pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/x11/rxvt Fix for default display choosing vulnerabilit...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b2f0f79fb061
branches:  trunk
changeset: 540238:b2f0f79fb061
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Thu Apr 03 22:33:00 2008 +0000

description:
Fix for default display choosing vulnerability (CVE-2008-1142).
Approved-by: jlam

diffstat:

 x11/rxvt/Makefile         |   4 ++--
 x11/rxvt/distinfo         |   3 ++-
 x11/rxvt/patches/patch-am |  34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r cff36edf7ea1 -r b2f0f79fb061 x11/rxvt/Makefile
--- a/x11/rxvt/Makefile Thu Apr 03 20:20:00 2008 +0000
+++ b/x11/rxvt/Makefile Thu Apr 03 22:33:00 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2007/12/02 11:49:55 wiz Exp $
+# $NetBSD: Makefile,v 1.53 2008/04/03 22:33:00 tonnerre Exp $
 
 DISTNAME=              rxvt-2.7.10
-PKGREVISION=           5
+PKGREVISION=           6
 CATEGORIES=            x11
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=rxvt/} \
                        ftp://mason.primenet.com.au/pub/rxvt/
diff -r cff36edf7ea1 -r b2f0f79fb061 x11/rxvt/distinfo
--- a/x11/rxvt/distinfo Thu Apr 03 20:20:00 2008 +0000
+++ b/x11/rxvt/distinfo Thu Apr 03 22:33:00 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2006/06/20 13:07:20 martin Exp $
+$NetBSD: distinfo,v 1.21 2008/04/03 22:33:00 tonnerre Exp $
 
 SHA1 (rxvt-2.7.10.tar.bz2) = 16eae23c3227e28e5e7a53a58eaa3226affe65f9
 RMD160 (rxvt-2.7.10.tar.bz2) = 83fab8df589e2413ba820d04bafb069e6af8c445
@@ -15,3 +15,4 @@
 SHA1 (patch-aj) = 43ca25f034e6160f3a3dabbf1488df31cdecf95b
 SHA1 (patch-ak) = 960d0bd263a6b8776df93603dc5322b685a6afae
 SHA1 (patch-al) = 7107ec12205d0a5011a5828f8d30fbd577de41b7
+SHA1 (patch-am) = db69ba3b6754454613aa4aec61c1b033d7e013ae
diff -r cff36edf7ea1 -r b2f0f79fb061 x11/rxvt/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/rxvt/patches/patch-am Thu Apr 03 22:33:00 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-am,v 1.1 2008/04/03 22:33:00 tonnerre Exp $
+
+Remove the default display :0 (solves CVE-2008-1142)
+
+--- src/init.c.orig    2002-12-04 06:21:39.000000000 +0100
++++ src/init.c
+@@ -532,14 +532,13 @@ rxvt_init_resources(rxvt_t *r, int argc,
+ /*
+  * Open display, get options/resources and create the window
+  */
+-    if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL)
+-      rs[Rs_display_name] = ":0";
++    rs[Rs_display_name] = getenv("DISPLAY");
+ 
+     rxvt_get_options(r, r_argc, r_argv);
+     free(r_argv);
+ 
+ #ifdef LOCAL_X_IS_UNIX
+-    if (rs[Rs_display_name][0] == ':') {
++    if (rs[Rs_display_name] && rs[Rs_display_name][0] == ':') {
+       val = rxvt_malloc(5 + STRLEN(rs[Rs_display_name]));
+       STRCPY(val, "unix");
+       STRCAT(val, rs[Rs_display_name]);
+@@ -550,7 +549,9 @@ rxvt_init_resources(rxvt_t *r, int argc,
+ 
+     if (r->Xdisplay == NULL
+       && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) {
+-      rxvt_print_error("can't open display %s", rs[Rs_display_name]);
++      rxvt_print_error("can't open display %s", rs[Rs_display_name] ?
++              rs[Rs_display_name] : getenv("DISPLAY")?getenv("DISPLAY") :
++              "as no -display given and DISPLAY not set");
+       exit(EXIT_FAILURE);
+     }
+ 



Home | Main Index | Thread Index | Old Index