--- - branch: pkgsrc-2012Q3 date: Tue Dec 18 17:43:02 UTC 2012 files: - new: 1.69.2.1 old: '1.69' path: pkgsrc/x11/modular-xorg-server/Makefile pathrev: pkgsrc/x11/modular-xorg-server/Makefile@1.69.2.1 type: modified - new: 1.46.4.1 old: '1.46' path: pkgsrc/x11/modular-xorg-server/distinfo pathrev: pkgsrc/x11/modular-xorg-server/distinfo@1.46.4.1 type: modified - new: 1.1.2.2 old: '0' path: pkgsrc/x11/modular-xorg-server/patches/patch-os_utils.c pathrev: pkgsrc/x11/modular-xorg-server/patches/patch-os_utils.c@1.1.2.2 type: added id: 20121218T174302Z.6cf98cc10bcdb6e5f27c3bcc0fb8c80c8bb53a59 log: "Pullup ticket #3993 - requested by is\nx11/modular-xorg-server: security patch\n\nRevisions pulled up:\n- x11/modular-xorg-server/Makefile 1.73 via patch\n- x11/modular-xorg-server/distinfo 1.47\n- x11/modular-xorg-server/patches/patch-os_utils.c 1.1\n\n---\n Module Name:\tpkgsrc\n Committed By:\tis\n Date:\t\tSat Dec 15 09:26:07 UTC 2012\n\n \ Modified Files:\n \tpkgsrc/x11/modular-xorg-server: Makefile distinfo\n Added Files:\n \tpkgsrc/x11/modular-xorg-server/patches: patch-os_utils.c\n\n Log Message:\n Fix CVE-2011-4028: File disclosure vulnerability.\n use O_NOFOLLOW to open the existing lock file, so symbolic links\n aren't followed, thus avoid revealing if it point to an existing\n file. Signed-off-by: Matthieu Herrb \n \ Reviewed-by: Alan Coopersmith \n\n Fix CVE-2011-4029: File permission change vulnerability.\n Use fchmod() to change permissions of the lock file instead of\n chmod(), thus avoid the race that can be exploited to set a symbolic\n link to any file or directory in the system. Signed-off-by: Matthieu\n Herrb Reviewed-by: Alan Coopersmith\n \n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2012Q3] pkgsrc/x11/modular-xorg-server' unixtime: '1355852582' user: tron