Mailinglist Archive: opensuse-commit (1028 mails)
| < Previous | Next > |
commit arts
- From: root@xxxxxxx (h_root)
- Date: Wed, 21 Jun 2006 17:50:57 +0200 (CEST)
- Message-id: <20060621155057.7141175233@xxxxxxxxxxxxxxx>
Hello community,
here is the log from the commit of package arts
checked in at Wed Jun 21 17:50:57 CEST 2006.
--------
--- KDE/arts/arts.changes 2006-05-24 12:15:33.000000000 +0200
+++ arts/arts.changes 2006-06-09 12:28:33.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Jun 7 11:58:48 CEST 2006 - dmueller@xxxxxxx
+
+- check return values of set*uid (#180223, CVE-2006-2916)
+
+-------------------------------------------------------------------
New:
----
arts-setuid.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ arts.spec ++++++
--- /var/tmp/diff_new_pack.qNg3Xd/_old 2006-06-21 17:50:24.000000000 +0200
+++ /var/tmp/diff_new_pack.qNg3Xd/_new 2006-06-21 17:50:24.000000000 +0200
@@ -22,10 +22,11 @@
Summary: Modular Software Synthesizer
PreReq: permissions
Version: 1.5.3
-Release: 1
+Release: 3
Source0: %{name}-%{version}.tar.bz2
#Patch0: 1_5_BRANCH.diff
Patch2: no-informational-messages.diff
+Patch3: arts-setuid.diff
Patch4: resmgr-oss.diff
Patch5: arts-vorbis-fix.dif
Patch7: fortify_source.patch
@@ -83,6 +84,7 @@
%setup -q
#%patch0
%patch2
+%patch3
%patch4
%patch5
%patch7
@@ -185,6 +187,8 @@
/opt/kde3/%_lib/*.la
%changelog -n arts
+* Wed Jun 07 2006 - dmueller@xxxxxxx
+- check return values of set*uid (#180223, CVE-2006-2916)
* Wed May 24 2006 - stbinner@xxxxxxx
- version number increase to 1.5.3
* Sat May 20 2006 - adrian@xxxxxxx
++++++ arts-setuid.diff ++++++
Index: soundserver/artswrapper.c
===================================================================
--- soundserver/artswrapper.c (revision 546970)
+++ soundserver/artswrapper.c (working copy)
@@ -95,6 +95,10 @@ int main(int argc, char **argv)
#else
setreuid(-1, getuid());
#endif
+ if (geteuid() != getuid()) {
+ perror("setuid()");
+ return 2;
+ }
}
if(argc == 0)
Index: soundserver/crashhandler.cc
===================================================================
--- soundserver/crashhandler.cc (revision 546970)
+++ soundserver/crashhandler.cc (working copy)
@@ -196,7 +196,12 @@ CrashHandler::defaultCrashHandler (int s
argv[i++] = NULL;
setgid(getgid());
- setuid(getuid());
+ if (getuid() != geteuid())
+ setuid(getuid());
+ if (getuid() != geteuid()) {
+ perror("setuid()");
+ exit(255);
+ }
execvp(crashApp, argv);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit-help@xxxxxxxxxxxx
| < Previous | Next > |