[pkgsrc/pkgsrc-2008Q1]: pkgsrc/x11/wterm pullup ticket #2396 - requested by tron

[rtr <rtr%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9483227e7b74
branches:  pkgsrc-2008Q1
changeset: 540374:9483227e7b74
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Fri May 23 11:15:58 2008 +0000

description:
pullup ticket #2396 - requested by tron
wterm: security fix

revisions pulled up:
- pkgsrc/x11/wterm/Makefile             1.35
- pkgsrc/x11/wterm/distinfo             1.11
- pkgsrc/x11/wterm/patches/patch-af     1.1

   Module Name: pkgsrc
   Committed By:        tron
   Date:                Thu May 22 12:30:44 UTC 2008

   Modified Files:
        pkgsrc/x11/wterm: Makefile distinfo
   Added Files:
        pkgsrc/x11/wterm/patches: patch-af

   Log Message:
   Don't try to use the X11 display ":0" if the display not defined because
   ":0" might not belong to current user. This fixes CVE-2008-1142.

diffstat:

 x11/wterm/Makefile         |   4 ++--
 x11/wterm/distinfo         |   3 ++-
 x11/wterm/patches/patch-af |  17 +++++++++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r bd7fdeaa1bac -r 9483227e7b74 x11/wterm/Makefile
--- a/x11/wterm/Makefile        Fri May 23 10:26:16 2008 +0000
+++ b/x11/wterm/Makefile        Fri May 23 11:15:58 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2008/01/15 12:52:51 obache Exp $
+# $NetBSD: Makefile,v 1.34.2.1 2008/05/23 11:15:58 rtr Exp $
 
 DISTNAME=      wterm-6.2.9
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    x11 windowmaker
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=wterm/}
 
diff -r bd7fdeaa1bac -r 9483227e7b74 x11/wterm/distinfo
--- a/x11/wterm/distinfo        Fri May 23 10:26:16 2008 +0000
+++ b/x11/wterm/distinfo        Fri May 23 11:15:58 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2008/01/15 12:52:51 obache Exp $
+$NetBSD: distinfo,v 1.10.2.1 2008/05/23 11:15:58 rtr Exp $
 
 SHA1 (wterm-6.2.9.tar.gz) = e3624d44c70f143ec77a6089ce4074357a9c3ae8
 RMD160 (wterm-6.2.9.tar.gz) = 954c6264998456e90a62e25089fb5adc3924b2a8
@@ -8,3 +8,4 @@
 SHA1 (patch-ac) = 5dd3db02b265872c6cfb8dc8e47957c3bdfe8224
 SHA1 (patch-ad) = 2f5e03a8f8096358050cf5fb9f27b5e590d77f58
 SHA1 (patch-ae) = 55237ec4c7aa49c313cc0811f345249eeff0f0ed
+SHA1 (patch-af) = f11833b22911f758e7bba214ec6e2bb6943c0f90
diff -r bd7fdeaa1bac -r 9483227e7b74 x11/wterm/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wterm/patches/patch-af        Fri May 23 11:15:58 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-af,v 1.1.2.2 2008/05/23 11:15:58 rtr Exp $
+
+--- src/main.c.orig    2001-08-17 05:47:41.000000000 +0100
++++ src/main.c 2008-05-22 13:20:38.000000000 +0100
+@@ -1444,8 +1444,10 @@
+ /*
+  * Open display, get options/resources and create the window
+  */
+-    if ((display_name = getenv("DISPLAY")) == NULL)
+-      display_name = ":0";
++    if ((display_name = getenv("DISPLAY")) == NULL) {
++      print_error("display not defined");
++      exit(EXIT_FAILURE);
++    }
+ 
+     get_options(argc, argv);
+