diff options
| author |   Donnie Berkholz <spyderous@gentoo.org> | 2006-06-20 16:17:25 +0000 |
|---|---|---|
| committer | Donnie Berkholz <spyderous@gentoo.org> | 2006-06-20 16:17:25 +0000 |
| commit | abe78e3fb25258bd67a8d4bda39892fbb2a8444a (patch) | |
| tree | 9d0908fabe9246b433bd1a9c16a3d5622ce96f35 /x11-apps/xinit | |
| parent | Security bump. Failure to check the return value of setuid() in a privileged ... (diff) | |
| download | gentoo-2-abe78e3fb25258bd67a8d4bda39892fbb2a8444a.tar.gz gentoo-2-abe78e3fb25258bd67a8d4bda39892fbb2a8444a.tar.bz2 gentoo-2-abe78e3fb25258bd67a8d4bda39892fbb2a8444a.zip | |
Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information.
(Portage version: 2.1.1_pre1-r1)
Diffstat (limited to 'x11-apps/xinit')
| -rw-r--r-- | x11-apps/xinit/ChangeLog | 13 | ||||
| -rw-r--r-- | x11-apps/xinit/files/digest-xinit-1.0.2-r6 | 3 | ||||
| -rw-r--r-- | x11-apps/xinit/files/xinit-1.0.2-setuid.diff | 19 | ||||
| -rw-r--r-- | x11-apps/xinit/xinit-1.0.2-r6.ebuild | 45 |
4 files changed, 79 insertions, 1 deletions
diff --git a/x11-apps/xinit/ChangeLog b/x11-apps/xinit/ChangeLog index f9c2059e0342..db611c51e4ab 100644 --- a/x11-apps/xinit/ChangeLog +++ b/x11-apps/xinit/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for x11-apps/xinit # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/ChangeLog,v 1.53 2006/06/11 22:06:50 joshuabaergen Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/ChangeLog,v 1.54 2006/06/20 16:17:25 spyderous Exp $ + +*xinit-1.0.2-r6 (20 Jun 2006) + + 20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>; + +files/xinit-1.0.2-setuid.diff, -xinit-1.0.2-r5.ebuild, + +xinit-1.0.2-r6.ebuild: + Security bump. Failure to check the return value of setuid() in a privileged + process could be used by a local user for file overwriting and possible + privilege escalation in corner cases. See + http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more + information. *xinit-1.0.2-r5 (11 Jun 2006) diff --git a/x11-apps/xinit/files/digest-xinit-1.0.2-r6 b/x11-apps/xinit/files/digest-xinit-1.0.2-r6 new file mode 100644 index 000000000000..29ec40dd3a6d --- /dev/null +++ b/x11-apps/xinit/files/digest-xinit-1.0.2-r6 @@ -0,0 +1,3 @@ +MD5 d591fafe69b57969b0521c461073a01f xinit-1.0.2.tar.bz2 96536 +RMD160 b3ced92e7ffb1afc3880799ed18f584e7f58d048 xinit-1.0.2.tar.bz2 96536 +SHA256 254ee0f81384fb184229d73d546fb07344c5448bbd4f4a66fef595ae49f8f395 xinit-1.0.2.tar.bz2 96536 diff --git a/x11-apps/xinit/files/xinit-1.0.2-setuid.diff b/x11-apps/xinit/files/xinit-1.0.2-setuid.diff new file mode 100644 index 000000000000..277d0f5c77ea --- /dev/null +++ b/x11-apps/xinit/files/xinit-1.0.2-setuid.diff @@ -0,0 +1,19 @@ +Index: xinit.c +=================================================================== +RCS file: /cvs/xorg/app/xinit/xinit.c,v +retrieving revision 1.4 +diff -u -r1.4 xinit.c +--- xinit.c 4 Oct 2005 01:27:34 -0000 1.4 ++++ xinit.c 19 Jun 2006 21:31:58 -0000 +@@ -692,7 +692,10 @@ + startClient(char *client[]) + { + if ((clientpid = vfork()) == 0) { +- setuid(getuid()); ++ if (setuid(getuid()) == -1) { ++ Error("cannot change uid: %s\n", strerror(errno)); ++ _exit(ERR_EXIT); ++ } + setpgrp(0, getpid()); + environ = newenviron; + #ifdef __UNIXOS2__ diff --git a/x11-apps/xinit/xinit-1.0.2-r6.ebuild b/x11-apps/xinit/xinit-1.0.2-r6.ebuild new file mode 100644 index 000000000000..3e4c6eed1150 --- /dev/null +++ b/x11-apps/xinit/xinit-1.0.2-r6.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xinit/xinit-1.0.2-r6.ebuild,v 1.1 2006/06/20 16:17:25 spyderous Exp $ + +# Must be before x-modular eclass is inherited +# This is enabled due to modified Makefile.am from the patches +SNAPSHOT="yes" + +inherit x-modular pam + +DESCRIPTION="X.Org xinit application" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +RDEPEND="x11-libs/libX11 + x11-wm/twm + x11-apps/xclock + x11-apps/xrdb" +DEPEND="${RDEPEND}" +PDEPEND="x11-terms/xterm" +LICENSE="${LICENSE} GPL-2" + +PATCHES="${FILESDIR}/nolisten-tcp-and-black-background.patch + ${FILESDIR}/gentoo-startx-customization-0.99.4.patch + ${FILESDIR}/${P}-setuid.diff" + +src_unpack() { + x-modular_unpack_source + x-modular_patch_source + + sed -i -e "s:^XINITDIR.*:XINITDIR = \$(sysconfdir)/X11/xinit:g" ${S}/Makefile.am + + x-modular_reconf_source +} + +src_install() { + x-modular_src_install + exeinto /etc/X11 + doexe ${FILESDIR}/chooser.sh ${FILESDIR}/startDM.sh + exeinto /etc/X11/Sessions + doexe ${FILESDIR}/Xsession + exeinto /etc/X11/xinit + doexe ${FILESDIR}/xinitrc + newinitd ${FILESDIR}/xdm.start xdm + newconfd ${FILESDIR}/xdm.confd xdm + newpamd ${FILESDIR}/xserver.pamd xserver +} |