From cbcab697a2e9687c792d5ac25134f939ac218158 Mon Sep 17 00:00:00 2001
From: kwm <kwm@FreeBSD.org>
Date: Tue, 18 Oct 2011 18:25:44 +0000
Subject: Fix CVE-2011-4028 and CVE-2011-4029.

Obtained from:	upstream xorg-server
Security:	8441957c-f9b4-11e0-a78a-bcaec565249c
---
 x11-servers/xorg-server/Makefile               |  2 +-
 x11-servers/xorg-server/files/patch-os-utils.c | 24 +++++++++++++++++++++---
 2 files changed, 22 insertions(+), 4 deletions(-)

(limited to 'x11-servers')

diff --git a/x11-servers/xorg-server/Makefile b/x11-servers/xorg-server/Makefile
index 5cfede912f3b..b1e7a1bc7e10 100644
--- a/x11-servers/xorg-server/Makefile
+++ b/x11-servers/xorg-server/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	xorg-server
 PORTVERSION=	1.7.7
-PORTREVISION=	2
+PORTREVISION=	3
 PORTEPOCH=	1
 CATEGORIES=	x11-servers
 MASTER_SITES=	http://xorg.freedesktop.org/releases/individual/xserver/
diff --git a/x11-servers/xorg-server/files/patch-os-utils.c b/x11-servers/xorg-server/files/patch-os-utils.c
index a5509b86539a..3fe8530231e9 100644
--- a/x11-servers/xorg-server/files/patch-os-utils.c
+++ b/x11-servers/xorg-server/files/patch-os-utils.c
@@ -1,6 +1,24 @@
---- os/utils.c.orig	2007-08-23 15:04:55.000000000 -0400
-+++ os/utils.c	2008-02-29 13:11:01.000000000 -0500
-@@ -525,7 +525,11 @@
+--- os/utils.c.orig	2010-05-04 02:48:00.000000000 +0200
++++ os/utils.c	2011-10-18 20:08:10.000000000 +0200
+@@ -315,7 +315,7 @@
+     FatalError("Could not create lock file in %s\n", tmp);
+   (void) sprintf(pid_str, "%10ld\n", (long)getpid());
+   (void) write(lfd, pid_str, 11);
+-  (void) chmod(tmp, 0444);
++  (void) fchmod(tmp, 0444);
+   (void) close(lfd);
+ 
+   /*
+@@ -336,7 +336,7 @@
+       /*
+        * Read the pid from the existing file
+        */
+-      lfd = open(LockFile, O_RDONLY);
++      lfd = open(LockFile, O_RDONLY|O_NOFOLLOW);
+       if (lfd < 0) {
+         unlink(tmp);
+         FatalError("Can't read lock file %s\n", LockFile);
+@@ -436,7 +436,11 @@
  
  #ifdef MONOTONIC_CLOCK
      struct timespec tp;
-- 
cgit