# ChangeLog for x11-apps/xdm
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.45 2006/04/29 16:30:31 joshuabaergen Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/ChangeLog,v 1.46 2006/06/20 16:15:20 spyderous Exp $
+
+*xdm-1.0.4-r1 (20 Jun 2006)
+
+ 20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+ +files/xdm-1.0.4-setuid.diff, -xdm-1.0.3-r1.ebuild, -xdm-1.0.4.ebuild,
+ +xdm-1.0.4-r1.ebuild:
+ Security bump. Failure to check the return value of setuid() in a privileged
+ process could be used by a local user for file overwriting and possible
+ privilege escalation in corner cases. See
+ http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+ information.
*xdm-1.0.4 (29 Apr 2006)
22 Apr 2006; Donnie Berkholz <spyderous@gentoo.org>; xdm-1.0.3-r1.ebuild:
Update xinit dep to 1.0.2-r3, which has the right fixes for xdm speedup.
+ 21 Apr 2006; Donnie Berkholz <spyderous@gentoo.org>; xdm-1.0.3-r1.ebuild:
+ (#130673) Add dep on sessreg (Daniel Waeber).
+
20 Apr 2006; Donnie Berkholz <spyderous@gentoo.org>;
-files/digest-xdm-1.0.3:
(#130593) Somehow an old digest managed to stick around and not end up in th
--- /dev/null
+MD5 aeed9697f27c0730a550a1ac7efdc189 xdm-1.0.4.tar.bz2 363486
+RMD160 fe4f62979d1f4fed394464e535544435c41fb8b3 xdm-1.0.4.tar.bz2 363486
+SHA256 d1c7a90da45ab38100c86311432832dcb968fd58bfc04007b3bcdb5446d6fb9b xdm-1.0.4.tar.bz2 363486
--- /dev/null
+Index: session.c
+===================================================================
+RCS file: /cvs/xorg/app/xdm/session.c,v
+retrieving revision 1.7
+diff -u -r1.7 session.c
+--- session.c 3 Jun 2006 00:05:24 -0000 1.7
++++ session.c 19 Jun 2006 21:30:50 -0000
+@@ -492,8 +492,14 @@
+ else
+ ResetServer (d);
+ if (removeAuth) {
+- setgid (verify.gid);
+- setuid (verify.uid);
++ if (setgid (verify.gid) == -1) {
++ LogError( "SessionExit: setgid: %s\n", strerror(errno));
++ exit(status);
++ }
++ if (setuid (verify.uid) == -1) {
++ LogError( "SessionExit: setuid: %s\n", strerror(errno));
++ exit(status);
++ }
+ RemoveUserAuthorization (d, &verify);
+ #if defined(K5AUTH) && !defined(USE_PAM) /* PAM modules should handle this */
+ /* do like "kdestroy" program */
+Index: xdmshell.c
+===================================================================
+RCS file: /cvs/xorg/app/xdm/xdmshell.c,v
+retrieving revision 1.3
+diff -u -r1.3 xdmshell.c
+--- xdmshell.c 14 Jul 2005 22:58:25 -0000 1.3
++++ xdmshell.c 19 Jun 2006 21:30:50 -0000
+@@ -183,7 +183,11 @@
+ #endif
+
+ /* make xdm run in a non-setuid environment */
+- setuid (geteuid());
++ if (setuid (geteuid()) == -1) {
++ fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n",
++ ProgramName, errno, strerror(errno));
++ exit(1);
++ }
+
+ /*
+ * exec /usr/bin/X11/xdm -nodaemon -udpPort 0
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xdm/xdm-1.0.4-r1.ebuild,v 1.1 2006/06/20 16:15:20 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit multilib x-modular pam
+
+DEFAULTVT="vt7"
+
+DESCRIPTION="X.Org xdm application"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="xprint ipv6 pam"
+RDEPEND="x11-apps/xrdb
+ x11-libs/libXdmcp
+ x11-libs/libXaw
+ >=x11-apps/xinit-1.0.2-r3
+ x11-libs/libX11
+ x11-libs/libXt"
+DEPEND="${RDEPEND}
+ x11-proto/xproto"
+
+PATCHES="${FILESDIR}/wtmp.patch
+ ${FILESDIR}/xwilling-hang.patch
+ ${FILESDIR}/${P}-setuid.diff"
+
+CONFIGURE_OPTIONS="$(use_enable xprint)
+ $(use_enable ipv6)
+ $(use_with pam)
+ --with-default-vt=${DEFAULTVT}
+ --with-xdmconfigdir=/etc/X11/xdm"
+
+pkg_setup() {
+ if use xprint && ! built_with_use x11-libs/libXaw xprint; then
+ die "Build x11-libs/libXaw with USE=xprint."
+ fi
+}
+
+src_install() {
+ x-modular_src_install
+ exeinto /usr/$(get_libdir)/X11/xdm
+ doexe ${FILESDIR}/Xsession
+ newpamd ${FILESDIR}/xdm.pamd xdm
+}
+
+pkg_preinst() {
+ x-modular_pkg_preinst
+
+ # Check for leftover /usr/lib/X11/xdm symlink
+ if [[ -L "/usr/lib/X11/xdm" ]]; then
+ ewarn "/usr/lib/X11/xdm is a symlink; deleting."
+ rm /usr/lib/X11/xdm
+ fi
+}
+
+pkg_postinst() {
+ x-modular_pkg_postinst
+
+ ewarn "Install x11-apps/sessreg, or you won't be able to log in."
+ ewarn "It cannot be added as a dependency yet, because it isn't"
+ ewarn "tested on all architectures."
+}
# ChangeLog for x11-apps/xf86dga
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/ChangeLog,v 1.11 2006/02/14 21:14:18 corsair Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/ChangeLog,v 1.12 2006/06/20 16:16:21 spyderous Exp $
+
+*xf86dga-1.0.1-r1 (20 Jun 2006)
+
+ 20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+ +files/xf86dga-1.0.1-setuid.diff, -xf86dga-1.0.1.ebuild,
+ +xf86dga-1.0.1-r1.ebuild:
+ Security bump. Failure to check the return value of setuid() in a privileged
+ process could be used by a local user for file overwriting and possible
+ privilege escalation in corner cases. See
+ http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+ information.
14 Feb 2006; Markus Rothe <corsair@gentoo.org> xf86dga-1.0.1.ebuild:
Added ~ppc64
--- /dev/null
+MD5 0ee496f720bc98fee43108c88bb7f398 xf86dga-1.0.1.tar.bz2 75183
+RMD160 0689834c32f3bc20dafca299f135a3658bb79614 xf86dga-1.0.1.tar.bz2 75183
+SHA256 eded486132f243a7eed82859895bc23190e462b90d456d9580d649b771837245 xf86dga-1.0.1.tar.bz2 75183
--- /dev/null
+Index: dga.c
+===================================================================
+RCS file: /cvs/xorg/app/xf86dga/dga.c,v
+retrieving revision 1.2
+diff -u -r1.2 dga.c
+--- dga.c 23 Apr 2004 19:54:47 -0000 1.2
++++ dga.c 19 Jun 2006 21:31:33 -0000
+@@ -16,6 +16,7 @@
+ #include <X11/Xmd.h>
+ #include <X11/extensions/xf86dga.h>
+ #include <ctype.h>
++#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <signal.h>
+@@ -141,7 +142,10 @@
+
+ #ifndef __UNIXOS2__
+ /* Give up root privs */
+- setuid(getuid());
++ if (setuid(getuid()) == -1) {
++ fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
++ exit(2);
++ }
+ #endif
+
+ XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild,v 1.1 2006/06/20 16:16:21 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org xf86dga application"
+KEYWORDS="~arm ~mips ~ppc64 ~s390 ~sparc ~x86"
+RDEPEND="x11-libs/libX11
+ x11-libs/libXxf86dga"
+DEPEND="${RDEPEND}"
+
+PATCHES="${FILESDIR}/${P}-setuid.diff"
# ChangeLog for x11-apps/xinit
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/ChangeLog,v 1.53 2006/06/11 22:06:50 joshuabaergen Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/ChangeLog,v 1.54 2006/06/20 16:17:25 spyderous Exp $
+
+*xinit-1.0.2-r6 (20 Jun 2006)
+
+ 20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+ +files/xinit-1.0.2-setuid.diff, -xinit-1.0.2-r5.ebuild,
+ +xinit-1.0.2-r6.ebuild:
+ Security bump. Failure to check the return value of setuid() in a privileged
+ process could be used by a local user for file overwriting and possible
+ privilege escalation in corner cases. See
+ http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+ information.
*xinit-1.0.2-r5 (11 Jun 2006)
--- /dev/null
+MD5 d591fafe69b57969b0521c461073a01f xinit-1.0.2.tar.bz2 96536
+RMD160 b3ced92e7ffb1afc3880799ed18f584e7f58d048 xinit-1.0.2.tar.bz2 96536
+SHA256 254ee0f81384fb184229d73d546fb07344c5448bbd4f4a66fef595ae49f8f395 xinit-1.0.2.tar.bz2 96536
--- /dev/null
+Index: xinit.c
+===================================================================
+RCS file: /cvs/xorg/app/xinit/xinit.c,v
+retrieving revision 1.4
+diff -u -r1.4 xinit.c
+--- xinit.c 4 Oct 2005 01:27:34 -0000 1.4
++++ xinit.c 19 Jun 2006 21:31:58 -0000
+@@ -692,7 +692,10 @@
+ startClient(char *client[])
+ {
+ if ((clientpid = vfork()) == 0) {
+- setuid(getuid());
++ if (setuid(getuid()) == -1) {
++ Error("cannot change uid: %s\n", strerror(errno));
++ _exit(ERR_EXIT);
++ }
+ setpgrp(0, getpid());
+ environ = newenviron;
+ #ifdef __UNIXOS2__
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/xinit-1.0.2-r6.ebuild,v 1.1 2006/06/20 16:17:25 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+# This is enabled due to modified Makefile.am from the patches
+SNAPSHOT="yes"
+
+inherit x-modular pam
+
+DESCRIPTION="X.Org xinit application"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+RDEPEND="x11-libs/libX11
+ x11-wm/twm
+ x11-apps/xclock
+ x11-apps/xrdb"
+DEPEND="${RDEPEND}"
+PDEPEND="x11-terms/xterm"
+LICENSE="${LICENSE} GPL-2"
+
+PATCHES="${FILESDIR}/nolisten-tcp-and-black-background.patch
+ ${FILESDIR}/gentoo-startx-customization-0.99.4.patch
+ ${FILESDIR}/${P}-setuid.diff"
+
+src_unpack() {
+ x-modular_unpack_source
+ x-modular_patch_source
+
+ sed -i -e "s:^XINITDIR.*:XINITDIR = \$(sysconfdir)/X11/xinit:g" ${S}/Makefile.am
+
+ x-modular_reconf_source
+}
+
+src_install() {
+ x-modular_src_install
+ exeinto /etc/X11
+ doexe ${FILESDIR}/chooser.sh ${FILESDIR}/startDM.sh
+ exeinto /etc/X11/Sessions
+ doexe ${FILESDIR}/Xsession
+ exeinto /etc/X11/xinit
+ doexe ${FILESDIR}/xinitrc
+ newinitd ${FILESDIR}/xdm.start xdm
+ newconfd ${FILESDIR}/xdm.confd xdm
+ newpamd ${FILESDIR}/xserver.pamd xserver
+}
# ChangeLog for x11-apps/xload
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xload/ChangeLog,v 1.12 2006/05/20 10:46:39 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xload/ChangeLog,v 1.13 2006/06/20 16:18:26 spyderous Exp $
+
+*xload-1.0.1-r1 (20 Jun 2006)
+
+ 20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+ +files/xload-1.0.1-setuid.diff, -xload-1.0.1.ebuild,
+ +xload-1.0.1-r1.ebuild:
+ Security bump. Failure to check the return value of setuid() in a privileged
+ process could be used by a local user for file overwriting and possible
+ privilege escalation in corner cases. See
+ http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+ information.
20 May 2006; Robin H. Johnson <robbat2@gentoo.org> xload-1.0.1.ebuild:
Added ~ppc after testing.
--- /dev/null
+MD5 ba013813f9c21eb015559466f8d02a44 xload-1.0.1.tar.bz2 87468
+RMD160 9179267c9ab8eb64f36eccaa55ed7428c944f6c5 xload-1.0.1.tar.bz2 87468
+SHA256 8d51184d6b18eea2f64e0c5b88cd95edff8353ce6529e780f95b1f2347babbf2 xload-1.0.1.tar.bz2 87468
--- /dev/null
+Index: xload.c
+===================================================================
+RCS file: /cvs/xorg/app/xload/xload.c,v
+retrieving revision 1.2
+diff -u -r1.2 xload.c
+--- xload.c 23 Apr 2004 19:54:57 -0000 1.2
++++ xload.c 19 Jun 2006 21:32:20 -0000
+@@ -34,7 +34,7 @@
+ * xload - display system load average in a window
+ */
+
+-
++#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+@@ -162,8 +162,17 @@
+ /* For security reasons, we reset our uid/gid after doing the necessary
+ system initialization and before calling any X routines. */
+ InitLoadPoint();
+- setgid(getgid()); /* reset gid first while still (maybe) root */
+- setuid(getuid());
++ /* reset gid first while still (maybe) root */
++ if (setgid(getgid()) == -1) {
++ fprintf(stderr, "%s: setgid failed: %s\n",
++ ProgramName, strerror(errno));
++ exit(1);
++ }
++ if (setuid(getuid()) == -1) {
++ fprintf(stderr, "%s: setuid failed: %s\n",
++ ProgramName, strerror(errno));
++ exit(1);
++ }
+
+ XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL);
+
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xload/xload-1.0.1-r1.ebuild,v 1.1 2006/06/20 16:18:26 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org xload application"
+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="xprint"
+RDEPEND="x11-libs/libXaw"
+DEPEND="${RDEPEND}"
+
+CONFIGURE_OPTIONS="$(use_enable xprint)"
+
+PATCHES="${FILESDIR}/${P}-setuid.diff"
+
+pkg_setup() {
+ if use xprint && ! built_with_use x11-libs/libXaw xprint; then
+ die "Build x11-libs/libXaw with USE=xprint."
+ fi
+}
projects / gentoo.git / commitdiff