diff options
Diffstat (limited to 'gnome-extra')
-rw-r--r-- | gnome-extra/gnome-screensaver/ChangeLog | 11 | ||||
-rw-r--r-- | gnome-extra/gnome-screensaver/Manifest | 12 | ||||
-rw-r--r-- | gnome-extra/gnome-screensaver/files/gnome-screensaver-CVE-2008-0887.patch | 225 | ||||
-rw-r--r-- | gnome-extra/gnome-screensaver/gnome-screensaver-2.20.0-r3.ebuild | 107 | ||||
-rw-r--r-- | gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0-r1.ebuild (renamed from gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0.ebuild) | 11 |
5 files changed, 358 insertions, 8 deletions
diff --git a/gnome-extra/gnome-screensaver/ChangeLog b/gnome-extra/gnome-screensaver/ChangeLog index e61467dd1578..0a72997c1da5 100644 --- a/gnome-extra/gnome-screensaver/ChangeLog +++ b/gnome-extra/gnome-screensaver/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for gnome-extra/gnome-screensaver # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-screensaver/ChangeLog,v 1.72 2008/03/26 21:03:07 cardoe Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-screensaver/ChangeLog,v 1.73 2008/04/02 14:03:31 eva Exp $ + +*gnome-screensaver-2.22.0-r1 (02 Apr 2008) +*gnome-screensaver-2.20.0-r3 (02 Apr 2008) + + 02 Apr 2008; Gilles Dartiguelongue <eva@gentoo.org> + +files/gnome-screensaver-CVE-2008-0887.patch, + +gnome-screensaver-2.20.0-r3.ebuild, -gnome-screensaver-2.22.0.ebuild, + +gnome-screensaver-2.22.0-r1.ebuild: + fix security bug #213940 26 Mar 2008; Doug Goldstein <cardoe@gentoo.org> gnome-screensaver-2.22.0.ebuild: diff --git a/gnome-extra/gnome-screensaver/Manifest b/gnome-extra/gnome-screensaver/Manifest index 0f1f02fb56e6..dd72104c14d4 100644 --- a/gnome-extra/gnome-screensaver/Manifest +++ b/gnome-extra/gnome-screensaver/Manifest @@ -2,17 +2,19 @@ Hash: SHA1 AUX gnome-screensaver-2.20.0-fix-gamma.patch 1637 RMD160 1bda5b646edb2b38218c93ac05b6f592e1366bca SHA1 243191a5c59be9badbba440ef364483a83d69fae SHA256 20c5afb7c058e1a4acf308eee466bbf81fb01e2df9a238fc48b0e89384521005 +AUX gnome-screensaver-CVE-2008-0887.patch 7965 RMD160 9eade48b04e5a617ec427258f3e41d5c33ab750f SHA1 392a477755562b032d24928ac6c2100af7d7fca1 SHA256 71e9bb7735fbc373ee2f19f7740ba759c7eeff0e46bd50ab7401f9d6147a1666 AUX xss-conversion-2.txt 1026 RMD160 5a1810d1f41999907ff39adf0e6396d1d6f5c5d7 SHA1 477743e8fd025cff16c1b2ed538a57ce9550a9cf SHA256 f1bcc5e85d45e53e6170d0cdf25dd3d10020aeef545cf2fdea5e3b4b30ec86c8 DIST gnome-screensaver-2.20.0.tar.bz2 2013842 RMD160 ddea3d536366aab572462f4f66c72daabbeeb119 SHA1 0b99de04caf897642338c61edc12cb7cea27e0a4 SHA256 9ee744058d2c7139634543951a62828b2e1b69fe33cf0b5456737e9c5201dbb9 DIST gnome-screensaver-2.22.0.tar.bz2 2038929 RMD160 3bd2884d3d676599c23d630893c448617243b4f9 SHA1 51bad55f043ff17e864a79ba24e1c0f6a80abd6c SHA256 e6d66ad1092babe5b9a1ded2a50464e21206fa42a922ea1de0c688e764e05bfb EBUILD gnome-screensaver-2.20.0-r2.ebuild 2975 RMD160 7cfec93dc5eb9ee7b125c96fd114b6cbbd24340f SHA1 3a1e8dc73d7545ff875f31cdc837ed9527c4150d SHA256 ff550c8d12af56aaead39dfa95c77ab9bca39af56180bb588fa404a15d1d3791 -EBUILD gnome-screensaver-2.22.0.ebuild 2955 RMD160 2a4583f5ca0d97813324bd155a640e820008c412 SHA1 9298b26c5bb479b284fb159408dca3775634dc8b SHA256 d4e694aba1fbd764d91811ea3bddc80619ea1ebd308e529f73241bb81282d657 -MISC ChangeLog 11337 RMD160 429cbf3c8f451e1a518261cf8df50a93cc942721 SHA1 0e7eb970a07f992e746dbc6704e19cc7300af6bb SHA256 a4fce55ffb333b5e2cbdce5983f09bebaa1f23f7bffb45d7ad58ffa538828bbf +EBUILD gnome-screensaver-2.20.0-r3.ebuild 3061 RMD160 c14b3f136b530cbe00e538bbd7224c852cd9d8f5 SHA1 f042d815ec907cf24fcd02b35346e9e444dcb43e SHA256 6d3685b37ff8ea77668a44356e57381a100db3db8883c062182fa8734e98a140 +EBUILD gnome-screensaver-2.22.0-r1.ebuild 3082 RMD160 6da07d4f6dda3b76062c2adc10cd0ad41d1bd218 SHA1 ffd6ae9a512045a5e7a5298a49bd05cdb007aba8 SHA256 9eb68484814a06adb1e483a5b4e78f60d292b99b0786c48b85bd97809db216fe +MISC ChangeLog 11663 RMD160 b7e5d4bc8a48ba9f1ada61ecfffbd5b4ad73dfb3 SHA1 875c3b93ce9d58697ec69c0d713f413b5dd913ef SHA256 00dc99e3349b4775e9e72eddef280aaf1677c8687737330eec7929232144e059 MISC metadata.xml 472 RMD160 3fe1221d0cb389cf1be040c98fa9c40dbf3c07e5 SHA1 18913172dba9d94ca5952b7f8bfb2aa13808bb67 SHA256 e70be8f69acbda81bd1e90c1bd3a57a0b5ccb5fa09c7a6f04427ef888e1872bc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) -iD8DBQFH6rr/oeSe8B0zEfwRAoGqAJ4yjFISdduJ0b5b0HqWMu4TBPcnZwCdHOcv -tcMozj1vghdlO+R2jfB6VOw= -=8KOz +iD8DBQFH85JF1fmVwcYIWAYRAq7PAKC1uq08AhCnR0VPidLLZ+86PBytmACfdKIF +utOjdVVhdgGP8FD0umAlnuY= +=YfBH -----END PGP SIGNATURE----- diff --git a/gnome-extra/gnome-screensaver/files/gnome-screensaver-CVE-2008-0887.patch b/gnome-extra/gnome-screensaver/files/gnome-screensaver-CVE-2008-0887.patch new file mode 100644 index 000000000000..e0216529dbcf --- /dev/null +++ b/gnome-extra/gnome-screensaver/files/gnome-screensaver-CVE-2008-0887.patch @@ -0,0 +1,225 @@ +Index: gnome-screensaver/src/gnome-screensaver-dialog.c +=================================================================== +--- gnome-screensaver/src/gnome-screensaver-dialog.c (revision 1398) ++++ gnome-screensaver/src/gnome-screensaver-dialog.c (working copy) +@@ -41,6 +41,8 @@ + + #include "gs-debug.h" + ++#define MAX_FAILURES 5 ++ + static gboolean verbose = FALSE; + static gboolean show_version = FALSE; + static gboolean enable_logout = FALSE; +@@ -299,8 +301,6 @@ do_auth_check (GSLockPlug *plug) + gs_lock_plug_show_message (plug, _("Authentication failed.")); + } + +- g_timeout_add (3000, (GSourceFunc)reset_idle_cb, plug); +- + printf ("NOTICE=AUTH FAILED\n"); + fflush (stdout); + +@@ -325,15 +325,28 @@ response_cb (GSLockPlug *plug, + static gboolean + auth_check_idle (GSLockPlug *plug) + { +- gboolean res; ++ gboolean res; ++ gboolean again; ++ static guint loop_counter = 0; + ++ again = TRUE; + res = do_auth_check (plug); + + if (res) { ++ again = FALSE; + g_idle_add ((GSourceFunc)quit_response_ok, NULL); ++ } else { ++ loop_counter++; ++ ++ if (loop_counter < MAX_FAILURES) { ++ g_timeout_add (3000, (GSourceFunc)reset_idle_cb, plug); ++ } else { ++ again = FALSE; ++ gtk_main_quit (); ++ } + } + +- return !res; ++ return again; + } + + static void +Index: gnome-screensaver/src/setuid.c +=================================================================== +--- gnome-screensaver/src/setuid.c (revision 1398) ++++ gnome-screensaver/src/setuid.c (working copy) +@@ -48,7 +48,7 @@ uid_gid_string (uid_t uid, + return buf; + } + +-static int ++static gboolean + set_ids_by_number (uid_t uid, + gid_t gid, + char **message_ret) +@@ -96,7 +96,7 @@ set_ids_by_number (uid_t uid, + + g_free (reason); + +- return 0; ++ return TRUE; + } else { + char *reason = NULL; + +@@ -141,9 +141,9 @@ set_ids_by_number (uid_t uid, + g_free (reason); + reason = NULL; + } +- +- return -1; ++ return FALSE; + } ++ return FALSE; + } + + +@@ -165,12 +165,21 @@ hack_uid (char **nolock_reason, + char **orig_uid, + char **uid_message) + { +- if (nolock_reason) ++ char *reason; ++ gboolean ret; ++ ++ ret = TRUE; ++ reason = NULL; ++ ++ if (nolock_reason != NULL) { + *nolock_reason = NULL; +- if (orig_uid) ++ } ++ if (orig_uid != NULL) { + *orig_uid = NULL; +- if (uid_message) ++ } ++ if (uid_message != NULL) { + *uid_message = NULL; ++ } + + /* Discard privileges, and set the effective user/group ids to the + real user/group ids. That is, give up our "chmod +s" rights. +@@ -181,12 +190,18 @@ hack_uid (char **nolock_reason, + uid_t uid = getuid (); + gid_t gid = getgid (); + +- if (orig_uid) ++ if (orig_uid != NULL) { + *orig_uid = uid_gid_string (euid, egid); ++ } ++ ++ if (uid != euid || gid != egid) { ++ if (! set_ids_by_number (uid, gid, uid_message)) { ++ reason = g_strdup ("unable to discard privileges."); + +- if (uid != euid || gid != egid) +- if (set_ids_by_number (uid, gid, uid_message) != 0) +- return FALSE; ++ ret = FALSE; ++ goto out; ++ } ++ } + } + + +@@ -200,81 +215,16 @@ hack_uid (char **nolock_reason, + and "USING XDM". + */ + if (getuid () == (uid_t) 0) { +- if (nolock_reason) +- *nolock_reason = g_strdup ("running as root"); +- return FALSE; ++ reason = g_strdup ("running as root"); ++ ret = FALSE; ++ goto out; + } + +- /* If we're running as root, switch to a safer user. This is above and +- beyond the fact that we've disabling locking, above -- the theory is +- that running graphics demos as root is just always a stupid thing +- to do, since they have probably never been security reviewed and are +- more likely to be buggy than just about any other kind of program. +- (And that assumes non-malicious code. There are also attacks here.) +- +- *** WARNING: DO NOT DISABLE THIS CODE! +- If you do so, you will open a security hole. See the sections +- of the xscreensaver manual titled "LOCKING AND ROOT LOGINS", +- and "USING XDM". +- */ +- if (getuid () == (uid_t) 0) { +- struct passwd *p; +- +- p = getpwnam ("nobody"); +- if (! p) p = getpwnam ("noaccess"); +- if (! p) p = getpwnam ("daemon"); +- if (! p) { +- g_warning ("running as root, and couldn't find a safer uid."); +- return FALSE; +- } +- +- if (set_ids_by_number (p->pw_uid, p->pw_gid, uid_message) != 0) +- return FALSE; +- } +- +- +- /* If there's anything even remotely funny looking about the passwd struct, +- or if we're running as some other user from the list below (a +- non-comprehensive selection of users known to be privileged in some way, +- and not normal end-users) then disable locking. If it was possible, +- switching to "nobody" would be the thing to do, but only root itself has +- the privs to do that. +- +- *** WARNING: DO NOT DISABLE THIS CODE! +- If you do so, you will open a security hole. See the sections +- of the xscreensaver manual titled "LOCKING AND ROOT LOGINS", +- and "USING XDM". +- */ +- { +- uid_t uid = getuid (); /* get it again */ +- struct passwd *p = getpwuid (uid); /* get it again */ +- +- if (!p || +- uid == (uid_t) 0 || +- uid == (uid_t) -1 || +- uid == (uid_t) -2 || +- p->pw_uid == (uid_t) 0 || +- p->pw_uid == (uid_t) -1 || +- p->pw_uid == (uid_t) -2 || +- !p->pw_name || +- !*p->pw_name || +- !strcmp (p->pw_name, "root") || +- !strcmp (p->pw_name, "nobody") || +- !strcmp (p->pw_name, "noaccess") || +- !strcmp (p->pw_name, "operator") || +- !strcmp (p->pw_name, "daemon") || +- !strcmp (p->pw_name, "bin") || +- !strcmp (p->pw_name, "adm") || +- !strcmp (p->pw_name, "sys") || +- !strcmp (p->pw_name, "games")) { +- if (nolock_reason) +- *nolock_reason = g_strdup_printf ("running as %s", +- (p && p->pw_name +- && *p->pw_name +- ? p->pw_name : "<unknown>")); +- return FALSE; +- } ++ out: ++ if (nolock_reason != NULL) { ++ *nolock_reason = g_strdup (reason); + } ++ g_free (reason); + +- return TRUE; ++ return ret; + } diff --git a/gnome-extra/gnome-screensaver/gnome-screensaver-2.20.0-r3.ebuild b/gnome-extra/gnome-screensaver/gnome-screensaver-2.20.0-r3.ebuild new file mode 100644 index 000000000000..2929aab198f1 --- /dev/null +++ b/gnome-extra/gnome-screensaver/gnome-screensaver-2.20.0-r3.ebuild @@ -0,0 +1,107 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-screensaver/gnome-screensaver-2.20.0-r3.ebuild,v 1.1 2008/04/02 14:03:31 eva Exp $ + +inherit gnome2 eutils + +DESCRIPTION="Replaces xscreensaver, integrating with the desktop." +HOMEPAGE="http://live.gnome.org/GnomeScreensaver" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 hppa ~ia64 ~ppc ppc64 sparc x86 ~x86-fbsd" +KERNEL_IUSE="kernel_linux" +IUSE="debug doc libnotify opengl pam xinerama $KERNEL_IUSE" + +RDEPEND=">=gnome-base/gconf-2.6.1 + >=x11-libs/gtk+-2.11.5 + >=gnome-base/gnome-vfs-2.12 + >=gnome-base/libglade-2.5.0 + >=gnome-base/gnome-menus-2.12 + >=dev-libs/glib-2.8 + >=gnome-base/libgnomekbd-0.1 + >=dev-libs/dbus-glib-0.71 + libnotify? ( x11-libs/libnotify ) + opengl? ( virtual/opengl ) + xinerama? ( + x11-libs/libXinerama + x11-proto/xineramaproto + ) + pam? ( virtual/pam ) + !pam? ( kernel_linux? ( sys-apps/shadow ) ) + x11-libs/libX11 + x11-libs/libXext + x11-libs/libXrandr + x11-libs/libXScrnSaver" +DEPEND="${RDEPEND} + sys-devel/gettext + >=dev-util/pkgconfig-0.9 + >=dev-util/intltool-0.35 + doc? ( + app-text/xmlto + ~app-text/docbook-xml-dtd-4.1.2 + ~app-text/docbook-xml-dtd-4.4 + ) + x11-proto/xextproto + x11-proto/randrproto + x11-proto/scrnsaverproto + x11-proto/xf86miscproto" + +DOCS="AUTHORS ChangeLog HACKING NEWS README TODO" + +pkg_setup() { + G2CONF="${G2CONF} \ + $(use_enable doc docbook-docs) \ + $(use_enable debug) \ + $(use_with libnotify) \ + $(use_with opengl libgl) \ + $(use_enable pam) \ + $(use_enable xinerama) \ + --enable-locking \ + --with-kbd-layout-indicator \ + --with-gdm-config=/usr/share/gdm/defaults.conf \ + --with-xscreensaverdir=/usr/share/xscreensaver/config \ + --with-xscreensaverhackdir=/usr/lib/misc/xscreensaver" +} + +src_unpack() { + gnome2_src_unpack + epatch "${FILESDIR}/${P}-fix-gamma.patch" + + # Fix CVE-2008-0887, bug #213940 + epatch "${FILESDIR}/${PN}-CVE-2008-0887.patch" +} + +src_install() { + gnome2_src_install + + # Install the conversion script in the documentation + dodoc "${S}"/data/migrate-xscreensaver-config.sh + dodoc "${S}"/data/xscreensaver-config.xsl + + # Conversion information + sed -e "s:\${PF}:${PF}:" \ + < "${FILESDIR}"/xss-conversion-2.txt > "${S}"/xss-conversion.txt + + dodoc "${S}"/xss-conversion.txt + + # Non PAM users will need this suid to read the password hashes. + # OpenPAM users will probably need this too when + # http://bugzilla.gnome.org/show_bug.cgi?id=370847 + # is fixed. + if ! use pam ; then + fperms u+s /usr/libexec/gnome-screensaver-dialog + fi +} + +pkg_postinst() { + gnome2_pkg_postinst + + ewarn "If you have xscreensaver installed, you probably want to disable it." + ewarn "To prevent a duplicate Screensaver entry in the menu, you need to" + ewarn "build xscreensaver with -gnome in the USE flags." + ewarn "echo \"x11-misc/xscreensaver -gnome\" >> /etc/portage/package.use" + echo + elog "Information for converting screensavers is located in " + elog "/usr/share/doc/${PF}/xss-conversion.txt.${PORTAGE_COMPRESS}" +} diff --git a/gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0.ebuild b/gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0-r1.ebuild index dd80b2cbf0d5..d96aab99d398 100644 --- a/gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0.ebuild +++ b/gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0-r1.ebuild @@ -1,8 +1,8 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0.ebuild,v 1.2 2008/03/26 21:03:07 cardoe Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-screensaver/gnome-screensaver-2.22.0-r1.ebuild,v 1.1 2008/04/02 14:03:31 eva Exp $ -inherit gnome2 +inherit eutils gnome2 DESCRIPTION="Replaces xscreensaver, integrating with the desktop." HOMEPAGE="http://live.gnome.org/GnomeScreensaver" @@ -64,6 +64,13 @@ pkg_setup() { --with-xscreensaverhackdir=/usr/lib/misc/xscreensaver" } +src_unpack() { + gnome2_src_unpack + + # Fix CVE-2008-0887, bug #213940 + epatch "${FILESDIR}/${PN}-CVE-2008-0887.patch" +} + src_install() { gnome2_src_install |