From: Donnie Berkholz Date: Tue, 20 Jun 2006 16:19:23 +0000 (+0000) Subject: Security bump. Failure to check the return value of setuid() in a privileged process... X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=828927df0f23db1a6452d7dd5aa761bf971a3f9d;p=gentoo.git Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information. Package-Manager: portage-2.1.1_pre1-r1 --- diff --git a/x11-libs/xtrans/ChangeLog b/x11-libs/xtrans/ChangeLog index ab16b55a7c29..f586848ccec7 100644 --- a/x11-libs/xtrans/ChangeLog +++ b/x11-libs/xtrans/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-libs/xtrans # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/ChangeLog,v 1.22 2006/04/28 15:01:36 marienz Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/ChangeLog,v 1.23 2006/06/20 16:19:23 spyderous Exp $ + +*xtrans-1.0.0-r1 (20 Jun 2006) + + 20 Jun 2006; Donnie Berkholz ; + +files/xtrans-1.0.0-setuid.diff, -xtrans-1.0.0.ebuild, + +xtrans-1.0.0-r1.ebuild: + Security bump. Failure to check the return value of setuid() in a privileged + process could be used by a local user for file overwriting and possible + privilege escalation in corner cases. See + http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more + information. 28 Apr 2006; Marien Zwart files/digest-xtrans-1.0.0, Manifest: diff --git a/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1 b/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1 new file mode 100644 index 000000000000..01c93e64c361 --- /dev/null +++ b/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1 @@ -0,0 +1,3 @@ +MD5 da1628280f945e8d48a4c2e80ee28873 xtrans-1.0.0.tar.bz2 88964 +RMD160 1b34209891498dd4a94a49fc77834633c65c3553 xtrans-1.0.0.tar.bz2 88964 +SHA256 33ee3fd049a80701bf71eaa88beba86efc6923e59b069ef22346d0ac12be2c2e xtrans-1.0.0.tar.bz2 88964 diff --git a/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff b/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff new file mode 100644 index 000000000000..16bda395ded2 --- /dev/null +++ b/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff @@ -0,0 +1,34 @@ +Index: Xtranslcl.c +=================================================================== +RCS file: /cvs/xorg/lib/xtrans/Xtranslcl.c,v +retrieving revision 1.4 +diff -u -r1.4 Xtranslcl.c +--- Xtranslcl.c 8 Nov 2005 06:33:26 -0000 1.4 ++++ Xtranslcl.c 19 Jun 2006 21:22:07 -0000 +@@ -360,7 +360,10 @@ + uid_t saved_euid; + + saved_euid = geteuid(); +- setuid( getuid() ); /** sets the euid to the actual/real uid **/ ++ /** sets the euid to the actual/real uid **/ ++ if (setuid( getuid() ) == -1) { ++ exit(1); ++ } + if( chown( slave, saved_euid, -1 ) < 0 ) { + exit( 1 ); + } +@@ -369,7 +372,13 @@ + } + + waitpid(saved_pid, &exitval, 0); +- ++ if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) { ++ close(fd); ++ close(server); ++ PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n", ++ slave, 0, 0); ++ return(-1); ++ } + if (chmod(slave, 0666) < 0) { + close(fd); + close(server); diff --git a/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild b/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild new file mode 100644 index 000000000000..da9ed966cb9b --- /dev/null +++ b/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild @@ -0,0 +1,16 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild,v 1.1 2006/06/20 16:19:23 spyderous Exp $ + +# Must be before x-modular eclass is inherited +#SNAPSHOT="yes" + +inherit x-modular + +DESCRIPTION="X.Org xtrans library" +RESTRICT="mirror" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +RDEPEND="" +DEPEND="${RDEPEND}" + +PATCHES="${FILESDIR}/${P}-setuid.diff"