1 |
nelchael 08/04/30 07:02:28 |
2 |
|
3 |
Added: mrxvt-0.5.3-display-security.patch |
4 |
Log: |
5 |
Added patch to fix unsecure default DISPLAY, patch created by Gautam Iyer. See bug #219750. Dropped stable mips keyword. |
6 |
(Portage version: 2.1.5_rc6) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: mrxvt-0.5.3-display-security.patch |
15 |
=================================================================== |
16 |
Index: src/init.c |
17 |
=================================================================== |
18 |
--- src/init.c (revision 265) |
19 |
+++ src/init.c (working copy) |
20 |
@@ -1030,38 +1030,38 @@ |
21 |
/* |
22 |
* Open display, get options/resources and create the window |
23 |
*/ |
24 |
- if (IS_NULL(rs[Rs_display_name] = getenv("DISPLAY"))) |
25 |
- rs[Rs_display_name] = ":0"; |
26 |
- |
27 |
rxvt_get_options( r, r_argc, r_argv ); |
28 |
rxvt_free( r_argv ); /* XXX memory leak? */ |
29 |
|
30 |
#ifdef LOCAL_X_IS_UNIX |
31 |
- if( rs[Rs_display_name][0] == ':' ) |
32 |
+ /* |
33 |
+ * 2008-04-29 gi1242: Force UNIX sockets for security (Gentoo Bug #219750) |
34 |
+ */ |
35 |
+ if( IS_NULL( rs[Rs_display_name] ) ) |
36 |
+ rs[Rs_display_name] = getenv( "DISPLAY" ); |
37 |
+ |
38 |
+ if( rs[Rs_display_name] && rs[Rs_display_name][0] == ':' ) |
39 |
{ |
40 |
- int l = 5 + STRLEN(rs[Rs_display_name]); |
41 |
+ char *val; |
42 |
+ int l = 5 + STRLEN(rs[Rs_display_name]); |
43 |
if (l <= 0 || l > 1024) /* possible integer overflow */ |
44 |
l = 1024; |
45 |
+ |
46 |
val = rxvt_malloc(l); |
47 |
- STRCPY(val, "unix"); |
48 |
- STRNCAT(val, rs[Rs_display_name], l-5); |
49 |
- val[l-1] = (char) 0; |
50 |
- rxvt_msg (DBG_INFO, DBG_INIT, "Open X display %s\n", val); |
51 |
- r->Xdisplay = XOpenDisplay(val); |
52 |
- rxvt_free(val); |
53 |
+ STRCPY( val, "unix"); |
54 |
+ STRNCAT( val, rs[Rs_display_name], l-5); |
55 |
+ |
56 |
+ rs[Rs_display_name] = val; |
57 |
} |
58 |
-#endif |
59 |
+#endif /* LOCAL_X_IS_UNIX */ |
60 |
|
61 |
- if (IS_NULL(r->Xdisplay)) |
62 |
+ rxvt_msg( DBG_INFO, DBG_INIT, "Open X display %s\n", rs[Rs_display_name] ); |
63 |
+ r->Xdisplay = XOpenDisplay( rs[Rs_display_name] ); |
64 |
+ if( IS_NULL(r->Xdisplay) ) |
65 |
{ |
66 |
- rxvt_msg (DBG_INFO, DBG_INIT, "Open X display %s\n", |
67 |
- rs[Rs_display_name] ? rs[Rs_display_name] : "nil"); |
68 |
- r->Xdisplay = XOpenDisplay( rs[Rs_display_name] ); |
69 |
- if (IS_NULL(r->Xdisplay)) |
70 |
- { |
71 |
- rxvt_msg (DBG_ERROR, DBG_INIT, "can't open display %s", rs[Rs_display_name] ); |
72 |
- exit( EXIT_FAILURE ); |
73 |
- } |
74 |
+ rxvt_msg( DBG_ERROR, DBG_INIT, "Error opening display %s\n", |
75 |
+ rs[Rs_display_name] ); |
76 |
+ exit( EXIT_FAILURE ); |
77 |
} |
78 |
|
79 |
|
80 |
|
81 |
|
82 |
|
83 |
-- |
84 |
gentoo-commits@l.g.o mailing list |