xorg-server: Changes to 'debian-unstable'
debian/changelog | 8 ++++++++
debian/local/xvfb-run | 13 +++++--------
2 files changed, 13 insertions(+), 8 deletions(-)
New commits:
commit ab5b900197966c25becdf9ad62861643749e01be
Author: Julien Cristau <jcristau@debian.org>
Date: Thu May 14 21:14:16 2009 +0200
xvfb-run: use mktemp to create the temporary directory.
diff --git a/debian/changelog b/debian/changelog
index 60b1dd8..7c2b114 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ xorg-server (2:1.6.1.901-3) UNRELEASED; urgency=low
* xvfb-run: don't pass the magic cookie to xauth on the command line
(CVE-2009-1573). Thanks, Loïc Minier!
+ * xvfb-run: use mktemp to create the temporary directory.
-- Julien Cristau <jcristau@debian.org> Thu, 14 May 2009 21:05:26 +0200
diff --git a/debian/local/xvfb-run b/debian/local/xvfb-run
index b11130a..4c2f4e0 100644
--- a/debian/local/xvfb-run
+++ b/debian/local/xvfb-run
@@ -147,12 +147,8 @@ trap clean_up EXIT
# If the user did not specify an X authorization file to use, set up a temporary
# directory to house one.
if [ -z "$AUTHFILE" ]; then
- XVFB_RUN_TMPDIR="${TMPDIR:-/tmp}/$PROGNAME.$$"
- if ! mkdir -p -m 700 "$XVFB_RUN_TMPDIR"; then
- error "temporary directory $XVFB_RUN_TMPDIR already exists"
- exit 4
- fi
- AUTHFILE=$(tempfile -n "$XVFB_RUN_TMPDIR/Xauthority")
+ XVFB_RUN_TMPDIR="$(mktemp -d -t $PROGNAME.XXXXXX)"
+ AUTHFILE="$XVFB_RUN_TMPDIR/Xauthority"
fi
# Start Xvfb.
commit ecf09e571198ee16256a5efd1c23fd286a4f2249
Author: Julien Cristau <jcristau@debian.org>
Date: Thu May 14 21:08:21 2009 +0200
xvfb-run: don't pass the magic cookie to xauth on the command line
Use xauth source to pass the cookie via stdin.
This addresses CVE-2009-1573. Thanks, Loïc Minier!
diff --git a/debian/changelog b/debian/changelog
index 8a2d6f3..60b1dd8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg-server (2:1.6.1.901-3) UNRELEASED; urgency=low
+
+ * xvfb-run: don't pass the magic cookie to xauth on the command line
+ (CVE-2009-1573). Thanks, Loïc Minier!
+
+ -- Julien Cristau <jcristau@debian.org> Thu, 14 May 2009 21:05:26 +0200
+
xorg-server (2:1.6.1.901-2) unstable; urgency=low
* Merge from upstream server-1.6-branch (commit a9f85dce).
diff --git a/debian/local/xvfb-run b/debian/local/xvfb-run
index c85f86a..b11130a 100644
--- a/debian/local/xvfb-run
+++ b/debian/local/xvfb-run
@@ -157,8 +157,9 @@ fi
# Start Xvfb.
MCOOKIE=$(mcookie)
-XAUTHORITY=$AUTHFILE xauth add ":$SERVERNUM" "$XAUTHPROTO" "$MCOOKIE" \
- >>"$ERRORFILE" 2>&1
+XAUTHORITY=$AUTHFILE xauth source - << EOF >>"$ERRORFILE" 2>&1
+add :$SERVERNUM $XAUTHPROTO $MCOOKIE
+EOF
XAUTHORITY=$AUTHFILE Xvfb ":$SERVERNUM" $XVFBARGS $LISTENTCP >>"$ERRORFILE" \
2>&1 &
XVFBPID=$!
Reply to: