Index: ChangeLog
===================================================================
--- ChangeLog (revision 18941)
+++ ChangeLog (working copy)
@@ -1,3 +1,8 @@
+2009-07-31 Alan Coopersmith <alan.coopersmith at sun.com>
+
+ * SUNWxscreensaver.spec, patches/xscreensaver-47-bug-6859039.diff:
+ forward port xscreensaver-47-bug-6859039.diff from new X gate putback
+
2009-07-31 Christian Kelly <christian.kelly at sun.com>
* base-specs/libgnome.spec: Bump to 2.27.5.
Index: SUNWxscreensaver.spec
===================================================================
--- SUNWxscreensaver.spec (revision 18941)
+++ SUNWxscreensaver.spec (working copy)
@@ -145,6 +145,8 @@
Patch45: xscreensaver-45-bug-6825374.diff
# date:2009-07-14 owner:au230626 type:bug bugster:6857559
Patch46: xscreensaver-46-bug-6857559.diff
+# date:2009-07-31 owner:bp230705 type:bug bugster:6859039
+Patch47: xscreensaver-47-bug-6859039.diff
# date:2008-03-07 owner:alanc type:branding
Patch101: rss-glx-101-matrixview.diff
@@ -315,6 +317,7 @@
%patch44 -p1
%patch45 -p1
%patch46 -p1
+%patch47 -p1
chmod a+x install-sh configure
@@ -629,6 +632,8 @@
%endif
%changelog
+* Fri Jul 31 2009 - alan.coopersmith at sun.com
+- forward port xscreensaver-47-bug-6859039.diff from new X gate putback
* Thu Jul 30 2009 - alan.coopersmith at sun.com
- move Solaris branding logos to solaris-lockscreen-logos-1.0.tar.bz2
* Fri Jul 24 2009 - alan.coopersmith at sun.com
Index: patches/xscreensaver-47-bug-6859039.diff
===================================================================
--- patches/xscreensaver-47-bug-6859039.diff (revision 0)
+++ patches/xscreensaver-47-bug-6859039.diff (revision 0)
@@ -0,0 +1,55 @@
+
+/*
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, provided that the above
+ * copyright notice(s) and this permission notice appear in all copies of
+ * the Software and that both the above copyright notice(s) and this
+ * permission notice appear in supporting documentation.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+ * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
+ * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Except as contained in this notice, the name of a copyright holder
+ * shall not be used in advertising or otherwise to promote the sale, use
+ * or other dealings in this Software without prior written authorization
+ * of the copyright holder.
+ *
+ */
+
+
+--- xscreensaver-5.01/driver/prefs.c-old Wed Jul 22 23:49:34 2009
++++ xscreensaver-5.01/driver/prefs.c Wed Jul 22 23:52:44 2009
+@@ -380,8 +380,20 @@
+ p->init_file_date = 0;
+ return 0;
+ }
++ /*
++ * 6859039: unprivileged local users can access through xscreensaver
++ */
++
++ /* Drop Privilege before opening .xscreensaver file */
++ uid_t idorg=geteuid();
++ if(seteuid(getuid())!=0)
++ return 0;
+
+ in = fopen(name, "r");
++
++ /* Restore Privilege */
++ seteuid(idorg);
++
+ if (!in)
+ {
+ char *buf = (char *) malloc(1024 + strlen(name));
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
