security patch for unauthorised file access (CAN-2005-0072) bug #78117

(Portage version: 2.0.51-r14)

2 files changed, 27 insertions, 0 deletions

diff --git a/app-i18n/zhcon/files/digest-zhcon-0.2.3-r1 b/app-i18n/zhcon/files/digest-zhcon-0.2.3-r1
new file mode 100644
index 000000000000..4de71f53731a
--- /dev/null
+++ b/app-i18n/zhcon/files/digest-zhcon-0.2.3-r1
@@ -0,0 +1 @@
+MD5 64b5d6c2d7055b4e45f4eadfd1303e8f zhcon-0.2.3.tar.gz 5030677
diff --git a/app-i18n/zhcon/files/zhcon-0.2.3-CAN-2005-0072.patch b/app-i18n/zhcon/files/zhcon-0.2.3-CAN-2005-0072.patch
new file mode 100644
index 000000000000..a54fd52cedd8
--- /dev/null
+++ b/app-i18n/zhcon/files/zhcon-0.2.3-CAN-2005-0072.patch
@@ -0,0 +1,26 @@
+--- zhcon-0.2.orig/src/configfile.cpp
++++ zhcon-0.2/src/configfile.cpp
+@@ -19,13 +19,23 @@
+ #include <stdexcept>
+ #include <fstream>
+ #include <cstdlib>
++#include <unistd.h>
++#include <sys/types.h>
+ #include "configfile.h"
+ 
+ ConfigFile::ConfigFile(const char *fn) {
++    uid_t ruid, euid;
++
++    ruid = getuid();
++    euid = geteuid();
++
++    setreuid(euid, ruid);
++
+     ifstream in(fn);
+     if (!in)
+         throw runtime_error("Could not open config file!");
+     ParseFile(in);
++    setreuid(ruid, euid);
+ }
+ 
+ ConfigFile::~ConfigFile() {}