Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=1f044c37a80b0b9532c431c1b8d2df31c700888d
commit 1f044c37a80b0b9532c431c1b8d2df31c700888d Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Thu May 22 13:40:31 2008 +0200 rxvt-2.7.10-1-i686 - version bump - closes #2925 diff --git a/source/x11-extra/rxvt/CVE-2008-1142.patch b/source/x11-extra/rxvt/CVE-2008-1142.patch new file mode 100644 index 0000000..e817f8d --- /dev/null +++ b/source/x11-extra/rxvt/CVE-2008-1142.patch @@ -0,0 +1,52 @@ +# CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.) +# Based on http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296 +# bug 217819 + +diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c +--- rxvt-2.7.10.orig/rclock/rclock.c 2008-05-03 14:23:07.264082222 +0200 ++++ rxvt-2.7.10/rclock/rclock.c 2008-05-03 14:24:55.433082735 +0200 +@@ -324,9 +324,6 @@ + CheckMaildir(); + #endif + +- if ((display_name = getenv ("DISPLAY")) == NULL) +- display_name = ":0"; +- + /* parse the command line */ + for (i = 1; i < argc; i += 2) + { +@@ -424,7 +421,9 @@ + Xdisplay = XOpenDisplay (display_name); + if (!Xdisplay) + { +- print_error ("can't open display %s", display_name); ++ print_error ("can't open display %s", display_name?display_name: ++ getenv("DISPLAY")?getenv("DISPLAY"): ++ "as no -d given and DISPLAY not set"); + goto Abort; + } + +diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c +--- rxvt-2.7.10.orig/src/init.c 2008-05-03 14:23:07.247082766 +0200 ++++ rxvt-2.7.10/src/init.c 2008-05-03 14:43:44.705227631 +0200 +@@ -532,8 +532,7 @@ + /* + * Open display, get options/resources and create the window + */ +- if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL) +- rs[Rs_display_name] = ":0"; ++ rs[Rs_display_name] = getenv("DISPLAY"); + + rxvt_get_options(r, r_argc, r_argv); + free(r_argv); +@@ -550,7 +549,9 @@ + + if (r->Xdisplay == NULL + && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) { +- rxvt_print_error("can't open display %s", rs[Rs_display_name]); ++ rxvt_print_error("can't open display %s", ++ rs[Rs_display_name]?rs[Rs_display_name]: ++ "as no -display option given and DISPLAY not set"); + exit(EXIT_FAILURE); + } + diff --git a/source/x11-extra/rxvt/FrugalBuild b/source/x11-extra/rxvt/FrugalBuild index a015407..72866a7 100644 --- a/source/x11-extra/rxvt/FrugalBuild +++ b/source/x11-extra/rxvt/FrugalBuild @@ -3,15 +3,18 @@ # Maintainer: voroskoi <[EMAIL PROTECTED]> pkgname=rxvt -pkgver=2.6.4 -pkgrel=2 +pkgver=2.7.10 +pkgrel=1 pkgdesc="rxvt is a colour vt102 terminal emulator" url="http://sourceforge.net/projects/rxvt" depends=('libx11' 'libxt') groups=('x11-extra') archs=('i686' 'x86_64') Finclude sourceforge -sha1sums=('8cb4f01b131136b999f7b6c9d8674288fc5c18bc') +up2date="lynx -dump http://sourceforge.net/project/showfiles.php?group_id=221|grep Latest|sed -n 's/.*]\(.*\) \[.*\].*/\1/;s/-/_/g;$ p'" +source=($source CVE-2008-1142.patch) +sha1sums=('dabb960d94703d4f81e9a9a50749210a2977ef2b' \ + '57a89c98ce1cfd725d19d4148439b8bf72faba97') Fconfopts="$Fconfopts --with-term=rxvt" # optimization OK _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git