diff options
| author |   Donnie Berkholz <dberkholz@gentoo.org> | 2007-09-30 08:21:18 +0000 |
|---|---|---|
| committer | Donnie Berkholz <dberkholz@gentoo.org> | 2007-09-30 08:21:18 +0000 |
| commit | 568a40742692a210b698af81617dcbd705fa8f1e (patch) | |
| tree | c3787dc46516d2fd96b27261c2a75538dbaa6fc6 | |
| parent | added 2.2.7 rc1 and rc2 (diff) | |
| download | gentoo-2-568a40742692a210b698af81617dcbd705fa8f1e.tar.gz gentoo-2-568a40742692a210b698af81617dcbd705fa8f1e.tar.bz2 gentoo-2-568a40742692a210b698af81617dcbd705fa8f1e.zip | |
(#185660) Security: Weak but possible locally exploitable race condition at xfs startup time (generally only at reboot, or if manually restarted following new font installation).
(Portage version: 2.1.3.9)
| -rw-r--r-- | x11-apps/xfs/ChangeLog | 10 | ||||
| -rw-r--r-- | x11-apps/xfs/files/digest-xfs-1.0.4-r1 | 3 | ||||
| -rwxr-xr-x | x11-apps/xfs/files/xfs.start | 14 | ||||
| -rw-r--r-- | x11-apps/xfs/xfs-1.0.4-r1.ebuild | 45 |
4 files changed, 65 insertions, 7 deletions
diff --git a/x11-apps/xfs/ChangeLog b/x11-apps/xfs/ChangeLog index 0e141753398d..667f3c519368 100644 --- a/x11-apps/xfs/ChangeLog +++ b/x11-apps/xfs/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for x11-apps/xfs # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xfs/ChangeLog,v 1.32 2007/08/07 13:28:56 gustavoz Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xfs/ChangeLog,v 1.33 2007/09/30 08:21:17 dberkholz Exp $ + +*xfs-1.0.4-r1 (30 Sep 2007) + + 30 Sep 2007; Donnie Berkholz <dberkholz@gentoo.org>; files/xfs.start, + +xfs-1.0.4-r1.ebuild: + (#185660) Security: Weak but possible locally exploitable race condition at + xfs startup time (generally only at reboot, or if manually restarted + following new font installation). 07 Aug 2007; Gustavo Zacarias <gustavoz@gentoo.org> xfs-1.0.4.ebuild: Stable on sparc wrt #175465 diff --git a/x11-apps/xfs/files/digest-xfs-1.0.4-r1 b/x11-apps/xfs/files/digest-xfs-1.0.4-r1 new file mode 100644 index 000000000000..60d6bd79234a --- /dev/null +++ b/x11-apps/xfs/files/digest-xfs-1.0.4-r1 @@ -0,0 +1,3 @@ +MD5 f43cb64d623b748208dfd9012d17b654 xfs-1.0.4.tar.bz2 149414 +RMD160 389c4c9ebd5242c76585ffefe2fd507e1d7fb09d xfs-1.0.4.tar.bz2 149414 +SHA256 452dde2923c7ae5a2b8cb4b9735507c579c1c55a0e5e45a34210e52574ee641b xfs-1.0.4.tar.bz2 149414 diff --git a/x11-apps/xfs/files/xfs.start b/x11-apps/xfs/files/xfs.start index d7f1fa177417..9290a0ec60f9 100755 --- a/x11-apps/xfs/files/xfs.start +++ b/x11-apps/xfs/files/xfs.start @@ -2,7 +2,7 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 # Author: Martin Schlemmer <azarah@gentoo.org> -# $Header: /var/cvsroot/gentoo-x86/x11-apps/xfs/files/xfs.start,v 1.2 2005/08/16 20:13:43 spyderous Exp $ +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xfs/files/xfs.start,v 1.3 2007/09/30 08:21:18 dberkholz Exp $ #NB: Config is in /etc/conf.d/xfs @@ -306,11 +306,13 @@ start() { ebegin "Starting X Font Server" if [ "`grep -e "^xfs:" /etc/passwd`" ] ; then - # Fix possible security problem, turned to hard failure in 6.8.0 - # See discussion at http://freedesktop.org/bugzilla/show_bug.cgi?id=306 - rm -rf /tmp/.font-unix - mkdir /tmp/.font-unix - chmod 1777 /tmp/.font-unix + # Fix possible race condition, bug #185660 + while ! [ -d /tmp/.font-unix ]; do + # Fix possible security problem, turned to hard failure in 6.8.0 + # See discussion at http://freedesktop.org/bugzilla/show_bug.cgi?id=306 + rm -rf /tmp/.font-unix + mkdir -m 1777 /tmp/.font-unix + done start-stop-daemon --start --quiet --exec /usr/bin/xfs \ -- -daemon -config /etc/X11/fs/config \ diff --git a/x11-apps/xfs/xfs-1.0.4-r1.ebuild b/x11-apps/xfs/xfs-1.0.4-r1.ebuild new file mode 100644 index 000000000000..a0c3fefd5bcb --- /dev/null +++ b/x11-apps/xfs/xfs-1.0.4-r1.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/x11-apps/xfs/xfs-1.0.4-r1.ebuild,v 1.1 2007/09/30 08:21:17 dberkholz Exp $ + +# Must be before x-modular eclass is inherited +#SNAPSHOT="yes" + +inherit x-modular + +DESCRIPTION="X font server" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="ipv6" + +RDEPEND="x11-apps/ttmkfdir + x11-libs/libFS + x11-libs/libXfont" +DEPEND="${RDEPEND} + x11-proto/fontsproto" + +CONFIGURE_OPTIONS="$(use_enable ipv6) --libdir=/etc" + +pkg_setup() { + enewgroup xfs 33 + enewuser xfs 33 -1 /etc/X11/fs xfs +} + +src_unpack() { + x-modular_unpack_source + x-modular_patch_source + + sed -i -e "s:^configdir =.*:configdir = \$(sysconfdir)/X11/fs:g" \ + "${S}"/Makefile.am + + x-modular_reconf_source +} + +src_install() { + x-modular_src_install + + insinto /etc/X11/fs + newins "${FILESDIR}"/xfs.config config + newinitd "${FILESDIR}"/xfs.start xfs + newconfd "${FILESDIR}"/xfs.conf.d xfs +} |