pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/rxvt-unicode Fix rxvt-unicode default display vuln...
details: https://anonhg.NetBSD.org/pkgsrc/rev/57b90f1b3759
branches: trunk
changeset: 540240:57b90f1b3759
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Thu Apr 03 22:36:52 2008 +0000
description:
Fix rxvt-unicode default display vulnerability (CVE-2008-1142).
Approved-by: jlam
diffstat:
x11/rxvt-unicode/Makefile | 4 ++--
x11/rxvt-unicode/distinfo | 3 ++-
x11/rxvt-unicode/patches/patch-ab | 22 ++++++++++++++++++++++
3 files changed, 26 insertions(+), 3 deletions(-)
diffs (52 lines):
diff -r 03e4faaa3007 -r 57b90f1b3759 x11/rxvt-unicode/Makefile
--- a/x11/rxvt-unicode/Makefile Thu Apr 03 22:33:47 2008 +0000
+++ b/x11/rxvt-unicode/Makefile Thu Apr 03 22:36:52 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2008/02/21 02:41:56 tnn Exp $
+# $NetBSD: Makefile,v 1.22 2008/04/03 22:36:52 tonnerre Exp $
#
DISTNAME= rxvt-unicode-8.3
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= x11
MASTER_SITES= http://dist.schmorp.de/rxvt-unicode/ \
http://dist.schmorp.de/rxvt-unicode/Attic/
diff -r 03e4faaa3007 -r 57b90f1b3759 x11/rxvt-unicode/distinfo
--- a/x11/rxvt-unicode/distinfo Thu Apr 03 22:33:47 2008 +0000
+++ b/x11/rxvt-unicode/distinfo Thu Apr 03 22:36:52 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.10 2007/08/06 10:02:27 ghen Exp $
+$NetBSD: distinfo,v 1.11 2008/04/03 22:36:52 tonnerre Exp $
SHA1 (rxvt-unicode-8.3.tar.bz2) = cd335c47543ba086585a296ca0fe7445c07120dd
RMD160 (rxvt-unicode-8.3.tar.bz2) = 000dbcb1ff297edbff0a8b21dbbba3db30854579
Size (rxvt-unicode-8.3.tar.bz2) = 885212 bytes
SHA1 (patch-aa) = e5760c57a6b47780ee851efe09dda5f2f02fca40
+SHA1 (patch-ab) = 2bfbffea8d63ebd65bfa9b0dc43a1901f844137e
diff -r 03e4faaa3007 -r 57b90f1b3759 x11/rxvt-unicode/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/rxvt-unicode/patches/patch-ab Thu Apr 03 22:36:52 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.4 2008/04/03 22:36:52 tonnerre Exp $
+
+Fix default display vulnerability (CVE-2008-1142).
+
+--- src/init.C.orig 2007-08-01 19:35:02.000000000 +0200
++++ src/init.C
+@@ -299,11 +299,13 @@ rxvt_term::init_resources (int argc, con
+ * Open display, get options/resources and create the window
+ */
+
+- if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL)
+- rs[Rs_display_name] = ":0";
++ rs[Rs_display_name] = getenv ("DISPLAY");
+
+ get_options (r_argc, r_argv);
+
++ if (!rs[Rs_display_name])
++ rxvt_fatal ("no display given and DISPLAY not set, aborting.\n");
++
+ if (!(display = displays.get (rs[Rs_display_name])))
+ rxvt_fatal ("can't open display %s, aborting.\n", rs[Rs_display_name]);
+
Home |
Main Index |
Thread Index |
Old Index