Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information.

Package-Manager: portage-2.1.1_pre1-r1

4 files changed, 65 insertions, 1 deletions

diff --git a/x11-libs/xtrans/ChangeLog b/x11-libs/xtrans/ChangeLog
index ab16b55a7c29..f586848ccec7 100644
--- a/x11-libs/xtrans/ChangeLog
+++ b/x11-libs/xtrans/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for x11-libs/xtrans
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/ChangeLog,v 1.22 2006/04/28 15:01:36 marienz Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/ChangeLog,v 1.23 2006/06/20 16:19:23 spyderous Exp $
+
+*xtrans-1.0.0-r1 (20 Jun 2006)
+
+  20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+  +files/xtrans-1.0.0-setuid.diff, -xtrans-1.0.0.ebuild,
+  +xtrans-1.0.0-r1.ebuild:
+  Security bump. Failure to check the return value of setuid() in a privileged
+  process could be used by a local user for file overwriting and possible
+  privilege escalation in corner cases. See
+  http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+  information.
 
   28 Apr 2006; Marien Zwart <marienz@gentoo.org> files/digest-xtrans-1.0.0,
   Manifest:
diff --git a/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1 b/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1
new file mode 100644
index 000000000000..01c93e64c361
--- /dev/null
+++ b/x11-libs/xtrans/files/digest-xtrans-1.0.0-r1
@@ -0,0 +1,3 @@
+MD5 da1628280f945e8d48a4c2e80ee28873 xtrans-1.0.0.tar.bz2 88964
+RMD160 1b34209891498dd4a94a49fc77834633c65c3553 xtrans-1.0.0.tar.bz2 88964
+SHA256 33ee3fd049a80701bf71eaa88beba86efc6923e59b069ef22346d0ac12be2c2e xtrans-1.0.0.tar.bz2 88964
diff --git a/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff b/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff
new file mode 100644
index 000000000000..16bda395ded2
--- /dev/null
+++ b/x11-libs/xtrans/files/xtrans-1.0.0-setuid.diff
@@ -0,0 +1,34 @@
+Index: Xtranslcl.c
+===================================================================
+RCS file: /cvs/xorg/lib/xtrans/Xtranslcl.c,v
+retrieving revision 1.4
+diff -u -r1.4 Xtranslcl.c
+--- Xtranslcl.c	8 Nov 2005 06:33:26 -0000	1.4
++++ Xtranslcl.c	19 Jun 2006 21:22:07 -0000
+@@ -360,7 +360,10 @@
+ 	uid_t       saved_euid;
+ 
+ 	saved_euid = geteuid();
+-	setuid( getuid() ); /** sets the euid to the actual/real uid **/
++	/** sets the euid to the actual/real uid **/
++	if (setuid( getuid() ) == -1) {
++		exit(1);
++	}
+ 	if( chown( slave, saved_euid, -1 ) < 0 ) {
+ 		exit( 1 );
+ 		}
+@@ -369,7 +372,13 @@
+     }
+ 
+     waitpid(saved_pid, &exitval, 0);
+-
++    if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) {
++	close(fd);
++	close(server);
++	PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n",
++	      slave, 0, 0);
++	return(-1);
++    }
+     if (chmod(slave, 0666) < 0) {
+ 	close(fd);
+ 	close(server);
diff --git a/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild b/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild
new file mode 100644
index 000000000000..da9ed966cb9b
--- /dev/null
+++ b/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/xtrans/xtrans-1.0.0-r1.ebuild,v 1.1 2006/06/20 16:19:23 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org xtrans library"
+RESTRICT="mirror"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+RDEPEND=""
+DEPEND="${RDEPEND}"
+
+PATCHES="${FILESDIR}/${P}-setuid.diff"