X Strike Force X.Org X11 SVN commit: r2367 - in trunk/lib/libx11/debian: . patches

[X Strike Force SVN Repository Admin]

Author: dnusinow
Date: 2006-06-30 02:36:03 -0400 (Fri, 30 Jun 2006)
New Revision: 2367

Added:
   trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff
Modified:
   trunk/lib/libx11/debian/changelog
   trunk/lib/libx11/debian/patches/series
Log:
* Security update. Fix for setuid privledge escalation vulernabilities.
  See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for
  the full advisory.

Modified: trunk/lib/libx11/debian/changelog
===================================================================
--- trunk/lib/libx11/debian/changelog   2006-06-30 06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/changelog   2006-06-30 06:36:03 UTC (rev 2367)
@@ -1,3 +1,11 @@
+libx11 (2:1.0.0-7) unstable; urgency=high
+
+  * Security update. Fix for setuid privledge escalation vulernabilities.
+    See http://lists.freedesktop.org/archives/xorg/2006-June/016146.html for
+    the full advisory.
+
+ -- David Nusinow <[EMAIL PROTECTED]>  Fri, 30 Jun 2006 02:35:34 -0400
+
 libx11 (2:1.0.0-6) unstable; urgency=low
 
   * Remove libx11-dev's dependencies on libxi-dev and libxkbfile-dev. Add a

Added: trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff
===================================================================
--- trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff    2006-06-30 
06:33:07 UTC (rev 2366)
+++ trunk/lib/libx11/debian/patches/013_SECURITY_setuid.diff    2006-06-30 
06:36:03 UTC (rev 2367)
@@ -0,0 +1,17 @@
+Index: libx11/src/xlibi18n/lcFile.c
+===================================================================
+--- libx11.orig/src/xlibi18n/lcFile.c  2006-06-30 02:34:10.000000000 -0400
++++ libx11/src/xlibi18n/lcFile.c       2006-06-30 02:35:06.000000000 -0400
+@@ -269,7 +269,11 @@
+           if (seteuid(0) != 0) {
+               priv = 0;
+           } else {
+-              seteuid(oldeuid);
++        if (seteuid(oldeuid) == -1) {
++            /* XXX ouch, coudn't get back to original uid 
++             what can we do ??? */
++            _exit(127);
++        }
+               priv = 1;
+           }
+ #endif

Modified: trunk/lib/libx11/debian/patches/series
===================================================================
--- trunk/lib/libx11/debian/patches/series      2006-06-30 06:33:07 UTC (rev 
2366)
+++ trunk/lib/libx11/debian/patches/series      2006-06-30 06:36:03 UTC (rev 
2367)
@@ -10,3 +10,4 @@
 010_manpages_fix.diff
 011_stolen_from_ubuntu_xlocalelibdir.diff
 012_ru_RU_UTF-8_XLC_LOCALE.diff
+013_SECURITY_setuid.diff


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]