From d9adba35ba1e54310d3ddd859df5f3e986471695 Mon Sep 17 00:00:00 2001 From: tonnerre Date: Thu, 3 Apr 2008 22:33:00 +0000 Subject: Fix for default display choosing vulnerability (CVE-2008-1142). Approved-by: jlam --- x11/rxvt/Makefile | 4 ++-- x11/rxvt/distinfo | 3 ++- x11/rxvt/patches/patch-am | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 x11/rxvt/patches/patch-am (limited to 'x11/rxvt') diff --git a/x11/rxvt/Makefile b/x11/rxvt/Makefile index f5f3019fcaa..bb00e183322 100644 --- a/x11/rxvt/Makefile +++ b/x11/rxvt/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.52 2007/12/02 11:49:55 wiz Exp $ +# $NetBSD: Makefile,v 1.53 2008/04/03 22:33:00 tonnerre Exp $ DISTNAME= rxvt-2.7.10 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= x11 MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=rxvt/} \ ftp://mason.primenet.com.au/pub/rxvt/ diff --git a/x11/rxvt/distinfo b/x11/rxvt/distinfo index c8ecdb372a7..dd9dae3d129 100644 --- a/x11/rxvt/distinfo +++ b/x11/rxvt/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.20 2006/06/20 13:07:20 martin Exp $ +$NetBSD: distinfo,v 1.21 2008/04/03 22:33:00 tonnerre Exp $ SHA1 (rxvt-2.7.10.tar.bz2) = 16eae23c3227e28e5e7a53a58eaa3226affe65f9 RMD160 (rxvt-2.7.10.tar.bz2) = 83fab8df589e2413ba820d04bafb069e6af8c445 @@ -15,3 +15,4 @@ SHA1 (patch-ai) = 0f3e800efc5b87243208de9fb9fafe9abde73201 SHA1 (patch-aj) = 43ca25f034e6160f3a3dabbf1488df31cdecf95b SHA1 (patch-ak) = 960d0bd263a6b8776df93603dc5322b685a6afae SHA1 (patch-al) = 7107ec12205d0a5011a5828f8d30fbd577de41b7 +SHA1 (patch-am) = db69ba3b6754454613aa4aec61c1b033d7e013ae diff --git a/x11/rxvt/patches/patch-am b/x11/rxvt/patches/patch-am new file mode 100644 index 00000000000..6819f36cf8f --- /dev/null +++ b/x11/rxvt/patches/patch-am @@ -0,0 +1,34 @@ +$NetBSD: patch-am,v 1.1 2008/04/03 22:33:00 tonnerre Exp $ + +Remove the default display :0 (solves CVE-2008-1142) + +--- src/init.c.orig 2002-12-04 06:21:39.000000000 +0100 ++++ src/init.c +@@ -532,14 +532,13 @@ rxvt_init_resources(rxvt_t *r, int argc, + /* + * Open display, get options/resources and create the window + */ +- if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL) +- rs[Rs_display_name] = ":0"; ++ rs[Rs_display_name] = getenv("DISPLAY"); + + rxvt_get_options(r, r_argc, r_argv); + free(r_argv); + + #ifdef LOCAL_X_IS_UNIX +- if (rs[Rs_display_name][0] == ':') { ++ if (rs[Rs_display_name] && rs[Rs_display_name][0] == ':') { + val = rxvt_malloc(5 + STRLEN(rs[Rs_display_name])); + STRCPY(val, "unix"); + STRCAT(val, rs[Rs_display_name]); +@@ -550,7 +549,9 @@ rxvt_init_resources(rxvt_t *r, int argc, + + if (r->Xdisplay == NULL + && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) { +- rxvt_print_error("can't open display %s", rs[Rs_display_name]); ++ rxvt_print_error("can't open display %s", rs[Rs_display_name] ? ++ rs[Rs_display_name] : getenv("DISPLAY")?getenv("DISPLAY") : ++ "as no -display given and DISPLAY not set"); + exit(EXIT_FAILURE); + } + -- cgit v1.2.3