Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 28220 - security upd.: kdbg 1.2.9.ebuild
Summary: security upd.: kdbg 1.2.9.ebuild
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] KDE (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo KDE team
URL:
Whiteboard:
Keywords: EBUILD
: 28153 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-09-08 15:37 UTC by Carsten Lohrke (RETIRED)
Modified: 2003-09-15 23:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
kdbg-1.2.9.ebuild (kdbg-1.2.9.ebuild,460 bytes, text/plain)
2003-09-08 15:38 UTC, Carsten Lohrke (RETIRED) 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2003-09-08 15:37:53 UTC 
Security Release Note:  Fixed the security flaw which version 1.2.8 was supposed
to, but did not, fix. The flaw enables any other local user to gain the
privileges of the user running KDbg provided the other users can access the
directory of the program being debugged. All versions of KDbg from 1.1.8 to
1.2.8, inclusive, including all development versions, are vulnerable. 
(copied from apps.kde.com)

What's the gentoo policy - is KDE 2.x still supported? I'm asking, because the
ebuild could support it, but I don't know how to do this. need-kde() doesn't
support something like >=2 and the kde-functions.eclass doesn't export
kde[minor/major] versions as distutils.eclass with $PYVER. btw.: Shouldn't be
there a eclass variable naming agreement? $PYVER_MAJOR & $KDEMAJORVER isn't
consistent.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Carsten Lohrke (RETIRED) gentoo-dev 2003-09-08 15:38:25 UTC 
Created attachment 17288 [details]
kdbg-1.2.9.ebuild
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2003-09-08 16:51:37 UTC 
Dan: added you, because you are the author of kde-functions.eclass
Comment 3 Caleb Tennis (RETIRED) gentoo-dev 2003-09-09 07:07:26 UTC 
Adding security so that they can file a GLSA if they deem it appropriate. 
 
Removing dan since he doesn't want bugs assigned to him anymore. 
 
The ebuild has been added - waiting for security team to make a move before resolving the 
bug.
Comment 4 Carsten Lohrke (RETIRED) gentoo-dev 2003-09-09 08:23:33 UTC 
Caleb: Sorry, I didn't know that Dan don't want to get bugs assigned. The questions remain...

- is KDE 2.x still supported?
- how about kde-functions.eclass / KDE version export - should I file an extra bug report? e.g. In #27401 I worked around this, comparing $KDEDIR with a hardcoded path, to distinct between KDE 3 and 3.x. But that's the way it should work.
Comment 5 Caleb Tennis (RETIRED) gentoo-dev 2003-09-09 08:31:10 UTC 
We are not supporting kde 2 and only leaving it available in portage for posterity.  I haven't 
been applying security fixes for it either.  I suppose it will be taken out in the next few 
months. 
 
As far as the second part goes, I don't have a good answer.  Your hacked solution in the 
pykde ebuild probably isn't the best, but if it works I say it's okay.  If we need to make 
changes to the eclass, go ahead and file another bug.
Comment 6 Caleb Tennis (RETIRED) gentoo-dev 2003-09-15 19:36:12 UTC 
this ebuild has been put in portage.
Comment 7 Caleb Tennis (RETIRED) gentoo-dev 2003-09-15 19:36:34 UTC 
*** Bug 28153 has been marked as a duplicate of this bug. ***