pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/rxvt Fix for default display choosing vulnerabilit...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b2f0f79fb061
branches: trunk
changeset: 540238:b2f0f79fb061
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Thu Apr 03 22:33:00 2008 +0000
description:
Fix for default display choosing vulnerability (CVE-2008-1142).
Approved-by: jlam
diffstat:
x11/rxvt/Makefile | 4 ++--
x11/rxvt/distinfo | 3 ++-
x11/rxvt/patches/patch-am | 34 ++++++++++++++++++++++++++++++++++
3 files changed, 38 insertions(+), 3 deletions(-)
diffs (65 lines):
diff -r cff36edf7ea1 -r b2f0f79fb061 x11/rxvt/Makefile
--- a/x11/rxvt/Makefile Thu Apr 03 20:20:00 2008 +0000
+++ b/x11/rxvt/Makefile Thu Apr 03 22:33:00 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2007/12/02 11:49:55 wiz Exp $
+# $NetBSD: Makefile,v 1.53 2008/04/03 22:33:00 tonnerre Exp $
DISTNAME= rxvt-2.7.10
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= x11
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=rxvt/} \
ftp://mason.primenet.com.au/pub/rxvt/
diff -r cff36edf7ea1 -r b2f0f79fb061 x11/rxvt/distinfo
--- a/x11/rxvt/distinfo Thu Apr 03 20:20:00 2008 +0000
+++ b/x11/rxvt/distinfo Thu Apr 03 22:33:00 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2006/06/20 13:07:20 martin Exp $
+$NetBSD: distinfo,v 1.21 2008/04/03 22:33:00 tonnerre Exp $
SHA1 (rxvt-2.7.10.tar.bz2) = 16eae23c3227e28e5e7a53a58eaa3226affe65f9
RMD160 (rxvt-2.7.10.tar.bz2) = 83fab8df589e2413ba820d04bafb069e6af8c445
@@ -15,3 +15,4 @@
SHA1 (patch-aj) = 43ca25f034e6160f3a3dabbf1488df31cdecf95b
SHA1 (patch-ak) = 960d0bd263a6b8776df93603dc5322b685a6afae
SHA1 (patch-al) = 7107ec12205d0a5011a5828f8d30fbd577de41b7
+SHA1 (patch-am) = db69ba3b6754454613aa4aec61c1b033d7e013ae
diff -r cff36edf7ea1 -r b2f0f79fb061 x11/rxvt/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/rxvt/patches/patch-am Thu Apr 03 22:33:00 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-am,v 1.1 2008/04/03 22:33:00 tonnerre Exp $
+
+Remove the default display :0 (solves CVE-2008-1142)
+
+--- src/init.c.orig 2002-12-04 06:21:39.000000000 +0100
++++ src/init.c
+@@ -532,14 +532,13 @@ rxvt_init_resources(rxvt_t *r, int argc,
+ /*
+ * Open display, get options/resources and create the window
+ */
+- if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL)
+- rs[Rs_display_name] = ":0";
++ rs[Rs_display_name] = getenv("DISPLAY");
+
+ rxvt_get_options(r, r_argc, r_argv);
+ free(r_argv);
+
+ #ifdef LOCAL_X_IS_UNIX
+- if (rs[Rs_display_name][0] == ':') {
++ if (rs[Rs_display_name] && rs[Rs_display_name][0] == ':') {
+ val = rxvt_malloc(5 + STRLEN(rs[Rs_display_name]));
+ STRCPY(val, "unix");
+ STRCAT(val, rs[Rs_display_name]);
+@@ -550,7 +549,9 @@ rxvt_init_resources(rxvt_t *r, int argc,
+
+ if (r->Xdisplay == NULL
+ && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) {
+- rxvt_print_error("can't open display %s", rs[Rs_display_name]);
++ rxvt_print_error("can't open display %s", rs[Rs_display_name] ?
++ rs[Rs_display_name] : getenv("DISPLAY")?getenv("DISPLAY") :
++ "as no -display given and DISPLAY not set");
+ exit(EXIT_FAILURE);
+ }
+
Home |
Main Index |
Thread Index |
Old Index