diff options
| author | tonnerre <tonnerre@pkgsrc.org> | 2008-04-03 22:42:33 +0000 |
|---|---|---|
| committer | tonnerre <tonnerre@pkgsrc.org> | 2008-04-03 22:42:33 +0000 |
| commit | 74b347e625de07d3285cc349c481c9da8b18b507 (patch) | |
| tree | f706fab8c2bd9ab550708e770e0b4c273652df95 /x11 | |
| parent | 2f8abc912e29863f4cbba3ef599da7f09389c5cb (diff) | |
| download | pkgsrc-74b347e625de07d3285cc349c481c9da8b18b507.tar.gz | |
Fix eterm default X11 display vulnerability (CVE-2008-1142).
Approved-by: jlam
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/eterm/Makefile | 3 | ||||
| -rw-r--r-- | x11/eterm/distinfo | 3 | ||||
| -rw-r--r-- | x11/eterm/patches/patch-ac | 30 |
3 files changed, 34 insertions, 2 deletions
diff --git a/x11/eterm/Makefile b/x11/eterm/Makefile index 8a1ab91253a..62ec9ef807b 100644 --- a/x11/eterm/Makefile +++ b/x11/eterm/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.51 2007/01/14 11:07:34 joerg Exp $ +# $NetBSD: Makefile,v 1.52 2008/04/03 22:42:33 tonnerre Exp $ DISTNAME= Eterm-0.9.4 PKGNAME= ${DISTNAME:S/^E/e/} +PKGREVISION= 1 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=eterm/} \ ftp://ftp.dti.ad.jp/pub/X/Eterm/ diff --git a/x11/eterm/distinfo b/x11/eterm/distinfo index bc85d9e758e..1d8a9beefe4 100644 --- a/x11/eterm/distinfo +++ b/x11/eterm/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.15 2006/11/25 14:01:18 sketch Exp $ +$NetBSD: distinfo,v 1.16 2008/04/03 22:42:33 tonnerre Exp $ SHA1 (Eterm-0.9.4.tar.gz) = d63628098b3aa08c8f2bc1bd756683e5fd227995 RMD160 (Eterm-0.9.4.tar.gz) = ce5d7ba74b19e3c8992d104d00f10302c3e8150e @@ -14,6 +14,7 @@ RMD160 (Eterm-bg-tile.tar.gz) = 43761cc527730a0305fd857fad1316b8fd04eefe Size (Eterm-bg-tile.tar.gz) = 1568166 bytes SHA1 (patch-aa) = 19da5e05392994a60fdf47e9d52c82fc41cefa4c SHA1 (patch-ab) = d019a18bb32f890d6de7c5bb0cdb43e7715a7d4d +SHA1 (patch-ac) = eaeed9066b546d563f7b0404afbdb9e9737d8f63 SHA1 (patch-ad) = f70a92e4eb84466e379653cbd3a9188db6d408c8 SHA1 (patch-ah) = e9a924abff857448a6d7c9281915bcf001b7451c SHA1 (patch-ai) = 94d684a490752831de2fb2aba92c0b9f461ddb5a diff --git a/x11/eterm/patches/patch-ac b/x11/eterm/patches/patch-ac new file mode 100644 index 00000000000..ba68c5f4ea5 --- /dev/null +++ b/x11/eterm/patches/patch-ac @@ -0,0 +1,30 @@ +$NetBSD: patch-ac,v 1.6 2008/04/03 22:42:33 tonnerre Exp $ + +Fix X11 privilege escalation vulnerability (CVE-2008-1142). + +--- src/startup.c.orig 2008-03-31 19:27:46.000000000 +0200 ++++ src/startup.c +@@ -95,11 +95,7 @@ eterm_bootstrap(int argc, char *argv[]) + init_libast(); + + /* Open display, get options/resources and create the window */ +- if (getenv("DISPLAY") == NULL) { +- display_name = STRDUP(":0"); +- } else { +- display_name = STRDUP(getenv("DISPLAY")); +- } ++ display_name = NULL; + + /* This MUST be called before any other Xlib functions */ + #ifdef SPIFOPT_SETTING_PREPARSE +@@ -116,7 +112,9 @@ eterm_bootstrap(int argc, char *argv[]) + privileges(REVERT); + #endif + if (!Xdisplay && !(Xdisplay = XOpenDisplay(display_name))) { +- libast_print_error("can't open display %s\n", display_name); ++ libast_print_error("can't open display %s\n", display_name?display_name: ++ getenv("DISPLAY")?getenv("DISPLAY"): ++ "as no -display given and DISPLAY not set"); + exit(EXIT_FAILURE); + } + XSetErrorHandler((XErrorHandler) xerror_handler); |