pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2012Q3] pkgsrc/x11/modular-xorg-server



Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Dec 18 17:43:02 UTC 2012

Modified Files:
        pkgsrc/x11/modular-xorg-server [pkgsrc-2012Q3]: Makefile distinfo
Added Files:
        pkgsrc/x11/modular-xorg-server/patches [pkgsrc-2012Q3]:
            patch-os_utils.c

Log Message:
Pullup ticket #3993 - requested by is
x11/modular-xorg-server: security patch

Revisions pulled up:
- x11/modular-xorg-server/Makefile                              1.73 via patch
- x11/modular-xorg-server/distinfo                              1.47
- x11/modular-xorg-server/patches/patch-os_utils.c              1.1

---
   Module Name: pkgsrc
   Committed By:        is
   Date:                Sat Dec 15 09:26:07 UTC 2012

   Modified Files:
        pkgsrc/x11/modular-xorg-server: Makefile distinfo
   Added Files:
        pkgsrc/x11/modular-xorg-server/patches: patch-os_utils.c

   Log Message:
   Fix CVE-2011-4028: File disclosure vulnerability.
   use O_NOFOLLOW to open the existing lock file, so symbolic links
   aren't followed, thus avoid revealing if it point to an existing
   file. Signed-off-by: Matthieu Herrb <matthieu.herrb%laas.fr@localhost>
   Reviewed-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>

   Fix CVE-2011-4029: File permission change vulnerability.
   Use fchmod() to change permissions of the lock file instead of
   chmod(), thus avoid the race that can be exploited to set a symbolic
   link to any file or directory in the system. Signed-off-by: Matthieu
   Herrb <matthieu.herrb%laas.fr@localhost> Reviewed-by: Alan Coopersmith
   <alan.coopersmith%oracle.com@localhost>


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.69.2.1 pkgsrc/x11/modular-xorg-server/Makefile
cvs rdiff -u -r1.46 -r1.46.4.1 pkgsrc/x11/modular-xorg-server/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/x11/modular-xorg-server/patches/patch-os_utils.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index