Bump to latest upstream git (and a new release), fixes CVE-2014-7271 and CVE-2014-7272

How to install

sudo dnf upgrade --advisory=FEDORA-2014-12442

This update has been submitted for testing by mbriza.

7 years ago

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1holn (results are informative only)

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1holw (results are informative only)

I won't give +1/-1 here. This update does solve some issues, for example bug

1123506 and probably bug #1125129, it keeps last username now. I set also to

autologin, and /etc/sddm.conf has "AutoUser=fedora" (test user), but doesn't log in automatically. One thing I probably wasn't able to check, kwallet opening on login (I assume application needs to ask for it, it doesn't open if not asked? bug #1128463)

User Icon orion commented & provided feedback 7 years ago
karma

Works, confirmed #1112841, #1125129, and #1128465 fixed for me. However

1123506 is still an issue and should be removed from this update.

Critical path update approved

7 years ago

Hmm, seems like logout (at least from NFS home) is not working. Session never fully closes. Might not be an sddm issue though.

User Icon orion commented & provided feedback 7 years ago
karma

Confirmed that logout never finishes on my laptop.

Logout issue #1150283

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

orion: I'll look into the logout issue tomorrow with a machine with selinux. Right now on a machine without it, it's fine. bitlord: Config structure has changed, you have to add a "User=" key into a [Auto] section. See sddm --example-config to list every option and section available.

mbriza I can check if there is a .rpmnew for config, and I used sddm-kcm (needs updating?) ( to change those settings, didn't change them manually).

This update has been pushed to testing

7 years ago

bitlord: Currently, there is no /etc/sddm.conf by default. It's used only to override internal settings that can be listed by using "sddm --example-config" or "man sddm.conf". And sorry, the section is [Autologin]... We can discuss this on my mail (m@rtinbriza.cz or kde@lists.fedoraproject.org) or IRC if you will, this is horribly messy.

mbriza has edited this update. New build(s): sddm-0.9.0-2.20141007git6a28c29b.fc21. Removed build(s): sddm-0.9.0-1.20141007git6a28c29b.fc21.

7 years ago

This update has been submitted for testing by mbriza.

7 years ago

AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/1hs67 (results are informative only)

AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/1hs6i (results are informative only)

This update is currently being pushed to the Fedora 21 testing updates repository.

7 years ago

This update has been pushed to testing

7 years ago
User Icon orion commented & provided feedback 7 years ago
karma

logout now works

Critical path update approved

7 years ago
User Icon g6avk commented & provided feedback 7 years ago
karma

A great improvement here, login and logout are working fine now for me and fairly fast as well.

User Icon wolnei commented & provided feedback 7 years ago
karma

Now is possible remain in the same screen if the password is wrong.

This update has reached the stable karma threshold and will be pushed to the stable updates repository

7 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/2715/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/2716/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/2716/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 21 stable updates repository.

7 years ago

This update has been pushed to stable

7 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
modified
7 years ago
BZ#1112841 Cannot log into account with NFS home directory
0
0
BZ#1114192 SELinux is preventing /usr/bin/sddm from 'write' accesses on the file .
0
0
BZ#1119777 PrivateTmp makes files invisible for the same user
0
0
BZ#1123506 sddm startup is slow
0
0
BZ#1125129 SELinux is preventing sddm from 'write' accesses on the file /etc/sddm.conf.
0
0
BZ#1128463 sddm does not open kde wallet with pam_wallet.so
0
0
BZ#1128465 sddm does not run /etc/X11/xinit/Xsession
0
0
BZ#1140386 SDDM login screen is not reached.
0
0
BZ#1148659 sddm: multiple flaws in SDDM display manager leading to privilege escalation to root
0
0
BZ#1148660 sddm: multiple flaws in SDDM display manager leading to privilege escalation to root [fedora-all]
0
0
BZ#1149608 CVE-2014-7271 sddm: user "sddm" can login without authentication.
0
0
BZ#1149610 CVE-2014-7272 sddm: several local privileges escalation issues
0
0
BZ#1149628 CVE-2014-7271 sddm: user "sddm" can login without authentication. [fedora-all]
0
0
BZ#1149629 CVE-2014-7272 sddm: several local privileges escalation issues [fedora-all]
0
0
BZ#1150283 KDE logout never completes
0
0

Automated Test Results