pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2012Q3] pkgsrc/x11/modular-xorg-server
Module Name: pkgsrc
Committed By: tron
Date: Tue Dec 18 17:43:02 UTC 2012
Modified Files:
pkgsrc/x11/modular-xorg-server [pkgsrc-2012Q3]: Makefile distinfo
Added Files:
pkgsrc/x11/modular-xorg-server/patches [pkgsrc-2012Q3]:
patch-os_utils.c
Log Message:
Pullup ticket #3993 - requested by is
x11/modular-xorg-server: security patch
Revisions pulled up:
- x11/modular-xorg-server/Makefile 1.73 via patch
- x11/modular-xorg-server/distinfo 1.47
- x11/modular-xorg-server/patches/patch-os_utils.c 1.1
---
Module Name: pkgsrc
Committed By: is
Date: Sat Dec 15 09:26:07 UTC 2012
Modified Files:
pkgsrc/x11/modular-xorg-server: Makefile distinfo
Added Files:
pkgsrc/x11/modular-xorg-server/patches: patch-os_utils.c
Log Message:
Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file. Signed-off-by: Matthieu Herrb <matthieu.herrb%laas.fr@localhost>
Reviewed-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>
Fix CVE-2011-4029: File permission change vulnerability.
Use fchmod() to change permissions of the lock file instead of
chmod(), thus avoid the race that can be exploited to set a symbolic
link to any file or directory in the system. Signed-off-by: Matthieu
Herrb <matthieu.herrb%laas.fr@localhost> Reviewed-by: Alan Coopersmith
<alan.coopersmith%oracle.com@localhost>
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.69.2.1 pkgsrc/x11/modular-xorg-server/Makefile
cvs rdiff -u -r1.46 -r1.46.4.1 pkgsrc/x11/modular-xorg-server/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/x11/modular-xorg-server/patches/patch-os_utils.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index