diff options
| -rw-r--r-- | ChangeLog | 16 | ||||
| -rw-r--r-- | NEWS | 30 | ||||
| -rw-r--r-- | configure.ac | 2 |
3 files changed, 42 insertions, 6 deletions
@@ -1,5 +1,12 @@ +2007-07-09 Brian Cameron <brian.cameron@sun.com> + + * Release 2.19.5: + * configure.ac: Updated to new release version + * NEWS: Updated. + 2007-07-30 Brian Cameron <brian.cameron@sun.com> + More work to fix CVE-2007-3381. * common/gdm-common.c: Now use g_strv_length to calculate the array size. * gui/gdmsetup.c: Use an assert to check that the array is not @@ -11,11 +18,6 @@ on FreeBSD with symbol conflict since their utmp code needs to call a function called login. Partially fixes #456697. -2007-07-30 Brian Cameron <brian.cameron@sun.com> - - * daemon/gdm.c: Fix double fclose of pid file. Fixes bug #461822. - Patch by Oliver Blin <blino@mandriva.org>. - 2007-07-30 Lukasz Zalewski <lukas@dcs.qmul.ac.uk> * daemon/gdm.c, gui/gdmsetup.glade: Fixed some sting translation @@ -53,6 +55,10 @@ 2007-07-11 Brian Cameron <brian.cameron@sun.com> + This fixes CVE-2007-3381 - a denial of service attack where + the user can crash the GDM daemon with a carefully crafted GDM + sockets command and cause GDM to stop managing future displays. + * daemon/gdm.c, daemon/server.c, common/gdm-common.[ch], common/gdm-common-config.c, gui/gdmlogin.c, gui/gdmcommon.[ch], gui/gdmflexiserver.c, gui/gdmsetup.c, gui/gdmconfig.c, @@ -1,5 +1,35 @@ Ahh news... +2.19.5 Stuff: + +- Fix for CVE-2007-3381, a denial of service attack where the + user can crash the GDM daemon with a carefuly crafted + GDM sockets command and cause GDM to stop managing future + displays. GDM now is much better about safegarding against + NULL values returned from g_strsplit calls. (Brian Cameron) + +- Fix range check for custom commands. (Lukasz Zalewski) + +- Fix string translation issues for bug #460407. + (Lukasz Zalewski) + +- Fix issues with icons not showing up properly in the + gdmgreeter menu. (Michael Terry) + +- Fix memory handling of the dialog which asks if you want + to restart the greeter in a different language. (Takao + Fujiwara) + +- Autodetect the path to the nologin binary to fix GDM so it + works on FreeBSD where nologin is in a different location. + Also fix compile issues for FreeBSD. (Lo\357c Minier) + +- Fix some build issues and code cleanup. (Brian Cameron) + +- Translation updates (Subhransu Behera, Runa Bhattacharjee, + I. Felix, Theppitak Karoonboonyanan, Gabor Kelemen, Priit + Laes, Ankit Patel, Changwoo Ryu, Ilkka Tuohela) + 2.19.4 Stuff: - Now GDM manages utmp/wtmp processing directly rather than diff --git a/configure.ac b/configure.ac index 732d7ace..fb24c1db 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.52) AC_INIT(daemon/gdm.h) AM_CONFIG_HEADER(config.h) -AM_INIT_AUTOMAKE(gdm,2.19.4) +AM_INIT_AUTOMAKE(gdm,2.19.5) AC_CONFIG_MACRO_DIR([m4]) AM_MAINTAINER_MODE AC_GNU_SOURCE |