[Frugalware-git] frugalware-current: rxvt-2.7.10-1-i686

Thu, 22 May 2008 04:41:05 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=1f044c37a80b0b9532c431c1b8d2df31c700888d

commit 1f044c37a80b0b9532c431c1b8d2df31c700888d
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date:   Thu May 22 13:40:31 2008 +0200

rxvt-2.7.10-1-i686
- version bump
- closes #2925

diff --git a/source/x11-extra/rxvt/CVE-2008-1142.patch 
b/source/x11-extra/rxvt/CVE-2008-1142.patch
new file mode 100644
index 0000000..e817f8d
--- /dev/null
+++ b/source/x11-extra/rxvt/CVE-2008-1142.patch
@@ -0,0 +1,52 @@
+# CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment 
variable is not set, which might allow local users to hijack X11 connections.)
+# Based on 
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296
+# bug 217819
+
+diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c
+--- rxvt-2.7.10.orig/rclock/rclock.c   2008-05-03 14:23:07.264082222 +0200
++++ rxvt-2.7.10/rclock/rclock.c        2008-05-03 14:24:55.433082735 +0200
+@@ -324,9 +324,6 @@
+        CheckMaildir();
+ #endif
+
+-   if ((display_name = getenv ("DISPLAY")) == NULL)
+-     display_name = ":0";
+-
+    /* parse the command line */
+    for (i = 1; i < argc; i += 2)
+      {
+@@ -424,7 +421,9 @@
+    Xdisplay = XOpenDisplay (display_name);
+    if (!Xdisplay)
+      {
+-      print_error ("can't open display %s", display_name);
++      print_error ("can't open display %s", display_name?display_name:
++                      getenv("DISPLAY")?getenv("DISPLAY"):
++                      "as no -d given and DISPLAY not set");
+       goto Abort;
+      }
+
+diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c
+--- rxvt-2.7.10.orig/src/init.c        2008-05-03 14:23:07.247082766 +0200
++++ rxvt-2.7.10/src/init.c     2008-05-03 14:43:44.705227631 +0200
+@@ -532,8 +532,7 @@
+ /*
+  * Open display, get options/resources and create the window
+  */
+-    if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL)
+-      rs[Rs_display_name] = ":0";
++    rs[Rs_display_name] = getenv("DISPLAY");
+
+     rxvt_get_options(r, r_argc, r_argv);
+     free(r_argv);
+@@ -550,7 +549,9 @@
+
+     if (r->Xdisplay == NULL
+       && (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) {
+-      rxvt_print_error("can't open display %s", rs[Rs_display_name]);
++      rxvt_print_error("can't open display %s",
++                      rs[Rs_display_name]?rs[Rs_display_name]:
++                      "as no -display option given and DISPLAY not set");
+       exit(EXIT_FAILURE);
+     }
+
diff --git a/source/x11-extra/rxvt/FrugalBuild 
b/source/x11-extra/rxvt/FrugalBuild
index a015407..72866a7 100644
--- a/source/x11-extra/rxvt/FrugalBuild
+++ b/source/x11-extra/rxvt/FrugalBuild
@@ -3,15 +3,18 @@
# Maintainer: voroskoi <[EMAIL PROTECTED]>

pkgname=rxvt
-pkgver=2.6.4
-pkgrel=2
+pkgver=2.7.10
+pkgrel=1
pkgdesc="rxvt is a colour vt102 terminal emulator"
url="http://sourceforge.net/projects/rxvt";
depends=('libx11' 'libxt')
groups=('x11-extra')
archs=('i686' 'x86_64')
Finclude sourceforge
-sha1sums=('8cb4f01b131136b999f7b6c9d8674288fc5c18bc')
+up2date="lynx -dump 
http://sourceforge.net/project/showfiles.php?group_id=221|grep Latest|sed -n 
's/.*]\(.*\) \[.*\].*/\1/;s/-/_/g;$ p'"
+source=($source CVE-2008-1142.patch)
+sha1sums=('dabb960d94703d4f81e9a9a50749210a2977ef2b' \
+          '57a89c98ce1cfd725d19d4148439b8bf72faba97')
Fconfopts="$Fconfopts --with-term=rxvt"

# optimization OK
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to