First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 28220
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo KDE team <kde@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
kdbg-1.2.9.ebuild kdbg-1.2.9.ebuild text/plain Carsten Lohrke 2003-09-08 15:38 0000 460 bytes Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 28220 depends on: Show dependency tree
Bug 28220 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-09-08 15:37 0000 
Security Release Note:  Fixed the security flaw which version 1.2.8 was
supposed
to, but did not, fix. The flaw enables any other local user to gain the
privileges of the user running KDbg provided the other users can access the
directory of the program being debugged. All versions of KDbg from 1.1.8 to
1.2.8, inclusive, including all development versions, are vulnerable. 
(copied from apps.kde.com)

What's the gentoo policy - is KDE 2.x still supported? I'm asking, because the
ebuild could support it, but I don't know how to do this. need-kde() doesn't
support something like >=2 and the kde-functions.eclass doesn't export
kde[minor/major] versions as distutils.eclass with $PYVER. btw.: Shouldn't be
there a eclass variable naming agreement? $PYVER_MAJOR & $KDEMAJORVER isn't
consistent.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Carsten Lohrke 2003-09-08 15:38:25 0000 ------- 
Created an attachment (id=17288) [details]
kdbg-1.2.9.ebuild

------- Comment #2 From Carsten Lohrke 2003-09-08 16:51:37 0000 ------- 
Dan: added you, because you are the author of kde-functions.eclass

------- Comment #3 From Caleb Tennis 2003-09-09 07:07:26 0000 ------- 
Adding security so that they can file a GLSA if they deem it appropriate. 
 
Removing dan since he doesn't want bugs assigned to him anymore. 
 
The ebuild has been added - waiting for security team to make a move before resolving the 
bug.

------- Comment #4 From Carsten Lohrke 2003-09-09 08:23:33 0000 ------- 
Caleb: Sorry, I didn't know that Dan don't want to get bugs assigned. The
questions remain...

- is KDE 2.x still supported?
- how about kde-functions.eclass / KDE version export - should I file an extra
bug report? e.g. In #27401 I worked around this, comparing $KDEDIR with a
hardcoded path, to distinct between KDE 3 and 3.x. But that's the way it should
work.

------- Comment #5 From Caleb Tennis 2003-09-09 08:31:10 0000 ------- 
We are not supporting kde 2 and only leaving it available in portage for
posterity.  I haven't 
been applying security fixes for it either.  I suppose it will be taken out in
the next few 
months. 

As far as the second part goes, I don't have a good answer.  Your hacked
solution in the 
pykde ebuild probably isn't the best, but if it works I say it's okay.  If we
need to make 
changes to the eclass, go ahead and file another bug.

------- Comment #6 From Caleb Tennis 2003-09-15 19:36:12 0000 ------- 
this ebuild has been put in portage.

------- Comment #7 From Caleb Tennis 2003-09-15 19:36:34 0000 ------- 
*** Bug 28153 has been marked as a duplicate of this bug. ***
First Last Prev Next    No search results available      Search page      Enter new bug