Bug#450603: kdm: Please add support for ConsoleKit
Package: kdm Version: 4:3.5.8.dfsg.1-1 Severity: normal Tags: patch Hi Debian Qt/KDE Maintainers, the pkg-utopia team is going to upload a hal version to experimental, which has compiled in support for ConsoleKit/PolicyKit and we plan to upload this version to unstable later if nothing goes awfully wrong. This means, that hal clients in the desktop session have to be active, in order to call hal methods ( at least for stuff like Suspend()/Hibernate()/Mount() ). For this to work, the login manager has to register the session on login with ConsoleKit. Then ConsoleKit allows to track, if the desktop session is active or not. This allows to fix many longstanding issues with regard to fast user switching. gdm already has support for ConsoleKit (upstream) and the attached patch also adds ConsoleKit support to kdm. It only adds a dependency on D-Bus. Running kdm without ConsoleKit being installed is still possible, so it's perfectly safe to include this patch now, even if the current hal version in unstable doesn't require it yet. This is a heads up, to give you enough time to upload an updated kdm version, before the CK/PK enabled hal version is uploaded to unstable. So please consider to add this patch to your next upload. Cheers, Michael -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (300, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.23 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages kdm depends on: ii debconf [debconf-2.0] 1.5.16 Debian configuration management sy ii kdebase-bin 4:3.5.8.dfsg.1-1 core binaries for the KDE base mod ii kdebase-data4:3.5.8.dfsg.1-1 shared data files for the KDE base ii kdelibs4c2a 4:3.5.8.dfsg.1-3 core libraries and binaries for al ii libc6 2.6.1-6 GNU C Library: Shared libraries ii libdbus-1-3 1.1.2-1 simple interprocess messaging syst ii libgcc1 1:4.2.2-3GCC support library ii libpam-runtime 0.99.7.1-5 Runtime support for the PAM librar ii libpam0g0.99.7.1-5 Pluggable Authentication Modules l ii libqt3-mt 3:3.3.7-9Qt GUI Library (Threaded runtime v ii libstdc++6 4.2.2-3 The GNU Standard C++ Library v3 ii libx11-62:1.0.3-7X11 client-side library ii libxau6 1:1.0.3-2X11 authorisation library ii libxdmcp6 1:1.0.2-2X11 Display Manager Control Protoc ii libxtst62:1.0.3-1X11 Testing -- Resource extension ii xbase-clients 1:7.3+3 miscellaneous X clients - metapack Versions of packages kdm recommends: ii logrotate 3.7.1-3Log rotation utility ii xserver-xorg 1:7.3+3the X.Org X server -- debconf information excluded diff -up kdebase-3.5.8/kdm/configure.in.in.consolekit kdebase-3.5.8/kdm/configure.in.in --- kdebase-3.5.8/kdm/configure.in.in.consolekit2006-01-19 11:03:15.0 -0600 +++ kdebase-3.5.8/kdm/configure.in.in 2007-10-13 12:29:13.0 -0500 @@ -240,4 +240,51 @@ if test "x$with_kdm_xconsole" = xyes; th AC_DEFINE(WITH_KDM_XCONSOLE, 1, [Build kdm with built-in xconsole]) fi +### Check for DBus + + AC_MSG_CHECKING(for DBus) + + dbus_inc=NOTFOUND + dbus_lib=NOTFOUND + dbus=NOTFOUND + + search_incs="$kde_includes $kde_extra_includes /usr/include /usr/include/dbus-1.0 /usr/local/include /usr/local/include/dbus-1.0" + AC_FIND_FILE(dbus/dbus.h, $search_incs, dbus_incdir) + + search_incs_arch_deps="$kde_includes $kde_extra_includes /usr/lib$kdelibsuff/dbus-1.0/include /usr/local/lib$kdelibsuff/dbus-1.0/include" + AC_FIND_FILE(dbus/dbus-arch-deps.h, $search_incs_arch_deps, dbus_incdir_arch_deps) + + if test -r $dbus_incdir/dbus/dbus.h && test -r $dbus_incdir_arch_deps/dbus/dbus-arch-deps.h ; then +DBUS_INCS="-I$dbus_incdir -I$dbus_incdir_arch_deps" +dbus_inc=FOUND + fi + + search_libs="$kde_libraries $kde_extra_libs /usr/lib$kdelibsuff /usr/local/lib$kdelibsuff" + AC_FIND_FILE(libdbus-1.so, $search_libs, dbus_libdir) + + if test -r $dbus_libdir/libdbus-1.so ; then +DBUS_LIBS="-L$dbus_libdir -ldbus-1" +dbus_lib=FOUND + fi + + if test $dbus_inc != FOUND || test $dbus_lib != FOUND ; then +KDE_PKG_CHECK_MODULES( DBUS, "dbus-1", [ DBUS_INCS=$DBUS_CFLAGS; dbus_inc=FOUND; dbus_lib=FOUND; ] , AC_MSG_RESULT( Nothing found on PKG_CONFIG_PATH ) ) + fi + + dbus_bus_var=`pkg-config --variable=system_bus_default_address dbus-1 2>/dev/null` + if test -z "$dbus_bus_var"; then +dbus_bus_var="unix:path=/var/run/dbus/system_bus_socket" + fi + AC_DEFINE_UNQUOTED(DBUS_SYSTEM_BUS, "$dbus_bus_var", [Define the unix domain path for dbus system bus]) + + if test $dbus_inc = FOUND && test $dbus_lib
Bug#450630: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
Package: kdegraphics Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for poppler. CVE-2007-4352[0]: | Array index error in the DCTStream::readProgressiveDataUnit method in | xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote | attackers to trigger memory corruption and execute arbitrary code via | a crafted PDF file. CVE-2007-5392[1]: | Integer overflow in the DCTStream::reset method in | xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows | remote attackers to execute arbitrary code via a crafted PDF | file, resulting in a heap-based buffer overflow. CVE-2007-5393[2]: | Heap-based buffer overflow in the CCITTFaxStream::lookChar | method in xpdf/Stream.cc in Xpdf 3.02 with | xpdf-3.02pl1.patch allows remote attackers to execute | arbitrary code via a PDF file that contains a crafted | CCITTFaxDecode filter. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpzlEaZCk3mT.pgp Description: PGP signature
Processed: Re: Bug#450630: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
Processing commands for [EMAIL PROTECTED]: > #we have a patch from upstream for this > tags 450630 +patch Bug#450630: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution Tags were: security Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: Re: Bug#450631: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
Processing commands for [EMAIL PROTECTED]: > #Upstream already submited patch for this > tags 450631 +patch Bug#450631: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution Tags were: security Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#450631: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
Package: koffice Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xpdf and koffice includes this code. CVE-2007-4352[0]: | Array index error in the DCTStream::readProgressiveDataUnit method in | xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote | attackers to trigger memory corruption and execute arbitrary code via | a crafted PDF file. CVE-2007-5392[1]: | Integer overflow in the DCTStream::reset method in | xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows | remote attackers to execute arbitrary code via a crafted PDF | file, resulting in a heap-based buffer overflow. CVE-2007-5393[2]: | Heap-based buffer overflow in the CCITTFaxStream::lookChar | method in xpdf/Stream.cc in Xpdf 3.02 with | xpdf-3.02pl1.patch allows remote attackers to execute | arbitrary code via a PDF file that contains a crafted | CCITTFaxDecode filter. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpPcqOk1PIvb.pgp Description: PGP signature
Bug#450542: marked as done (kdebase-runtime-*: file clash with kdebase-*)
Your message dated Thu, 8 Nov 2007 17:17:20 +0100 with message-id <[EMAIL PROTECTED]> and subject line Bug#450542: kdebase-runtime-*: file clash with kdebase-* has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: kdebase-runtime-data, kdebase-runtime-bin Version: 4:3.95.0-1 Severity: serious Looks like there are missing conflicts and/or Replaces fields: Unpacking kdebase-runtime-data (from .../kdebase-runtime-data_4%3a3.95.0-1_all.deb) ... dpkg: error processing /var/cache/apt/archives/kdebase-runtime-data_4%3a3.95.0-1_all.deb (--unpack): trying to overwrite `/usr/share/desktop-directories/kde-information.directory', which is also in package kdebase-data dpkg-deb: subprocess paste killed by signal (Broken pipe) Unpacking kdebase-runtime-bin (from .../kdebase-runtime-bin_4%3a3.95.0-1_i386.deb) ... dpkg: error processing /var/cache/apt/archives/kdebase-runtime-bin_4%3a3.95.0-1_i386.deb (--unpack): trying to overwrite `/usr/bin/kreadconfig', which is also in package kdebase-bin dpkg-deb: subprocess paste killed by signal (Broken pipe) -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (90, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.19.1-smp (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash --- End Message --- --- Begin Message --- Hi! Please don't file bugs yet against KDE4 packages. They are not ready for prime time and will be heavily changed. We're working on co-installability of kde4-runtime and kde3-base right now, but some issues still need to be resolved. If you find bugs in KDE4 itself please file them at bugs.kde.org. Greetings, Armin --- End Message ---
KDE
SVN commit 734468 by mueller: fix FSF address M +2 -2 kdeartwork/IconThemes/nuvola/license.txt M +1 -1 kdeartwork/IconThemes/nuvola/readme.txt M +1 -1 kdebase/runtime/phonon/xine/net_buf_ctrl.c M +1 -1 kdebase/runtime/phonon/xine/net_buf_ctrl.h M +1 -1 kdebase/workspace/libs/solid/control/bluetoothinterface.h M +2 -2 kdebase/workspace/plasma/dataengines/weather/COPYING M +1 -1 kdebindings/COPYING M +1 -1 kdebindings/COPYING.LIB M +1 -1 kdebindings/csharp/qyoto/COPYING M +3 -3 kdebindings/python/pykde4/COPYING M +1 -1 kdebindings/python/pykde4/configure.py M +1 -1 kdebindings/python/pykde4/configure.template M +3 -3 kdebindings/python/pykde4/docs/html/COPYING.html M +1 -1 kdebindings/python/pykde4/pykde3920.prj M +1 -1 kdebindings/python/pykde4/pykdeconfig.py.in M +1 -1 kdebindings/python/pykde4/sip/kdecore/ksystemtimezone.sip M +1 -1 kdebindings/python/pykde4/sip/kdecore/ktzfiletimezone.sip M +1 -1 kdebindings/python/pykde4/sip/kdeui/kpalette.sip M +1 -1 kdebindings/python/pykde4/sip/kdeui/ktimezone.sip M +1 -1 kdebindings/python/pykde4/sip/kio/kdirnotify.sip M kdebindings/ruby/korundum/tools/rbkconfig_compiler/autoexample.rb M kdebindings/ruby/korundum/tools/rbkconfig_compiler/example.rb M +1 -1 kdebindings/ruby/qtruby/COPYING M +1 -1 kdebindings/ruby/qtruby/tools/rbuic/LICENSE.GPL M +2 -2 kdebindings/xparts/COPYING M +2 -2 kdebindings/xparts/xpart_notepad/xp_notepad_factory.cpp M +2 -2 kdebindings/xparts/xpart_notepad/xp_notepad_factory.h M +2 -2 kdeedu/khangman/fonts/licenseDomesticManners.txt M +2 -2 kdeedu/khangman/fonts/licenseDustimo.txt M +2 -2 kdeedu/kstars/COPYING M +2 -2 kdeedu/kstars/kstars/indi/LICENSE M +1 -1 kdeedu/kstars/kstars/indi/drivers/ccd/sbigcam.h M +1 -1 kdeedu/kstars/kstars/indi/drivers/focuser/robofocusdriver.c M +1 -1 kdeedu/kstars/kstars/indi/drivers/telescope/orionatlas.h M +1 -1 kdeedu/kstars/kstars/indi/drivers/video/stv.c M +1 -1 kdeedu/kstars/kstars/indi/drivers/video/stvdriver.c M +2 -2 kdeedu/kstars/kstars/indi/drivers/video/stvdriver.h M +2 -2 kdeedu/marble/src/lib/geodata/GeoDataTest.cpp M +2 -2 kdeedu/marble/src/lib/geodata/data/GeoDataDocument.cpp M +2 -2 kdeedu/marble/src/lib/geodata/data/GeoDataDocument.h M +2 -2 kdeedu/marble/src/lib/geodata/data/GeoDataFolder.cpp M +2 -2 kdeedu/marble/src/lib/geodata/data/GeoDataFolder.h M +2 -2 kdeedu/marble/src/lib/geodata/handlers/gpx/GPXElementDictionary.cpp M +2 -2 kdeedu/marble/src/lib/geodata/handlers/gpx/GPXElementDictionary.h M +2 -2 kdeedu/marble/src/lib/geodata/handlers/gpx/GPXgpxTagHandler.cpp M +2 -2 kdeedu/marble/src/lib/geodata/handlers/gpx/GPXgpxTagHandler.h M +2 -2 kdeedu/marble/src/lib/geodata/handlers/kml/KMLDocumentTagHandler.cpp M +2 -2 kdeedu/marble/src/lib/geodata/handlers/kml/KMLDocumentTagHandler.h M +2 -2 kdeedu/marble/src/lib/geodata/handlers/kml/KMLElementDictionary.cpp M +2 -2 kdeedu/marble/src/lib/geodata/handlers/kml/KMLElementDictionary.h M +2 -2 kdeedu/marble/src/lib/geodata/handlers/kml/KMLFolderTagHandler.cpp M +2 -2 kdeedu/marble/src/lib/geodata/handlers/kml/KMLFolderTagHandler.h M +2 -2 kdeedu/marble/src/lib/geodata/parser/GeoDataParser.cpp M +2 -2 kdeedu/marble/src/lib/geodata/parser/GeoDataParser.h M +2 -2 kdeedu/marble/src/lib/geodata/parser/GeoDataTagHandler.cpp M +2 -2 kdeedu/marble/src/lib/geodata/parser/GeoDataTagHandler.h M +1 -1 kdegames/kiriki/src/computer.cpp M +2 -2 kdegames/kpat/patsolve/COPYING M +2 -2 kdegames/ksudoku/COPYING M +2 -2 kdegames/libkdegames/carddecks/svg-cards-2.0/COPYING M +2 -2 kdegames/lskat/COPYING M +1 -1 kdegraphics/gwenview/app/configdialog.cpp M +1 -1 kdegraphics/gwenview/app/configdialog.h M +1 -1 kdegraphics/gwenview/app/fileopscontextmanageritem.cpp M +1 -1 kdegraphics/gwenview/app/fileopscontextmanageritem.h M +1 -1 kdegraphics/gwenview/app/imagemetainfodialog.cpp M +1 -1 kdegraphics/gwenview/app/imagemetainfodialog.h M +1 -1 kdegraphics/gwenview/app/imageopscontextmanageritem.cpp M +1 -1 kdegraphics/gwenview/app/imageopscontextmanageritem.h M +1 -1 kdegraphics/gwenview/app/savebar.cpp M +1 -1 kdegraphics/gwenview/app/savebar.h M +1 -1 kdegraphics/gwenview/app/thumbnailviewhelper.cpp M +1 -1 kdegraphics/gwenview/app/thumbnailviewhelper.h M +1 -1 kdegraphics/gwenview/lib/abstractimageoperation.cpp M +1 -1 kdegraphics/gwenview/lib/abstractimageoperation.h M +1 -1
