Security bump. Failure to check the return value of setuid() in a privileged process could be used by a local user for file overwriting and possible privilege escalation in corner cases. See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more information.

(Portage version: 2.1.1_pre1-r1)

4 files changed, 71 insertions, 1 deletions

diff --git a/x11-libs/libX11/ChangeLog b/x11-libs/libX11/ChangeLog
index ee45869567c3..9b70a4fdfa6f 100644
--- a/x11-libs/libX11/ChangeLog
+++ b/x11-libs/libX11/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for x11-libs/libX11
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/ChangeLog,v 1.33 2006/05/13 13:57:55 joshuabaergen Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/ChangeLog,v 1.34 2006/06/20 16:13:34 spyderous Exp $
+
+*libX11-1.0.1-r1 (20 Jun 2006)
+
+  20 Jun 2006; Donnie Berkholz <spyderous@gentoo.org>;
+  +files/libX11-1.0.1-setuid.diff, -libX11-1.0.0-r2.ebuild,
+  -libX11-1.0.1.ebuild, +libX11-1.0.1-r1.ebuild:
+  Security bump. Failure to check the return value of setuid() in a privileged
+  process could be used by a local user for file overwriting and possible
+  privilege escalation in corner cases. See
+  http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for more
+  information.
 
   13 May 2006; Joshua Baergen <joshuabaergen@gentoo.org>
   files/digest-libX11-1.0.1, Manifest:
diff --git a/x11-libs/libX11/files/digest-libX11-1.0.1-r1 b/x11-libs/libX11/files/digest-libX11-1.0.1-r1
new file mode 100644
index 000000000000..fe5d45da915a
--- /dev/null
+++ b/x11-libs/libX11/files/digest-libX11-1.0.1-r1
@@ -0,0 +1,3 @@
+MD5 58f0537f21183e27149cf906a1b6bef9 libX11-1.0.1.tar.bz2 1419629
+RMD160 a4a2a1c7499ceeb29efa4357aa5b4529416e732d libX11-1.0.1.tar.bz2 1419629
+SHA256 f99e4ce6d8e3b8833957978fe22223897b0e636c83580f2b07eff0388eb75294 libX11-1.0.1.tar.bz2 1419629
diff --git a/x11-libs/libX11/files/libX11-1.0.1-setuid.diff b/x11-libs/libX11/files/libX11-1.0.1-setuid.diff
new file mode 100644
index 000000000000..5325fa437ae5
--- /dev/null
+++ b/x11-libs/libX11/files/libX11-1.0.1-setuid.diff
@@ -0,0 +1,17 @@
+diff --git a/src/xlibi18n/lcFile.c b/src/xlibi18n/lcFile.c
+index f8b3404..bb1ee20 100644
+--- a/src/xlibi18n/lcFile.c
++++ b/src/xlibi18n/lcFile.c
+@@ -269,7 +269,11 @@ #else
+ 	    if (seteuid(0) != 0) {
+ 		priv = 0;
+ 	    } else {
+-		seteuid(oldeuid);
++		if (seteuid(oldeuid) == -1) {
++		    /* XXX ouch, coudn't get back to original uid 
++		     what can we do ??? */
++		    _exit(127);
++		}
+ 		priv = 1;
+ 	    }
+ #endif
diff --git a/x11-libs/libX11/libX11-1.0.1-r1.ebuild b/x11-libs/libX11/libX11-1.0.1-r1.ebuild
new file mode 100644
index 000000000000..480b4dfa4375
--- /dev/null
+++ b/x11-libs/libX11/libX11-1.0.1-r1.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-libs/libX11/libX11-1.0.1-r1.ebuild,v 1.1 2006/06/20 16:13:34 spyderous Exp $
+
+# Must be before x-modular eclass is inherited
+#SNAPSHOT="yes"
+
+inherit x-modular
+
+DESCRIPTION="X.Org X11 library"
+RESTRICT="mirror"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ipv6"
+RDEPEND="x11-libs/xtrans
+	x11-libs/libXau
+	x11-libs/libXdmcp
+	x11-proto/kbproto
+	x11-proto/inputproto
+	x11-proto/xproto"
+DEPEND="${RDEPEND}
+	x11-proto/xf86bigfontproto
+	x11-proto/bigreqsproto
+	x11-proto/xextproto
+	x11-proto/xcmiscproto
+	>=x11-misc/util-macros-0.99.0_p20051007"
+
+PATCHES="${FILESDIR}/${P}-setuid.diff"
+
+CONFIGURE_OPTIONS="$(use_enable ipv6)"
+# xorg really doesn't like xlocale disabled.
+# $(use_enable nls xlocale)
+
+src_install() {
+	x-modular_src_install
+
+	local ENVD="10libx11"
+	echo "LDPATH=\"/usr/lib\"" > ${T}/${ENVD}
+	doenvd ${T}/${ENVD}
+}