Security bump. Failure to check the return value of setuid() in a privileged process...

Package-Manager: portage-2.1.1_pre1-r1

diff --git a/x11-libs/xtrans/ChangeLog b/x11-libs/xtrans/ChangeLog
index ab16b55a7c29390cf463b1831ff8a92c044a5ac4..f586848ccec72ba06f8fc862a816b6a12c2d0678 100644 (file)
--- a/x11-libs/xtrans/ChangeLog
+++ b/x11-libs/xtrans/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for x11-libs/xtrans
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/ChangeLog,v 1.22 2006/04/28 15:01:36 marienz Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/ChangeLog,v 1.23 2006/06/20 16:19:23 spyderous Exp $
+
+*xtrans-1.0.0-r1 (20 Jun 2006)
+
+  20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+  +files/xtrans-1.0.0-setuid.diff, -xtrans-1.0.0.ebuild,
+  +xtrans-1.0.0-r1.ebuild:
+  Security bump. Failure to check the return value of setuid() in a privileged
+  process could be used by a local user for file overwriting and possible
+  privilege escalation in corner cases. See
+  http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+  information.
 
   28 Apr 2006; Marien Zwart <marienz@gentoo.org> files/digest-xtrans-1.0.0,
   Manifest:

diff --git a/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1 b/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1
new file mode 100644 (file)
index 0000000..01c93e6
--- /dev/null
+++ b/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1
@@ -0,0 +1,3 @@
+MD5 da1628280f945e8d48a4c2e80ee28873 xtrans-1.0.0.tar.bz2 88964
+RMD160 1b34209891498dd4a94a49fc77834633c65c3553 xtrans-1.0.0.tar.bz2 88964
+SHA256 33ee3fd049a80701bf71eaa88beba86efc6923e59b069ef22346d0ac12be2c2e xtrans-1.0.0.tar.bz2 88964

diff --git a/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff b/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff
new file mode 100644 (file)
index 0000000..16bda39
--- /dev/null
+++ b/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff
@@ -0,0 +1,34 @@
+Index: Xtranslcl.c
+===================================================================
+RCS file: /cvs/xorg/lib/xtrans/Xtranslcl.c,v
+retrieving revision 1.4
+diff -u -r1.4 Xtranslcl.c
+--- Xtranslcl.c        8 Nov 2005 06:33:26 -0000       1.4
++++ Xtranslcl.c        19 Jun 2006 21:22:07 -0000
+@@ -360,7 +360,10 @@
+       uid_t       saved_euid;
+ 
+       saved_euid = geteuid();
+-      setuid( getuid() ); /** sets the euid to the actual/real uid **/
++      /** sets the euid to the actual/real uid **/
++      if (setuid( getuid() ) == -1) {
++              exit(1);
++      }
+       if( chown( slave, saved_euid, -1 ) < 0 ) {
+               exit( 1 );
+               }
+@@ -369,7 +372,13 @@
+     }
+ 
+     waitpid(saved_pid, &exitval, 0);
+-
++    if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) {
++      close(fd);
++      close(server);
++      PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n",
++            slave, 0, 0);
++      return(-1);
++    }
+     if (chmod(slave, 0666) < 0) {
+       close(fd);
+       close(server);

diff --git a/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild b/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild
new file mode 100644 (file)
index 0000000..da9ed96
--- /dev/null
+++ b/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild,v 1.1 2006/06/20 16:19:23 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org xtrans library"
+RESTRICT="mirror"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+RDEPEND=""
+DEPEND="${RDEPEND}"
+
+PATCHES="${FILESDIR}/${P}-setuid.diff"