[pkgsrc/trunk]: pkgsrc/x11/rxvt-unicode Fix rxvt-unicode default display vuln...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/57b90f1b3759
branches:  trunk
changeset: 540240:57b90f1b3759
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Thu Apr 03 22:36:52 2008 +0000

description:
Fix rxvt-unicode default display vulnerability (CVE-2008-1142).
Approved-by: jlam

diffstat:

 x11/rxvt-unicode/Makefile         |   4 ++--
 x11/rxvt-unicode/distinfo         |   3 ++-
 x11/rxvt-unicode/patches/patch-ab |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r 03e4faaa3007 -r 57b90f1b3759 x11/rxvt-unicode/Makefile
--- a/x11/rxvt-unicode/Makefile Thu Apr 03 22:33:47 2008 +0000
+++ b/x11/rxvt-unicode/Makefile Thu Apr 03 22:36:52 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2008/02/21 02:41:56 tnn Exp $
+# $NetBSD: Makefile,v 1.22 2008/04/03 22:36:52 tonnerre Exp $
 #
 
 DISTNAME=              rxvt-unicode-8.3
-PKGREVISION=           2
+PKGREVISION=           3
 CATEGORIES=            x11
 MASTER_SITES=          http://dist.schmorp.de/rxvt-unicode/ \
                        http://dist.schmorp.de/rxvt-unicode/Attic/
diff -r 03e4faaa3007 -r 57b90f1b3759 x11/rxvt-unicode/distinfo
--- a/x11/rxvt-unicode/distinfo Thu Apr 03 22:33:47 2008 +0000
+++ b/x11/rxvt-unicode/distinfo Thu Apr 03 22:36:52 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.10 2007/08/06 10:02:27 ghen Exp $
+$NetBSD: distinfo,v 1.11 2008/04/03 22:36:52 tonnerre Exp $
 
 SHA1 (rxvt-unicode-8.3.tar.bz2) = cd335c47543ba086585a296ca0fe7445c07120dd
 RMD160 (rxvt-unicode-8.3.tar.bz2) = 000dbcb1ff297edbff0a8b21dbbba3db30854579
 Size (rxvt-unicode-8.3.tar.bz2) = 885212 bytes
 SHA1 (patch-aa) = e5760c57a6b47780ee851efe09dda5f2f02fca40
+SHA1 (patch-ab) = 2bfbffea8d63ebd65bfa9b0dc43a1901f844137e
diff -r 03e4faaa3007 -r 57b90f1b3759 x11/rxvt-unicode/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/rxvt-unicode/patches/patch-ab Thu Apr 03 22:36:52 2008 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.4 2008/04/03 22:36:52 tonnerre Exp $
+
+Fix default display vulnerability (CVE-2008-1142).
+
+--- src/init.C.orig    2007-08-01 19:35:02.000000000 +0200
++++ src/init.C
+@@ -299,11 +299,13 @@ rxvt_term::init_resources (int argc, con
+    * Open display, get options/resources and create the window
+    */
+ 
+-  if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL)
+-    rs[Rs_display_name] = ":0";
++  rs[Rs_display_name] = getenv ("DISPLAY");
+ 
+   get_options (r_argc, r_argv);
+ 
++  if (!rs[Rs_display_name])
++    rxvt_fatal ("no display given and DISPLAY not set, aborting.\n");
++
+   if (!(display = displays.get (rs[Rs_display_name])))
+     rxvt_fatal ("can't open display %s, aborting.\n", rs[Rs_display_name]);
+