pkgsrc.se | The NetBSD package collection

./x11/modular-xorg-server, Modular X11 server from modular X.org

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2012Q3, Version: 1.6.5nb14, Package name: modular-xorg-server-1.6.5nb14, Maintainer: pkgsrc-users

The X.org X11 Server from the modularized source tree of
X.org X11.

Required to run:
[x11/libXau] [x11/pixman] [x11/libXfont] [x11/Xfixes] [x11/xkbcomp] [x11/libdrm] [x11/xkeyboard-config] [sysutils/libpciaccess] [fonts/libfontenc] [graphics/MesaLib]

Required to build:
[pkgtools/x11-links] [x11/glproto] [x11/randrproto] [x11/scrnsaverproto] [x11/damageproto] [x11/xf86miscproto] [x11/bigreqsproto] [x11/xf86dgaproto] [x11/recordproto] [x11/xf86vidmodeproto] [x11/xf86bigfontproto] [x11/xextproto] [x11/fixesproto] [x11/compositeproto] [x11/evieext] [x11/fontsproto] [x11/trapproto] [x11/videoproto] [x11/xf86driproto] [x11/xproto] [x11/xtrans] [x11/inputproto] [x11/xcmiscproto] [x11/xineramaproto] [x11/dri2proto] [x11/resourceproto] [x11/renderproto] [devel/libtool-base] [devel/pkg-config] [devel/gmake]

Package options: dri, inet6

Master sites: (Expand)

SHA1: c57c80dd15d3ca492e58ae993b9015d085ec6ea6
RMD160: 702970358a5643dbc9205f42e39c5b8ed2ff845a
Filesize: 4568.756 KB

Version history: (Expand)

(2012-12-18) Updated to version: modular-xorg-server-1.6.5nb14
(2012-10-02) Package added to pkgsrc.se, version modular-xorg-server-1.6.5nb12 (created)

CVS history: (Expand)

2012-12-18 18:43:02 by Matthias Scheler | Files touched by this commit (3)

Log message:
Pullup ticket #3993 - requested by is
x11/modular-xorg-server: security patch

Revisions pulled up:
- x11/modular-xorg-server/Makefile                              1.73 via patch
- x11/modular-xorg-server/distinfo                              1.47
- x11/modular-xorg-server/patches/patch-os_utils.c              1.1

---
   Module Name:	pkgsrc
   Committed By:	is
   Date:		Sat Dec 15 09:26:07 UTC 2012

   Modified Files:
   	pkgsrc/x11/modular-xorg-server: Makefile distinfo
   Added Files:
   	pkgsrc/x11/modular-xorg-server/patches: patch-os_utils.c

   Log message:
   Fix CVE-2011-4028: File disclosure vulnerability.
   use O_NOFOLLOW to open the existing lock file, so symbolic links
   aren't followed, thus avoid revealing if it point to an existing
   file. Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
   Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>

   Fix CVE-2011-4029: File permission change vulnerability.
   Use fchmod() to change permissions of the lock file instead of
   chmod(), thus avoid the race that can be exploited to set a symbolic
   link to any file or directory in the system. Signed-off-by: Matthieu
   Herrb <matthieu.herrb@laas.fr> Reviewed-by: Alan Coopersmith
   <alan.coopersmith@oracle.com>