[pkgsrc/trunk]: pkgsrc/x11/wterm Don't try to use the X11 display ":0" if the...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e839054ac4bf
branches:  trunk
changeset: 542596:e839054ac4bf
user:      tron <tron%pkgsrc.org@localhost>
date:      Thu May 22 12:30:44 2008 +0000

description:
Don't try to use the X11 display ":0" if the display not defined because
":0" might not belong to current user. This fixes CVE-2008-1142.

diffstat:

 x11/wterm/Makefile         |   4 ++--
 x11/wterm/distinfo         |   3 ++-
 x11/wterm/patches/patch-af |  17 +++++++++++++++++
 3 files changed, 21 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r 5e07d549a2e9 -r e839054ac4bf x11/wterm/Makefile
--- a/x11/wterm/Makefile        Thu May 22 12:11:04 2008 +0000
+++ b/x11/wterm/Makefile        Thu May 22 12:30:44 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2008/01/15 12:52:51 obache Exp $
+# $NetBSD: Makefile,v 1.35 2008/05/22 12:30:44 tron Exp $
 
 DISTNAME=      wterm-6.2.9
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    x11 windowmaker
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=wterm/}
 
diff -r 5e07d549a2e9 -r e839054ac4bf x11/wterm/distinfo
--- a/x11/wterm/distinfo        Thu May 22 12:11:04 2008 +0000
+++ b/x11/wterm/distinfo        Thu May 22 12:30:44 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2008/01/15 12:52:51 obache Exp $
+$NetBSD: distinfo,v 1.11 2008/05/22 12:30:44 tron Exp $
 
 SHA1 (wterm-6.2.9.tar.gz) = e3624d44c70f143ec77a6089ce4074357a9c3ae8
 RMD160 (wterm-6.2.9.tar.gz) = 954c6264998456e90a62e25089fb5adc3924b2a8
@@ -8,3 +8,4 @@
 SHA1 (patch-ac) = 5dd3db02b265872c6cfb8dc8e47957c3bdfe8224
 SHA1 (patch-ad) = 2f5e03a8f8096358050cf5fb9f27b5e590d77f58
 SHA1 (patch-ae) = 55237ec4c7aa49c313cc0811f345249eeff0f0ed
+SHA1 (patch-af) = f11833b22911f758e7bba214ec6e2bb6943c0f90
diff -r 5e07d549a2e9 -r e839054ac4bf x11/wterm/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wterm/patches/patch-af        Thu May 22 12:30:44 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-af,v 1.1 2008/05/22 12:30:44 tron Exp $
+
+--- src/main.c.orig    2001-08-17 05:47:41.000000000 +0100
++++ src/main.c 2008-05-22 13:20:38.000000000 +0100
+@@ -1444,8 +1444,10 @@
+ /*
+  * Open display, get options/resources and create the window
+  */
+-    if ((display_name = getenv("DISPLAY")) == NULL)
+-      display_name = ":0";
++    if ((display_name = getenv("DISPLAY")) == NULL) {
++      print_error("display not defined");
++      exit(EXIT_FAILURE);
++    }
+ 
+     get_options(argc, argv);
+