xorg-server: Changes to 'debian-unstable'
ChangeLog | 28 ++++++++++++++++++++++++++++
debian/changelog | 9 +++++++++
os/utils.c | 4 ++--
3 files changed, 39 insertions(+), 2 deletions(-)
New commits:
commit 29daa15107a4b60eb87f33adb34b57fffe91483c
Author: Cyril Brulebois <kibi@debian.org>
Date: Thu Oct 20 15:04:55 2011 +0200
Upload to unstable.
diff --git a/debian/changelog b/debian/changelog
index 88c5cae..21de21d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,11 @@
-xorg-server (2:1.11.1.901-2) UNRELEASED; urgency=high
+xorg-server (2:1.11.1.901-2) unstable; urgency=high
* Merge from upstream to get CVEs fixed:
- Fix CVE-2011-4028: File disclosure vulnerability.
- Fix CVE-2011-4029: File permission change vulnerability.
* Set urgency to “high” accordingly.
- -- Cyril Brulebois <kibi@debian.org> Thu, 20 Oct 2011 14:57:18 +0200
+ -- Cyril Brulebois <kibi@debian.org> Thu, 20 Oct 2011 15:04:53 +0200
xorg-server (2:1.11.1.901-1) unstable; urgency=low
commit e16e767d1818737a9c62073ce1e4739d0aeac011
Author: Cyril Brulebois <kibi@debian.org>
Date: Thu Oct 20 15:04:51 2011 +0200
Set urgency to “high” accordingly.
diff --git a/debian/changelog b/debian/changelog
index d3ecc00..88c5cae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,9 @@
-xorg-server (2:1.11.1.901-2) UNRELEASED; urgency=low
+xorg-server (2:1.11.1.901-2) UNRELEASED; urgency=high
* Merge from upstream to get CVEs fixed:
- Fix CVE-2011-4028: File disclosure vulnerability.
- Fix CVE-2011-4029: File permission change vulnerability.
+ * Set urgency to “high” accordingly.
-- Cyril Brulebois <kibi@debian.org> Thu, 20 Oct 2011 14:57:18 +0200
commit c9520669812cea358cd1da101ce403a317354691
Author: Cyril Brulebois <kibi@debian.org>
Date: Thu Oct 20 15:00:21 2011 +0200
Bump changelogs.
diff --git a/ChangeLog b/ChangeLog
index ae3e148..8f04005 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,31 @@
+commit 12f65819ffb04103f170ecd7e281348de618fc4c
+Author: Matthieu Herrb <matthieu.herrb@laas.fr>
+Date: Mon Oct 17 22:27:35 2011 +0200
+
+ Fix CVE-2011-4029: File permission change vulnerability.
+
+ Use fchmod() to change permissions of the lock file instead
+ of chmod(), thus avoid the race that can be exploited to set
+ a symbolic link to any file or directory in the system.
+
+ Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ (cherry picked from commit b67581cf825940fdf52bf2e0af4330e695d724a4)
+
+commit f80d23357874db19bc124dee70239fb182977883
+Author: Matthieu Herrb <matthieu.herrb@laas.fr>
+Date: Mon Oct 17 22:26:12 2011 +0200
+
+ Fix CVE-2011-4028: File disclosure vulnerability.
+
+ use O_NOFOLLOW to open the existing lock file, so symbolic links
+ aren't followed, thus avoid revealing if it point to an existing
+ file.
+
+ Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
+ Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+ (cherry picked from commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34)
+
commit 374be44d13bc8f04a2413b6d5b2006e73d5a8f53
Author: Jeremy Huddleston <jeremyhu@apple.com>
Date: Fri Oct 14 16:29:54 2011 -0700
diff --git a/debian/changelog b/debian/changelog
index 0ca1bae..d3ecc00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xorg-server (2:1.11.1.901-2) UNRELEASED; urgency=low
+
+ * Merge from upstream to get CVEs fixed:
+ - Fix CVE-2011-4028: File disclosure vulnerability.
+ - Fix CVE-2011-4029: File permission change vulnerability.
+
+ -- Cyril Brulebois <kibi@debian.org> Thu, 20 Oct 2011 14:57:18 +0200
+
xorg-server (2:1.11.1.901-1) unstable; urgency=low
* New upstream release candidate (1.11.2 RC1)
commit 12f65819ffb04103f170ecd7e281348de618fc4c
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date: Mon Oct 17 22:27:35 2011 +0200
Fix CVE-2011-4029: File permission change vulnerability.
Use fchmod() to change permissions of the lock file instead
of chmod(), thus avoid the race that can be exploited to set
a symbolic link to any file or directory in the system.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit b67581cf825940fdf52bf2e0af4330e695d724a4)
diff --git a/os/utils.c b/os/utils.c
index 9e0acb6..d9aa65e 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -295,7 +295,7 @@ LockServer(void)
FatalError("Could not create lock file in %s\n", tmp);
(void) sprintf(pid_str, "%10ld\n", (long)getpid());
(void) write(lfd, pid_str, 11);
- (void) chmod(tmp, 0444);
+ (void) fchmod(lfd, 0444);
(void) close(lfd);
/*
commit f80d23357874db19bc124dee70239fb182977883
Author: Matthieu Herrb <matthieu.herrb@laas.fr>
Date: Mon Oct 17 22:26:12 2011 +0200
Fix CVE-2011-4028: File disclosure vulnerability.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34)
diff --git a/os/utils.c b/os/utils.c
index 36cb46f..9e0acb6 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -316,7 +316,7 @@ LockServer(void)
/*
* Read the pid from the existing file
*/
- lfd = open(LockFile, O_RDONLY);
+ lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
if (lfd < 0) {
unlink(tmp);
FatalError("Can't read lock file %s\n", LockFile);
Reply to: