untrusted comment: verify with openbsd-64-base.pub

untrusted comment: verify with openbsd-64-base.pub
RWQq6XmS4eDAcU4JndgSdtPICkKeYqRA9eTAYAaEOipLqzEfoHu9t1VaQKd/kz6OfUo0/5OGho+U6MqhcugSsMO+DAfoO3Z/3Ag=

OpenBSD 6.4 errata 001, October 25, 2018

The Xorg X server incorrectly validates options, allowing anyone to
overwrite arbitrary files.

Apply by doing:
signify -Vep /etc/signify/openbsd-64-base.pub -x 001_xserver.patch.sig \
-m - | (cd /usr/xenocara && patch -p0)

And then compile and rebuild the X server
cd /usr/xenocara/xserver
make -f Makefile.bsd-wrapper obj
make -f Makefile.bsd-wrapper build

Index: xserver/hw/xfree86/common/xf86Init.c
===================================================================
RCS file: /cvs/xenocara/xserver/hw/xfree86/common/xf86Init.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -u -r1.26 -r1.27
--- xserver/hw/xfree86/common/xf86Init.c 8 Dec 2017 15:02:00 -0000 1.26
+++ xserver/hw/xfree86/common/xf86Init.c 25 Oct 2018 15:44:27 -0000 1.27
@@ -1145,14 +1145,18 @@ ddxProcessArgument(int argc, char **argv
/* First the options that are not allowed with elevated privileges */
if (!strcmp(argv[i], "-modulepath")) {
CHECK_FOR_REQUIRED_ARGUMENT();
- xf86CheckPrivs(argv[i], argv[i + 1]);
+ if (xf86PrivsElevated())
+ FatalError("\nInvalid argument -modulepath "
+ "with elevated privileges\n");
xf86ModulePath = argv[i + 1];
xf86ModPathFrom = X_CMDLINE;
return 2;
}
if (!strcmp(argv[i], "-logfile")) {
CHECK_FOR_REQUIRED_ARGUMENT();
- xf86CheckPrivs(argv[i], argv[i + 1]);
+ if (xf86PrivsElevated())
+ FatalError("\nInvalid argument -logfile "
+ "with elevated privileges\n");
xf86LogFile = argv[i + 1];
xf86LogFileFrom = X_CMDLINE;
return 2;