Fix CVE-2011-4028 and CVE-2011-4029.

Obtained from: upstream xorg-server Security: 8441957c-f9b4-11e0-a78a-bcaec565249c
svn path=/head/; revision=283838
2025-01-21 08:42:23 +00:00 · 2011-10-18 18:25:44 +00:00 · 2011-10-18 18:25:44 +00:00 · 185fd9100b · 2021-03-31 03:12:20 +00:00
commit 185fd9100b
parent 9e57e1808a
2 changed files with 22 additions and 4 deletions
--- a/x11-servers/xorg-server/Makefile
+++ b/x11-servers/xorg-server/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	xorg-server
 PORTVERSION=	1.7.7
-PORTREVISION=	2
+PORTREVISION=	3
 PORTEPOCH=	1
 CATEGORIES=	x11-servers
 MASTER_SITES=	http://xorg.freedesktop.org/releases/individual/xserver/
--- a/x11-servers/xorg-server/files/patch-os-utils.c
+++ b/x11-servers/xorg-server/files/patch-os-utils.c
@ -1,6 +1,24 @@
--- os/utils.c.orig	2007-08-23 15:04:55.000000000 -0400
-+++ os/utils.c	2008-02-29 13:11:01.000000000 -0500
-@@ -525,7 +525,11 @@
+--- os/utils.c.orig	2010-05-04 02:48:00.000000000 +0200
+++ os/utils.c	2011-10-18 20:08:10.000000000 +0200
+@@ -315,7 +315,7 @@
+     FatalError("Could not create lock file in %s\n", tmp);
+   (void) sprintf(pid_str, "%10ld\n", (long)getpid());
+   (void) write(lfd, pid_str, 11);
+-  (void) chmod(tmp, 0444);
+  (void) fchmod(tmp, 0444);
+   (void) close(lfd);
+ 
+   /*
+@@ -336,7 +336,7 @@
+       /*
+        * Read the pid from the existing file
+        */
+-      lfd = open(LockFile, O_RDONLY);
+      lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
+       if (lfd < 0) {
+         unlink(tmp);
+         FatalError("Can't read lock file %s\n", LockFile);
+@@ -436,7 +436,11 @@
 
 #ifdef MONOTONIC_CLOCK
     struct timespec tp;