Bug 152746 - CAN-2004-0419 - XDM in XFree86 socket open vulnerability
CAN-2004-0419 - XDM in XFree86 socket open vulnerability
Status: CLOSED CURRENTRELEASE
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY, QA, rh90
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-05 16:01 EDT by Marc Deslauriers
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:00 EST
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort
is 0, which could allow remote attackers to connect to the port, in violation of
the intended restrictions.

Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900
http://bugs.xfree86.org/show_bug.cgi?id=1376

XFree86 in RH9 is vulnerable



------- Additional Comments From jp107@damtp.cam.ac.uk 2004-07-06 09:53:06 ----

The xfree86 site has a proposed patch though it doesn't apply cleanly (for me),
I'm making a RH9 test srpm with the same test added...

It it builds I'll include the patch (and the diff to the spec) I used and
pointers to the rpms...
 



------- Additional Comments From jp107@damtp.cam.ac.uk 2004-07-06 10:32:05 ----

Well it seems to build so here is a pointer to the diff of the specfile and the
xdm patch itself for RH9.

I should perhaps add that I don't use xdm at all on our RH8 (or RH9) systems (we
do use gdm but that isn't being patched), so I'm not really worried about
possible attacks against xdm myself.

http://www.damtp.cam.ac.uk/user/jp107/legacy/9/XFree86.spec.patch
http://www.damtp.cam.ac.uk/user/jp107/legacy/9/XFree86-4.3.0-xdm-socket-patch-CAN-2004-0419.patch

Is anyone actually interested in fixing this hole?



------- Additional Comments From jp107@damtp.cam.ac.uk 2004-07-06 12:19:38 ----

A test set of RH9 rpms can be found at

http://www.damtp.cam.ac.uk/user/jp107/legacy/9/

e.g. SRPMS/XFree86-4.3.0-2.90.56.legacy.src.rpm

for the source.  I'll not list them all here 'cos it is a long list of packagesm
I'm sure you can all guess the strings.

I've updates one test RH9 machine to these but I don't actually use xdm so it
isn't much of a test (my other test box is busy running memtest86 atm :-)





------- Additional Comments From jp107@damtp.cam.ac.uk 2004-07-08 06:34:12 ----

I'm about to take away my test RH9 machines (stop it running these patched
versions 'cos I need it to try something else).  It has been running with no
obvious ill effects for several days (though not actually using the xdm since it
uses gdm instead).

If people using xdm want a full QA I'm open to suggestions.  My other test RH9
machine will soon have finished running memtest (I hope -- it is a little sloooow).




------- Additional Comments From jpdalbec@ysu.edu 2004-07-21 04:55:42 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

New RHL 7.3 packages are available from 
http://www.fedoralegacy.org/contrib/XFree86/

sha1sums:
584c9df8e0b07e952a6a254ef6f0cb4c995e002b  
XFree86-100dpi-fonts-4.2.1-17.73.27.i386.rpm
60e1ad67aa2acf5a0f5fb995fa5feb5745587bf5  XFree86-4.2.1-17.73.27.i386.rpm
b7852d0c83f7dd004682eb6bebf7a28e71ae2d99  XFree86-4.2.1-17.73.27.src.rpm
1c4b2663a211f26fe593f9e7d9b44c30683fcb44  
XFree86-75dpi-fonts-4.2.1-17.73.27.i386.rpm
2a5fc27e3ffa147df028b00ee22a590642a18acd  
XFree86-base-fonts-4.2.1-17.73.27.i386.rpm
ae6a78e91b2f61173888e383c408338e945f2df2  
XFree86-cyrillic-fonts-4.2.1-17.73.27.i386.rpm
c6903ab7cedd9b8d9ec666bd430a5a7136639fbd  XFree86-devel-4.2.1-17.73.27.i386.rpm
f20a0cd6f7b3089882d2ce472474e7ec87db5959  XFree86-doc-4.2.1-17.73.27.i386.rpm
408a9fb44781548525dc61615364803b7ba57b4f  
XFree86-font-utils-4.2.1-17.73.27.i386.rpm
472cf07eb77ddce7837c2f58c974badd9d3b6ee9  
XFree86-ISO8859-15-100dpi-fonts-4.2.1-17.73.27.i386.rpm
06d7a64cdb920b71fd04f9b499f6402e2940a095  
XFree86-ISO8859-15-75dpi-fonts-4.2.1-17.73.27.i386.rpm
1bf4b46550509759c5979b7a5e48c9b1a600816a  
XFree86-ISO8859-2-100dpi-fonts-4.2.1-17.73.27.i386.rpm
fa0ac955662eae7e1b1493515fee872225deacbf  
XFree86-ISO8859-2-75dpi-fonts-4.2.1-17.73.27.i386.rpm
325c37eb03d99eebf773635862eefd32c59cbc9c  
XFree86-ISO8859-9-100dpi-fonts-4.2.1-17.73.27.i386.rpm
6370fb79b3c040f275da7a4722668e594dcc8765  
XFree86-ISO8859-9-75dpi-fonts-4.2.1-17.73.27.i386.rpm
5b6b54ad5f223ef973cb3c1f572f2bc7bb46cd52  XFree86-libs-4.2.1-17.73.27.i386.rpm
8aecb6ff72c6fee2fbaa70c97bdd409c8b65b6bd  XFree86-tools-4.2.1-17.73.27.i386.rpm
23c7a0b7565ef24cb337f2f520b9dff3652311ef  
XFree86-truetype-fonts-4.2.1-17.73.27.i386.rpm
5bb02669988e4d8b0284aa4fc66e1d0ca140c29b  XFree86-twm-4.2.1-17.73.27.i386.rpm
4384ad100a2380b45b3d07f9775bbf92fb1c007d  XFree86-xdm-4.2.1-17.73.27.i386.rpm
a65c32fa588156485e5b9a89f7c015dab7217ee7  
XFree86-xf86cfg-4.2.1-17.73.27.i386.rpm
ad3613b7b88c595d216ff3b83db5bd8194594169  XFree86-xfs-4.2.1-17.73.27.i386.rpm
7fa3036042e44b8ae43483ba66bda45d7cac8b44  XFree86-Xnest-4.2.1-17.73.27.i386.rpm
b26c6d37ba8e249d2b471c6bf211b48f7361de91  XFree86-Xvfb-4.2.1-17.73.27.i386.rpm

I've installed these on a RHL 7.3 test virtual machine (VMware 4.5.2).
I haven't noticed any lasting problems.  When I first installed the packages
and restarted X it came up on vt10 instead of vt9 as usual.  I rebooted and
X came up on vt9 again.  (I use Bastille's additional logging so vt7 and vt8
are reserved by syslogd.)

I've added the xdm socket patch and fixed parallel building.  I've modified
the .spec file to respect %_smp_mflags (if set) or $RPM_BUILD_NCPUS (if set)
or `getconf _NPROCESSORS_ONLN` in that order.  $RPM_BUILD_NCPUS is a mach-ism.
I tested parallel building by passing "--define '_smp_mflags -j3'" to
"mach build" (which passes them on to "rpm -ba").
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA/njPJL4A+ldA7asRAvdhAKDJUVaT58qtXAV1uTFBQ/1Go4NQrACfXTGN
LHKcKoDrkXsNR6bcQHY0yRM=
=sBoX
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-07-21 09:29:07 ----

John, I don't think the xdm socket patch is needed for 7.3. Here is an excerpt
of the sources before your patch:

void
CreateWellKnownSockets (void)
{
    struct sockaddr_in  sock_addr;
    char *name;
                                                                                
    if (request_port == 0)
            return;
    Debug ("creating socket %d\n", request_port);
    xdmcpFd = socket (AF_INET, SOCK_DGRAM, 0);
    if (xdmcpFd == -1) {
        LogError ("XDMCP socket creation failed, errno %d\n", errno);
        return;
    }
    name = localHostname ();
    registerHostname (name, strlen (name));
    RegisterCloseOnFork (xdmcpFd);

The check for request_port is already present. Besides, your patch adds the
check way after the "xdmcpFd = socket (AF_INET, SOCK_DGRAM, 0);" line, where
it's already too late.





------- Additional Comments From jpdalbec@ysu.edu 2004-07-23 07:47:21 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

++QA RH9

sha1sums:
44a08acc598da7b2f65fd8041716747823cfb0d7  
XFree86-100dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
76013c4fa634704f91806078ef4dbd36ec103346  XFree86-4.3.0-2.90.56.legacy.i386.rpm
47f967f5a8a544d2424658a057691b7e6f0e45bf  
XFree86-75dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
45b1f38d09acc01979459056b4efe230e52d51ec  
XFree86-base-fonts-4.3.0-2.90.56.legacy.i386.rpm
780c8a3c256a53085746e6b71c05435f4aa408f6  
XFree86-cyrillic-fonts-4.3.0-2.90.56.legacy.i386.rpm
7b8b4f2ba02be1236d5c4b73b285c399e412be80  
XFree86-devel-4.3.0-2.90.56.legacy.i386.rpm
b363eef21bd459009653e7d2eba3a72eb398de5f  
XFree86-doc-4.3.0-2.90.56.legacy.i386.rpm
769aa43f79f80dc7f41b37293680c2821157359f  
XFree86-font-utils-4.3.0-2.90.56.legacy.i386.rpm
a6ed90897cbb3288cb564429e557ea257a181127  
XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
e8bcca2fe27e708ffe723176c8e44887fe903827  
XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
d6556d603d0aacc93e6e565b298706969d9a2610  
XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
a688ce989fc025274ae870ae3b66b46527277a11  
XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
8f46c917aead83874a3f8fbe33cfc5d13cf64ddf  
XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
79db9a5fb3d920ad9b9a206ac3649f7ed8ec0638  
XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
0de7e2dca118e166a948ea87eb4408e592c94c6d  
XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
48f2b87a68b45787b3be9106848e47bff01f2b15  
XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.56.legacy.i386.rpm
0dfa9600fad208fad876a0856b3073506559e61b  
XFree86-libs-4.3.0-2.90.56.legacy.i386.rpm
01db3b4f4e36d9887e9a0525991fa02ea60a6f1f  
XFree86-libs-data-4.3.0-2.90.56.legacy.i386.rpm
c705b8648b49f5668d9590f8cb0387987a3e1cbd  
XFree86-Mesa-libGL-4.3.0-2.90.56.legacy.i386.rpm
75a2e63fe1827383e734cf00d71089f9ed194b73  
XFree86-Mesa-libGLU-4.3.0-2.90.56.legacy.i386.rpm
289c119070d7dc90b1d762dfd9dfa9abb576b601  
XFree86-sdk-4.3.0-2.90.56.legacy.i386.rpm
777bd2dfee93e187b214dfa830efdef604ed37fd  
XFree86-syriac-fonts-4.3.0-2.90.56.legacy.i386.rpm
0c620b8fe038a66b9e77aa959a23368655b04ac2  
XFree86-tools-4.3.0-2.90.56.legacy.i386.rpm
d7fdcf21364ba2931b28086974b5bc7ae3ca4299  
XFree86-truetype-fonts-4.3.0-2.90.56.legacy.i386.rpm
1cf076417e7033f3d9ed997daa112a36d43dbefa  
XFree86-twm-4.3.0-2.90.56.legacy.i386.rpm
c97e3b3fe4e39011b865b39cedf440853bf861de  
XFree86-xauth-4.3.0-2.90.56.legacy.i386.rpm
528779a17b09993d8c39b3b4eedd5dd4fd478f80  
XFree86-xdm-4.3.0-2.90.56.legacy.i386.rpm
3e4881733cc1f46ac9a83c93c59df49ada61e7e9  
XFree86-xfs-4.3.0-2.90.56.legacy.i386.rpm
37d7a3d662d82b211206f01f683a075c49bbfac4  
XFree86-Xnest-4.3.0-2.90.56.legacy.i386.rpm
a6e0ee4dab3aa3fb10a1b64c2bc2851b1800250f  
XFree86-Xvfb-4.3.0-2.90.56.legacy.i386.rpm

I installed XFree86, -100dpi-fonts, -75dpi-fonts, -base-fonts, -devel,
- -font-utils, -libs, -libs-data, -Mesa-libGL, -Mesa-libGLU, -tools,
- -truetype-fonts, -twm, -xauth, -xdm, and -xfs on my RHL 9 VM.  I haven't had
any problems.  The ldd output was the same as the previous XFree86 update.

I rebuilt the RPMs from the .src.rpm in mach and didn't see any differences in
the ldd output.  I didn't spot any missing files.  Unfortunately my rebuilt
.src.rpm overwrote the .src.rpm I downloaded so I don't have a sha1sum for it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBAU7iJL4A+ldA7asRAmBoAKCxpwQhPfNsD3JAODgj7aeVRLB+QQCdHNj8
ieSX+FrUryunNCffqewN9G8=
=27Cv
-----END PGP SIGNATURE-----




------- Additional Comments From jpdalbec@ysu.edu 2004-07-26 10:43:30 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

++QA RH9
As a followup to my previous QA, I compared the fedora-unrpm'd .src.rpm files.
The differences look OK to me.

sha1sums:
7154be39cc2d205dae7991b54e8614b2fd9623a0  XFree86-4.3.0-2.90.55.src.rpm
2f99d42bc999ad229c5017165b72bfd944c4c307  XFree86-4.3.0-2.90.56.legacy.src.rpm

diff -urN 
XFree86-4.3.0-2.90.55/XFree86-4.3.0-xdm-socket-patch-CAN-2004-0419.patch 
XFree86-4.3.0-2.90.56.legacy/XFree86-4.3.0-xdm-socket-patch-CAN-2004-0419.patch
- --- XFree86-4.3.0-2.90.55/XFree86-4.3.0-xdm-socket-patch-CAN-2004-0419.patch
1969-12-31 19:00:00.000000000 -0500
+++ 
XFree86-4.3.0-2.90.56.legacy/XFree86-4.3.0-xdm-socket-patch-CAN-2004-0419.patch
2004-07-06 15:50:45.000000000 -0400
@@ -0,0 +1,12 @@
+--- xc/programs/xdm/socket.c.CAN-2004-0419     2004-07-06 20:37:10.000000000 
+0100
++++ xc/programs/xdm/socket.c   2004-07-06 20:41:10.000000000 +0100
+@@ -66,6 +66,9 @@
+     char *name = localHostname ();
+     registerHostname (name, strlen (name));
+ 
++    if (request_port == 0)
++      return;
++
+     chooserFd = socket (AF_INET, SOCK_STREAM, 0);
+     Debug ("Created chooser socket %d\n", chooserFd);
+     if (chooserFd == -1)
diff -urN XFree86-4.3.0-2.90.55/XFree86.spec 
XFree86-4.3.0-2.90.56.legacy/XFree86.spec
- --- XFree86-4.3.0-2.90.55/XFree86.spec        2004-02-12 13:14:46.000000000 -0500
+++ XFree86-4.3.0-2.90.56.legacy/XFree86.spec   2004-07-06 16:26:18.000000000 
- -0400
@@ -22,7 +22,7 @@
 Version: 4.3.0
 #Release: 55.EL
 # Shrike versioning:
- -Release: 2.90.55
+Release: 2.90.56.legacy
 # Psyche versioning:
 #Release: 1.80.55
 
@@ -642,6 +642,7 @@
 # This patch obsoletes above patches 9164, 9165, 9166, 9167, 9168
 Patch9169: 
XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106.patch
 Patch9170: 
XFree86-4.3.0-libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2.pat
ch
+Patch9171: XFree86-4.3.0-xdm-socket-patch-CAN-2004-0419.patch
 
 # PPC64 / ia64 / s390 section
 Patch9203: XFree86-4.3.0-ppc64-support-v3.patch
@@ -1348,6 +1349,7 @@
 # This patch obsoletes patches 916[45678]
 #%patch9169 -p0 -b .libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106
 %patch9170 -p0 -b 
.libXfont-security-CAN-2004-0083-CAN-2004-0084-CAN-2004-0106-v2
+%patch9171 -p0 -b .CAN-2004-0419
 
 %patch9203 -p0 -b .ppc64-support-v3
 %patch9204 -p0 -b .ia64-pci-infinite-loop
@@ -3532,6 +3534,10 @@
 #  patch to aide in troubleshooting bug (#109516)
 
 %changelog
+* Tue Jul  6 2004 J.S.Peatfield <J.S.Peatfield@damtp.cam.ac.uk> 
4.3.0-2.x.56.legac
+- fix CAN-2004-0419 - XDM in XFree86 socket open vulnerability with
+  patch based on one from http://bugs.xfree86.org/show_bug.cgi?id=1376
+
 * Thu Feb 12 2004 Mike A. Harris <mharris@redhat.com> 4.3.0-55
 - Added {x11datadir}/X11/xinit back to package list, which seems to have been
   inadvertently dropped during attempts to get package to compile on Red Hat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBBWyCJL4A+ldA7asRAi9ZAKCQnTzn1BogEaZRX3+8km2Vm20vdQCgtO9d
ReC6Ze5eJdOUQBzg6k2dpgw=
=CkZ8
-----END PGP SIGNATURE-----




------- Additional Comments From jp107@damtp.cam.ac.uk 2004-07-26 11:52:42 ----

Just in case anyone is confused as to which versions need the patch...

XFree86 before 4.3.0 doesn't.  In fact 4.3.0 (plain) doesn't either.  The error
was introduced a long time after 4.3.0 was realeased but was in a patch which RH
happened to pick up and include in the version shipped with RH9 (and fc1 I think).

Unless you have updated XFree86 to use the one included with RH9 then RH73 and
RH8 (etc) are not affected by this.

Of course since xdm is not run as default on RH9 it probably isn't very urgent
anyway.




------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-13 15:00:50 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did QA on the rh9 packages:

2f99d42bc999ad229c5017165b72bfd944c4c307  XFree86-4.3.0-2.90.56.legacy.src.rpm

- - the 1.4 zillion source files are identical to previous release
- - New patch file is good
- - Spec file is good
- - Builds, installs and works good.

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBRkLVLMAs/0C4zNoRAqa5AKC+6HWqmenJiyNWA1PuDDE8OnJsAwCgnF9E
Rumni0AFuOEGbztsRE29XJE=
=GMFV
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-13 15:02:16 ----

Looks like we've got 2 QA done here.



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-17 12:28:43 ----

Created an attachment (id=852)
advisory text draft

Here is a draft for the advisory text



------- Additional Comments From dom@earth.li 2004-09-29 01:05:29 ----

This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/

http://www.redhat.com/archives/fedora-legacy-list/2004-September/msg00152.html



------- Additional Comments From ckelley@ibnads.com 2004-09-29 11:45:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Source:
b311b22fe4d6d4e08f99ea7e59d4be7a6158d66d  XFree86-4.2.1-16.73.27.src.rpm
 
Binary:
8a5738fc0d2aeff3b98e3cfdf28135eeee4385f0 
XFree86-100dpi-fonts-4.2.1-16.73.27.i386.rpm
77ae3b1c10ce7a001f5822c66f6b91f58c94a475  XFree86-4.2.1-16.73.27.i386.rpm
9c899aab10f09516a9003199620d0fc2e04dd014 
XFree86-75dpi-fonts-4.2.1-16.73.27.i386.rpm
9dbf4535e9499d5e3ca21ce44b14859d88a45ac7 
XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.27.i386.rpm
50782370c7d3a524649085b039cb704e1361754b 
XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.27.i386.rpm
28f087c281057110a3dd1ca84c564033b5510c67 
XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.27.i386.rpm
074a8115455791cbfc09c02c4796533c2d00fa57 
XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.27.i386.rpm
1f23b76f196979b8ae5d91cda87f1eb7905be0e7 
XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.27.i386.rpm
65d0f074cade8ac011ec881e91862541f2b7de63 
XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.27.i386.rpm
708d06c728c2df4eb526403eb132630b027da0f2  XFree86-Xnest-4.2.1-16.73.27.i386.rpm
74ba7b4eaae9ca8d44c053afbc18fba9e163f59d  XFree86-Xvfb-4.2.1-16.73.27.i386.rpm
7e365574c9d4c4e56ed042f7119423bc6114dbb5  XFree86-base-fonts-4.2.1-16.73.27.i386.rpm
477b6fa1d9bec3a1bb9f285c8c57622d4d131656 
XFree86-cyrillic-fonts-4.2.1-16.73.27.i386.rpm
704f039490bb3a0e56400f7ec71a9cfb43de129b  XFree86-devel-4.2.1-16.73.27.i386.rpm
56f083d57e4fd5048d5a0548193c03ecb39332f9  XFree86-doc-4.2.1-16.73.27.i386.rpm
cef766b8f14f497279905516cc0743ca0b484a6a  XFree86-font-utils-4.2.1-16.73.27.i386.rpm
fa8d73c984479350425bda006a168d19a4f724a5  XFree86-libs-4.2.1-16.73.27.i386.rpm
f4e2d367b3ac930e68d4c2dae3d4fa78e45eb7e9  XFree86-tools-4.2.1-16.73.27.i386.rpm
8dd9a32c44beb8110897adeaeac66e10a02e5ec2 
XFree86-truetype-fonts-4.2.1-16.73.27.i386.rpm
0083535709b3e46c646551e48d3c6793a0797c6c  XFree86-twm-4.2.1-16.73.27.i386.rpm
889acef55be6e8cc1fa67d1133b03e68d6e4a2b3  XFree86-xdm-4.2.1-16.73.27.i386.rpm
e0f95f9a79dcb83b73bfc284714f1ea9b8f8eeba  XFree86-xf86cfg-4.2.1-16.73.27.i386.rpm
d963b8d19b4cef53c70e60597a57ff2b215af244  XFree86-xfs-4.2.1-16.73.27.i386.rpm
 
I rebuilt the SRPM just fine; everything worked great.  After
installing, I started several X11 clients and an Xnest server -- it
all worked as expected.
 
+VERIFY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFBWyzGyQ+yTHz+jJkRAi2HAJ9fBxgRJoFyOb/gTL6jxHSV3H4vRQCglGj0
UeEhK++fb9OJOgFVy3ppLh0=
=Tupc
-----END PGP SIGNATURE-----




------- Additional Comments From mule@umich.edu 2004-10-01 03:34:02 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
  
7373b7bffdce87d9692f76f1a3f8038a4dd06cfb 
XFree86-100dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
305807aabe1775410489be712b391be6db3ec5e0  XFree86-4.3.0-2.90.57.legacy.i386.rpm
7e8484046cbecc96263abf2d86282e59846cce74  XFree86-4.3.0-2.90.57.legacy.src.rpm
830b762d2ecf3fa41c762640c9cdd930bf272ed2 
XFree86-75dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
2a0a32dbd0e1d329896ff85ace84417054cc651d 
XFree86-base-fonts-4.3.0-2.90.57.legacy.i386.rpm
3740a0e48b10ce45a97d3e60a958a723961b9bf2 
XFree86-cyrillic-fonts-4.3.0-2.90.57.legacy.i386.rpm
18ad671755daeb990882630de217426010a2040d 
XFree86-devel-4.3.0-2.90.57.legacy.i386.rpm
a43d31e70c84e77a4a4a986fdaef0b0a625daa51  XFree86-doc-4.3.0-2.90.57.legacy.i386.rpm
e6c1795cd1915f559d1cf3a583e07a9068092e5a 
XFree86-font-utils-4.3.0-2.90.57.legacy.i386.rpm
89aa4c43ed29222042e0d0d9cf84bd180a591438 
XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
4e715cf42babaa041acaad6ce8f4cfa2255b9af9 
XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
b7c8916aed637c832d9d07fa3d16765e4cd8b263 
XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
58da214f4cc310e41d2aecdd9c38a618a2fd2397 
XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
6a815dba95f9250475de7be29e41faa19a881344 
XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
da8a8c248c56bb2e7e55233e2668e1a6bf184199 
XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
38a71809da1e8e930511f0cc3ce1296ec5d9ba7e 
XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
7320da3031d5e52aff7e5a852d768b281bcb5e78 
XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.57.legacy.i386.rpm
d9c817e6cf113b97de218d71057dde823bffecee  XFree86-libs-4.3.0-2.90.57.legacy.i386.rpm
a1992724b585356c8645e4fa8a77fffa3371e6ae 
XFree86-libs-data-4.3.0-2.90.57.legacy.i386.rpm
658e243b612fa09e4db9f49e2461a9f8df9de6f9 
XFree86-Mesa-libGL-4.3.0-2.90.57.legacy.i386.rpm
8b545b3837ba1dd0c6326aecef464dc42c5b1733 
XFree86-Mesa-libGLU-4.3.0-2.90.57.legacy.i386.rpm
806053982f7777bb0868c3c75d6b21e6c23587e3  XFree86-sdk-4.3.0-2.90.57.legacy.i386.rpm
6b6432e825829a60127cbe61cb281e81eb972221 
XFree86-syriac-fonts-4.3.0-2.90.57.legacy.i386.rpm
3a7b8ae74c215228a6ae1c423ae891a4211fd027 
XFree86-tools-4.3.0-2.90.57.legacy.i386.rpm
579b3456b8ad40f21afb99a5dff7ebe6f1e241ee 
XFree86-truetype-fonts-4.3.0-2.90.57.legacy.i386.rpm
d4efc73d58bbaf3be6868eae6701a9b1654cfafc  XFree86-twm-4.3.0-2.90.57.legacy.i386.rpm
6c49b54fbacd2c1f4f5eed2d3b6a77f79cf8f6a8 
XFree86-xauth-4.3.0-2.90.57.legacy.i386.rpm
8a1553bee519e073d769afadee8848f274000392  XFree86-xdm-4.3.0-2.90.57.legacy.i386.rpm
3b04bd562750b72267403115be089cad469a82d8  XFree86-xfs-4.3.0-2.90.57.legacy.i386.rpm
16db0d71ca67d7fd9c1500b979efcaefcfec65c8 
XFree86-Xnest-4.3.0-2.90.57.legacy.i386.rpm
0237c68cc9d8e2fbafd80c7af519c2587001e672  XFree86-Xvfb-4.3.0-2.90.57.legacy.i386.rpm
   
For Red Hat 9:
   
* Checked spec file - OK
* Checked patch for CAN-2004-0419 - OK
* Built from source - OK
* Installed - OK
* Runs - OK
  
VERIFY++
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
  
iD8DBQFBXLLuTsaUa9pp4VIRAni/AKDhpBkmthE+JFPpysvJeFy47pDy2wCff59B
fYPmsrWxzwo5o+Z7xzYtmYY=
=a4s4
-----END PGP SIGNATURE-----




------- Additional Comments From dom@earth.li 2004-10-03 03:11:34 ----

superceded by bug 2075



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 1831 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1831
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
advisory text draft
https://bugzilla.fedora.us/attachment.cgi?action=view&id=852

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.


Note You need to log in before you can comment on or make changes to this bug.