Patches security vulnerabilities in Xorg-7.1. Closes ticket #2100.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6281 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -1,4 +1,4 @@
-<!ENTITY day          "07">                   <!-- Always 2 digits -->
+<!ENTITY day          "09">                   <!-- Always 2 digits -->
 <!ENTITY month        "08">                   <!-- Always 2 digits -->
 <!ENTITY year         "2006">
 <!ENTITY version      "svn-&year;&month;&day;">

introduction/welcome/changelog.xml

@@ -41,6 +41,16 @@
 
 -->
 
+    <listitem>
+      <para>August 9th, 2006</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dnicholson] - Added patches to fix security
+          vulnerabilities in Xorg-7.1. Closes ticket #2100.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>August 7th, 2006</para>
       <itemizedlist>

x/installing/x7app.xml

@@ -53,6 +53,28 @@
     </listitem>
   </itemizedlist>
 
+  <!-- Following four patches are security related and should be
+       fixed for Xorg-7.2 -->
+  <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xdm-1.0.4-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xf86dga-1.0.1-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xinit-1.0.2-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xload-1.0.1-setuid-1.patch"/></para>
+    </listitem>
+  </itemizedlist>
+
   <bridgehead renderas="sect3">Xorg Applications Dependencies</bridgehead>
 
   <bridgehead renderas="sect4">Required</bridgehead>
@@ -81,6 +103,29 @@ wget -B http://xorg.freedesktop.org/releases/individual/app/ -i ../app-7.1.wget<
   <sect2 role="installation">
     <title>Installation of Xorg Applications</title>
 
+    <para>A <ulink url='http://wiki.x.org/wiki/SecurityPage'>security
+    vulnerability</ulink> has been identified in the xdm, xf86dga, xinit
+    and xload packages. Before building these packages with the commands
+    shown below, be sure to apply the supplied patches. For xdm, this can be
+    accomplished with with the following command:</para>
+
+<screen><userinput>patch -Np1 -i ../xdm-1.0.4-setuid-1.patch</userinput></screen>
+
+    <para>For xf86dga, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i ../xf86dga-1.0.1-setuid-1.patch</userinput></screen>
+
+    <para>For xinit, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i ../xinit-1.0.2-setuid-1.patch</userinput></screen>
+
+    <para>For xload, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i ../xload-1.0.1-setuid-1.patch</userinput></screen>
+
     <para>Install the applications by running the following commands for each
     chosen package:</para>
 

x/installing/x7lib.xml

@@ -52,6 +52,20 @@
     </listitem>
   </itemizedlist>
 
+  <!-- Following two patches are security related and should be
+       fixed for Xorg-7.2 -->
+  <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/libX11-1.0.1-setuid-1.patch"/></para>
+    </listitem>
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xtrans-1.0.0-setuid-1.patch"/></para>
+    </listitem>
+  </itemizedlist>
+
   <bridgehead renderas="sect3">Xorg Libraries Dependencies</bridgehead>
 
   <bridgehead renderas="sect4">Required</bridgehead>
@@ -82,6 +96,19 @@ wget -B http://xorg.freedesktop.org/releases/individual/lib/ -i ../lib-7.1.wget<
   <sect2 role="installation">
     <title>Installation of Xorg Libraries</title>
 
+    <para>A <ulink url='http://wiki.x.org/wiki/SecurityPage'>security
+    vulnerability</ulink> has been identified in the libX11 and xtrans
+    packages. Before building these packages with the commands shown below,
+    be sure to apply the supplied patches. For libX11, this can be
+    accomplished with with the following command:</para>
+
+<screen><userinput>patch -Np1 -i ../libX11-1.0.1-setuid-1.patch</userinput></screen>
+
+    <para>For xtrans, the patch can be applied with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i ../xtrans-1.0.0-setuid-1.patch</userinput></screen>
+
     <para>Install the libraries by running the following commands for each
     of the chosen packages:</para>
 

x/installing/x7server.xml

@@ -52,6 +52,16 @@
     </listitem>
   </itemizedlist>
 
+  <!-- Following patch is security related and should be
+       fixed for Xorg-7.2 -->
+  <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>Required patch: <ulink
+      url="&patch-root;/xorg-server-1.1.0-setuid-2.patch"/></para>
+    </listitem>
+  </itemizedlist>
+
   <bridgehead renderas="sect3">Xorg Server Dependencies</bridgehead>
 
   <bridgehead renderas="sect4">Required</bridgehead>
@@ -90,6 +100,13 @@
         hw/xfree86/os-support/linux/lnx_agp.c</userinput></screen>
  End remove -->
 
+    <para>A <ulink url='http://wiki.x.org/wiki/SecurityPage'>security
+    vulnerability</ulink> has been identified in the xorg-server
+    packages. Apply a patch to fix this vulnerability with the following
+    command:</para>
+
+<screen><userinput>patch -Np1 -i ../xorg-server-1.1.0-setuid-2.patch</userinput></screen>
+
     <para>Install the server by running the following commands:</para>
 
 <screen><userinput>sed -i \