to the correct location of the file (if a non-default location is used). - This required renaming gdm.conf-custom to gdm-conf-custom.in. I + This required renaming gdm.conf-custom to gdm-conf-custom.in. I also reworded the comment secction so that the filenames are only mentioned once and further references are to "GDM System Defaults" and "GDM Custom Configuration" file since the filenames are @@ -273,22 +283,22 @@ 2006-02-26 Brian Cameron - * Release 2.17.8: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.8: + * configure.ac: Update to new release version. + * NEWS: Updated. * configure.ac, docs/en_GB/Makefile.am: Add needed Makefile. * docs/Makefile.am: Remove en_GB from SUBDIRS so it doesn't build since needed omf file is not present. 2007-02-26 Brian Cameron - * gui/gdmchooser.c: Fix setting of PIPE_BUF to fix buf #409801 - to fix Hurd support. + * gui/gdmchooser.c: Fix setting of PIPE_BUF to fix buf #409801 + to fix Hurd support. 2007-02-26 Brian Cameron - * gui/gdmlogin.c: Change Session mnemonic to "e" instead of "s" - so it doesn't conflict with "Start Again" button. Fixes bug + * gui/gdmlogin.c: Change Session mnemonic to "e" instead of "s" + so it doesn't conflict with "Start Again" button. Fixes bug #409693. 2007-02-26 Brian Cameron @@ -344,9 +354,9 @@ 2006-02-12 Brian Cameron - * Release 2.17.7: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.7: + * configure.ac: Update to new release version. + * NEWS: Updated. * docs/C/gdm.xml: Update version number. 2007-02-09 Brian Cameron @@ -418,14 +428,14 @@ 2007-01-31 Brian Cameron - * gui/greeter/greeter_item_customlist.c, - gui/greeter/greeter_canvas_item.c, - gui/greeter/greeter_canvas_text.c, gui/greeter/greeter_session.c, - gui/gdmXnestchooser.c, gui/gdmchooser.c, gui/gdmconfig.[ch], + * gui/greeter/greeter_item_customlist.c, + gui/greeter/greeter_canvas_item.c, + gui/greeter/greeter_canvas_text.c, gui/greeter/greeter_session.c, + gui/gdmXnestchooser.c, gui/gdmchooser.c, gui/gdmconfig.[ch], daemon/xdmcp.c, daemon/verify-pam.c, daemon/server.c, - daemon/gdmconfig.c, daemon/errorgui.c, daemon/misc.c: Fix warnings + daemon/gdmconfig.c, daemon/errorgui.c, daemon/misc.c: Fix warnings and fix an assertion in gdm because it called - gdm_xdmcp_send_forward_query also for IPv6. Patch by Ludwig Nussel + gdm_xdmcp_send_forward_query also for IPv6. Patch by Ludwig Nussel . : 2006-01-26 Brian Cameron @@ -463,9 +473,9 @@ 2006-01-21 Brian Cameron - * Release 2.17.6: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.6: + * configure.ac: Update to new release version. + * NEWS: Updated. 2007-01-21 Lukasz Zalewski @@ -496,9 +506,9 @@ 2006-01-07 Brian Cameron - * Release 2.17.5: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.5: + * configure.ac: Update to new release version. + * NEWS: Updated. 2006-01-07 Brian Cameron @@ -590,26 +600,26 @@ * daemon/gdm.c, daemon/gdmconfig.c, gui/gdmsetup.c, gui/gdmlogin.c, gui/greeter/greeter_action_language.c, gui/greeter/greeter_system.c: Fixes for compiling - with gcc 2.95. Fixes bugs #385644 and #385650. - Patch provided by Jens Granseuer . + with gcc 2.95. Fixes bugs #385644 and #385650. + Patch provided by Jens Granseuer . 2006-12-13 Brian Cameron - * Release 2.17.4: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.4: + * configure.ac: Update to new release version. + * NEWS: Updated. * docs/C/gdm.xml: Update version number. 2006-12-10 Lukasz Zalewski * vicious-extension/ve-nongnome.c, gui/gdmsetup.c, gui/gdmsetup.glade, gui/greeter/greeter.c, - gui/gdmlogin.c, gui/gdmchooser.c, gui/gdmsession.[ch], - gui/gdmcommon.c, gui/greeter/greeter_canvas_item.c, - gui/greeter_item_customlist.c, - gui/greeter/greeter_item_pam.c, - gui/greeter/greeter_geometry.c: Additional fixes for bug/feature - request #334186. Fixed some of the compiler warnings. + gui/gdmlogin.c, gui/gdmchooser.c, gui/gdmsession.[ch], + gui/gdmcommon.c, gui/greeter/greeter_canvas_item.c, + gui/greeter_item_customlist.c, + gui/greeter/greeter_item_pam.c, + gui/greeter/greeter_geometry.c: Additional fixes for bug/feature + request #334186. Fixed some of the compiler warnings. 2006-12-08 Brian Cameron @@ -632,7 +642,7 @@ 2006-12-07 Lukasz Zalewski - Fixes bug/feature request #334186. + Fixes bug/feature request #334186. Fixes bug #343206 Fixes bug #347101 * gui/gdmsession. [ch] (_gdm_session_list_init): Replaces functionality @@ -683,9 +693,9 @@ 2006-12-04 Brian Cameron - * Release 2.17.3: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.3: + * configure.ac: Update to new release version. + * NEWS: Updated. * docs/C/gdm.xml: Update version number. 2006-12-04 Brian Cameron @@ -717,7 +727,7 @@ 2006-11-28 Brian Cameron * config/Xsession.in config/default.desktop.in: Since the - default.desktop file really just runs the Xclients script + default.desktop file really just runs the Xclients script it should have a better name that specifies this is what it does. Modify the default fallback program if no Xclients file exists to xterm since xsm isn't on all @@ -743,7 +753,7 @@ 2006-11-08 Lukasz Zalewski - More changes related to bug #352924. + More changes related to bug #352924. * gui/gdmsetup.c: Made warnings more self-explanatory when no themes are selected in "Random from selected" mode. Enabled back the delete button on the "Random from selected" view for the currently selected @@ -762,27 +772,27 @@ 2006-11-06 Brian Cameron - * daemon/verify-pam.c: Update to make casting more clear. - This fixes a problem noticed with the Kerberos PAM module. - Kerberos was sending the proper error message but gdm was not - accessing it properly. This message comes as "struct pam_message" - and is accesed using a double pointer "**msg".GDM was treating - msg as a pointer to an array of "num_msg"s of "struct pam_message" - whereas it actually is pointer to a pointer to an array of - "num_msg"s of "struct pam_message". + * daemon/verify-pam.c: Update to make casting more clear. + This fixes a problem noticed with the Kerberos PAM module. + Kerberos was sending the proper error message but gdm was not + accessing it properly. This message comes as "struct pam_message" + and is accesed using a double pointer "**msg".GDM was treating + msg as a pointer to an array of "num_msg"s of "struct pam_message" + whereas it actually is pointer to a pointer to an array of + "num_msg"s of "struct pam_message". 2006-11-06 Brian Cameron - * Release 2.17.2: - * configure.ac: Update to new release version. - * NEWS: Updated. + * Release 2.17.2: + * configure.ac: Update to new release version. + * NEWS: Updated. * docs/C/gdm.xml: Update version number. * utils/Makefile.am: Add back X_EXTRA_LIBS and X_LIBS to gdm-dmx-reconnect-proxy to fix bug #368808. 2006-11-04 Lukasz Zalewski - Fixes bug #352924. + Fixes bug #352924. * gui/gdmsetup.c: Added warnings when no themes are selected in Random from selected mode. Random from selected option can only be enabled only and only if one or more themes are selected. Also @@ -831,12 +841,12 @@ 2006-10-30 Brian Cameron - * Release 2.17.1: - * NEWS: Updated. - * configure.ac: Update to new release version. - * gui/greeter/greeter_canvas_item.c, gui/greeter/greeter_system.c: - Back out patch from 10/17 from Sebastien Bacher - since we don't have icons yet. + * Release 2.17.1: + * NEWS: Updated. + * configure.ac: Update to new release version. + * gui/greeter/greeter_canvas_item.c, gui/greeter/greeter_system.c: + Back out patch from 10/17 from Sebastien Bacher + since we don't have icons yet. * docs/C/gdm.xml: Fix docs. 2006-10-30 Brian Cameron @@ -848,17 +858,17 @@ 2006-10-30 Brian Cameron - * gui/greeter/greeter.c, gui/greeter/greeter_item_ulist.[ch], - gui/greeter_item_pam.c: Similar usability fixes for gdmgreeter. - OK/Cancel buttons are now sensitive/insensitive (but only if - using GTK style buttons), and the userlist now is not shown - if there are no users. Added a new item id "userlist-rect" - which can be used to specify the rectangle containing the - userlist, so it can also disappear when the userlist is - empty. - * gui/greeter/themes/happygnome-list/happygnome.xml: Now use - "userlist-rect" so the alpha rectangle goes away when the - list is empty. + * gui/greeter/greeter.c, gui/greeter/greeter_item_ulist.[ch], + gui/greeter_item_pam.c: Similar usability fixes for gdmgreeter. + OK/Cancel buttons are now sensitive/insensitive (but only if + using GTK style buttons), and the userlist now is not shown + if there are no users. Added a new item id "userlist-rect" + which can be used to specify the rectangle containing the + userlist, so it can also disappear when the userlist is + empty. + * gui/greeter/themes/happygnome-list/happygnome.xml: Now use + "userlist-rect" so the alpha rectangle goes away when the + list is empty. * docs/C/gdm.xml: Add information about userlist-rect id. 2006-10-30 Brian Cameron @@ -936,7 +946,7 @@ * docs/C/gdm.xml: Corrections to spelling and grammar mistakes. Patch by Malcolm Parsons . Also updated docs for list combo style to indicate this feature is - supported in GDM 2.18 and later. + supported in GDM 2.18 and later. 2006-10-23 Dwayne Bailey @@ -977,9 +987,9 @@ 2006-10-16 Brian Cameron - * Release 2.17.0: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.17.0: + * NEWS: Updated. + * configure.ac: Update to new release version. * docs/C/gdm.xml: Update version number. 2006-10-16 Brian Cameron @@ -1004,7 +1014,7 @@ 2006-10-08 Brian Cameron - * daemon/auth.c: Fix comment. + * daemon/auth.c: Fix comment. 2006-10-08 Brian Cameron @@ -1108,9 +1118,9 @@ 2006-09-04 Brian Cameron - * Release 2.16.0: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.16.0: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-09-04 Brian Cameron @@ -1120,9 +1130,9 @@ 2006-09-04 Brian Cameron - * Release 2.16.0: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.16.0: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-08-23 Brian Cameron @@ -1135,9 +1145,9 @@ 2006-08-21 Brian Cameron - * Release 2.15.10: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.15.10: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-08-15 Kjartan Maraas @@ -1155,9 +1165,9 @@ 2006-08-07 Brian Cameron - * Release 2.15.9: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.15.9: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-08-03 Brian Cameron @@ -1205,9 +1215,9 @@ 2006-07-31 Brian Cameron - * Release 2.15.8: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.15.8: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-07-31 Brian Cameron @@ -1223,9 +1233,9 @@ 2006-07-24 Brian Cameron - * Release 2.15.7: - * NEWS: Updated. - * configure.ac: Update to new release version. Removing + * Release 2.15.7: + * NEWS: Updated. + * configure.ac: Update to new release version. Removing docs/sv/Makefile from files to create, since it seems to have build problems. @@ -1268,9 +1278,9 @@ 2006-07-10 Brian Cameron - * Release 2.15.6: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.15.6: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-06-30 Brian Cameron @@ -1316,9 +1326,9 @@ 2006-06-12 Brian Cameron - * Release 2.15.5: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.15.5: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-06-09 Brian Cameron @@ -1337,9 +1347,9 @@ 2006-06-07 Brian Cameron - * Release 2.15.4: - * NEWS: Updated. - * configure.ac: Update to new release version. + * Release 2.15.4: + * NEWS: Updated. + * configure.ac: Update to new release version. 2006-06-06 Brian Cameron diff --git a/NEWS b/NEWS index 4f2a4a9..889ef96 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,16 @@ Ahh news... +2.18.4 Stuff: + +- Fix for CVE-2007-3381, a denial of service attack where the + user can crash the GDM daemon with a carefuly crafted + GDM sockets command and cause GDM to stop managing future + displays. GDM now is much better about safegarding against + NULL values returned from g_strsplit calls. (Brian Cameron) + +- Remove setting hints.ai_family != AF_INET6 to fix bug #455190. + (Brian Cameron) + 2.18.3 Stuff: - Fix crashing issue with XDMCP logic. Fixes bug #436725. (Brian diff --git a/configure.ac b/configure.ac index 3a5e4fb..e61f8e0 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.52) AC_INIT(daemon/gdm.h) AM_CONFIG_HEADER(config.h) -AM_INIT_AUTOMAKE(gdm,2.18.3) +AM_INIT_AUTOMAKE(gdm,2.18.4) AC_CONFIG_MACRO_DIR([m4]) AM_MAINTAINER_MODE