rpms/xorg-x11-xinit/FC-5 xinit-1.0.1-setuid.patch, NONE, 1.1 xorg-x11-xinit.spec, 1.17, 1.18

Wed Jun 28 08:51:50 UTC 2006

Author: mharris

Update of /cvs/dist/rpms/xorg-x11-xinit/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv7912

Modified Files:
	xorg-x11-xinit.spec 
Added Files:
	xinit-1.0.1-setuid.patch 
Log Message:
* Wed Jun 28 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-2.FC5.0
- Added xinit-1.0.1-setuid.patch to fix potential security issue (#196126)
- Added "BuildRequires: pkgconfig" for bug (#194187)
- Added documentation to doc macro.
- Build new package for official FC5 update.


xinit-1.0.1-setuid.patch:
 xinit.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletion(-)

--- NEW FILE xinit-1.0.1-setuid.patch ---
Index: xinit.c
===================================================================
RCS file: /cvs/xorg/app/xinit/xinit.c,v
retrieving revision 1.4
diff -u -r1.4 xinit.c
--- xinit.c	4 Oct 2005 01:27:34 -0000	1.4
+++ xinit.c	19 Jun 2006 21:31:58 -0000
@@ -692,7 +692,10 @@
 startClient(char *client[])
 {
 	if ((clientpid = vfork()) == 0) {
-		setuid(getuid());
+		if (setuid(getuid()) == -1) {
+			Error("cannot change uid: %s\n", strerror(errno));
+			_exit(ERR_EXIT);
+		}
 		setpgrp(0, getpid());
 		environ = newenviron;
 #ifdef __UNIXOS2__


Index: xorg-x11-xinit.spec
===================================================================
RCS file: /cvs/dist/rpms/xorg-x11-xinit/FC-5/xorg-x11-xinit.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- xorg-x11-xinit.spec	1 Mar 2006 07:09:45 -0000	1.17
+++ xorg-x11-xinit.spec	28 Jun 2006 08:51:47 -0000	1.18
@@ -1,15 +1,16 @@
 %define pkgname xinit
+%define xinitver 1.0.1
 
 Summary: X.Org X11 X Window System xinit startup scripts
 Name: xorg-x11-%{pkgname}
-Version: 1.0.1
-Release: 2
+Version: %{xinitver}
+Release: 2.FC5.0
 License: MIT/X11
 Group: User Interface/X
 URL: http://www.x.org
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-Source0: http://xorg.freedesktop.org/releases/X11R7.0/src/everything/%{pkgname}-%{version}.tar.bz2
+Source0: http://xorg.freedesktop.org/releases/individual/app/%{pkgname}-%{version}.tar.bz2
 Source10: xinitrc-common
 Source11: xinitrc
 Source12: Xclients
@@ -20,6 +21,9 @@
 #       here instead of the xdm package.
 Source16: Xsession
 
+Patch0: xinit-1.0.1-setuid.patch
+
+BuildRequires: pkgconfig
 BuildRequires: libX11-devel
 # NOTE: startx needs xauth in order to run, but that is not picked up
 #       automatically by rpm.  (Bug #173684)
@@ -39,6 +43,7 @@
 
 %prep
 %setup -q -n %{pkgname}-%{version}
+%patch0 -p0 -b .setuid
 
 %build
 %configure
@@ -72,7 +77,7 @@
 
 %files
 %defattr(-,root,root,-)
-%doc
+%doc AUTHORS COPYING INSTALL README NEWS ChangeLog
 %{_bindir}/startx
 %{_bindir}/xinit
 %dir %{_sysconfdir}/X11
@@ -91,6 +96,12 @@
 %{_mandir}/man1/xinit.1x*
 
 %changelog
+* Wed Jun 28 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-2.FC5.0
+- Added xinit-1.0.1-setuid.patch to fix potential security issue (#196126)
+- Added "BuildRequires: pkgconfig" for bug (#194187)
+- Added documentation to doc macro.
+- Build new package for official FC5 update.
+
 * Thu Feb 16 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-2
 - Change Conflicts to Obsoletes for xorg-x11 and XFree86 (#181414)
 


