Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information.

(Portage version: 2.1.1_pre1-r1)

4 files changed, 58 insertions, 1 deletions

diff --git a/x11-apps/xf86dga/ChangeLog b/x11-apps/xf86dga/ChangeLog
index f0c00a304287..3f4710f0ab09 100644
--- a/x11-apps/xf86dga/ChangeLog
+++ b/x11-apps/xf86dga/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for x11-apps/xf86dga
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/ChangeLog,v 1.11 2006/02/14 21:14:18 corsair Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/ChangeLog,v 1.12 2006/06/20 16:16:21 spyderous Exp $
+
+*xf86dga-1.0.1-r1 (20 Jun 2006)
+
+  20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+  +files/xf86dga-1.0.1-setuid.diff, -xf86dga-1.0.1.ebuild,
+  +xf86dga-1.0.1-r1.ebuild:
+  Security bump. Failure to check the return value of setuid() in a privileged
+  process could be used by a local user for file overwriting and possible
+  privilege escalation in corner cases. See
+  http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+  information.
 
   14 Feb 2006; Markus Rothe <corsair@gentoo.org> xf86dga-1.0.1.ebuild:
   Added ~ppc64
diff --git a/x11-apps/xf86dga/files/digest-xf86dga-1.0.1-r1 b/x11-apps/xf86dga/files/digest-xf86dga-1.0.1-r1
new file mode 100644
index 000000000000..a1da0aab41b7
--- /dev/null
+++ b/x11-apps/xf86dga/files/digest-xf86dga-1.0.1-r1
@@ -0,0 +1,3 @@
+MD5 0ee496f720bc98fee43108c88bb7f398 xf86dga-1.0.1.tar.bz2 75183
+RMD160 0689834c32f3bc20dafca299f135a3658bb79614 xf86dga-1.0.1.tar.bz2 75183
+SHA256 eded486132f243a7eed82859895bc23190e462b90d456d9580d649b771837245 xf86dga-1.0.1.tar.bz2 75183
diff --git a/x11-apps/xf86dga/files/xf86dga-1.0.1-setuid.diff b/x11-apps/xf86dga/files/xf86dga-1.0.1-setuid.diff
new file mode 100644
index 000000000000..f923cd92a5b9
--- /dev/null
+++ b/x11-apps/xf86dga/files/xf86dga-1.0.1-setuid.diff
@@ -0,0 +1,27 @@
+Index: dga.c
+===================================================================
+RCS file: /cvs/xorg/app/xf86dga/dga.c,v
+retrieving revision 1.2
+diff -u -r1.2 dga.c
+--- dga.c	23 Apr 2004 19:54:47 -0000	1.2
++++ dga.c	19 Jun 2006 21:31:33 -0000
+@@ -16,6 +16,7 @@
+ #include <X11/Xmd.h>
+ #include <X11/extensions/xf86dga.h>
+ #include <ctype.h>
++#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <signal.h>
+@@ -141,7 +142,10 @@
+ 
+ #ifndef __UNIXOS2__
+    /* Give up root privs */
+-   setuid(getuid());
++   if (setuid(getuid()) == -1) {
++      fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
++      exit(2);
++   }
+ #endif
+ 
+    XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
diff --git a/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild b/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild
new file mode 100644
index 000000000000..0caed0e55182
--- /dev/null
+++ b/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-apps/xf86dga/xf86dga-1.0.1-r1.ebuild,v 1.1 2006/06/20 16:16:21 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org xf86dga application"
+KEYWORDS="~arm ~mips ~ppc64 ~s390 ~sparc ~x86"
+RDEPEND="x11-libs/libX11
+	x11-libs/libXxf86dga"
+DEPEND="${RDEPEND}"
+
+PATCHES="${FILESDIR}/${P}-setuid.diff"