diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-04-03 22:36:52 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-04-03 22:36:52 +0000 |
| commit | ec3cd9d9d156ea2b46c255e89d786b891c31cea1 (patch) | |
| tree | fb7f0745f52e77ea832ac6aefa3b2b46efcc9416 /x11/rxvt-unicode | |
| parent | f818a0f7a3568d39d7a2249706f95913f58a2b09 (diff) | |
| download | pkgsrc-ec3cd9d9d156ea2b46c255e89d786b891c31cea1.tar.gz | |
Fix rxvt-unicode default display vulnerability (CVE-2008-1142).
Approved-by: jlam
Diffstat (limited to 'x11/rxvt-unicode')
| -rw-r--r-- | x11/rxvt-unicode/Makefile | 4 | ||||
| -rw-r--r-- | x11/rxvt-unicode/distinfo | 3 | ||||
| -rw-r--r-- | x11/rxvt-unicode/patches/patch-ab | 22 |
3 files changed, 26 insertions, 3 deletions
diff --git a/x11/rxvt-unicode/Makefile b/x11/rxvt-unicode/Makefile index 65ddb531ee8..9279186cb25 100644 --- a/x11/rxvt-unicode/Makefile +++ b/x11/rxvt-unicode/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.21 2008/02/21 02:41:56 tnn Exp $ +# $NetBSD: Makefile,v 1.22 2008/04/03 22:36:52 tonnerre Exp $ # DISTNAME= rxvt-unicode-8.3 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= x11 MASTER_SITES= http://dist.schmorp.de/rxvt-unicode/ \ http://dist.schmorp.de/rxvt-unicode/Attic/ diff --git a/x11/rxvt-unicode/distinfo b/x11/rxvt-unicode/distinfo index 2e8bbe27b8e..72388dd1ed6 100644 --- a/x11/rxvt-unicode/distinfo +++ b/x11/rxvt-unicode/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.10 2007/08/06 10:02:27 ghen Exp $ +$NetBSD: distinfo,v 1.11 2008/04/03 22:36:52 tonnerre Exp $ SHA1 (rxvt-unicode-8.3.tar.bz2) = cd335c47543ba086585a296ca0fe7445c07120dd RMD160 (rxvt-unicode-8.3.tar.bz2) = 000dbcb1ff297edbff0a8b21dbbba3db30854579 Size (rxvt-unicode-8.3.tar.bz2) = 885212 bytes SHA1 (patch-aa) = e5760c57a6b47780ee851efe09dda5f2f02fca40 +SHA1 (patch-ab) = 2bfbffea8d63ebd65bfa9b0dc43a1901f844137e diff --git a/x11/rxvt-unicode/patches/patch-ab b/x11/rxvt-unicode/patches/patch-ab new file mode 100644 index 00000000000..f821379065c --- /dev/null +++ b/x11/rxvt-unicode/patches/patch-ab @@ -0,0 +1,22 @@ +$NetBSD: patch-ab,v 1.4 2008/04/03 22:36:52 tonnerre Exp $ + +Fix default display vulnerability (CVE-2008-1142). + +--- src/init.C.orig 2007-08-01 19:35:02.000000000 +0200 ++++ src/init.C +@@ -299,11 +299,13 @@ rxvt_term::init_resources (int argc, con + * Open display, get options/resources and create the window + */ + +- if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL) +- rs[Rs_display_name] = ":0"; ++ rs[Rs_display_name] = getenv ("DISPLAY"); + + get_options (r_argc, r_argv); + ++ if (!rs[Rs_display_name]) ++ rxvt_fatal ("no display given and DISPLAY not set, aborting.\n"); ++ + if (!(display = displays.get (rs[Rs_display_name]))) + rxvt_fatal ("can't open display %s, aborting.\n", rs[Rs_display_name]); + |