[gentoo-commits] gentoo-x86 commit in x11-terms/rxvt/files: rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch - gentoo-commits

From:	"Christian Hoffmann (hoffie)" <hoffie@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in x11-terms/rxvt/files: rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch
Date:	Sat, 03 May 2008 12:55:07
Message-Id:	`E1JsHGa-0005Jo-MO@stork.gentoo.org`

1

hoffie      08/05/03 12:55:04

2

3

  Added:                rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch

4

  Log:

5

  revbump to include a patch to fix CVE-2008-1142 (do not default to :0 if DISPLAY is unset), bug 217819; stable on amd64

6

  (Portage version: 2.1.5_rc6, RepoMan options: --force)

7

8

Revision  Changes    Path

9

1.1                  x11-terms/rxvt/files/rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt/files/rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt/files/rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch?rev=1.1&content-type=text/plain

13

14

Index: rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch

15

===================================================================

16

# CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.)

17

# Based on http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296

18

# bug 217819

19

20

diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c

21

--- rxvt-2.7.10.orig/rclock/rclock.c	2008-05-03 14:23:07.264082222 +0200

22

+++ rxvt-2.7.10/rclock/rclock.c	2008-05-03 14:24:55.433082735 +0200

23

@@ -324,9 +324,6 @@

24

        CheckMaildir();

25

 #endif

26

27

-   if ((display_name = getenv ("DISPLAY")) == NULL)

28

-     display_name = ":0";

29

-

30

    /* parse the command line */

31

    for (i = 1; i < argc; i += 2)

32

{

33

@@ -424,7 +421,9 @@

34

    Xdisplay = XOpenDisplay (display_name);

35

    if (!Xdisplay)

36

{

37

-	print_error ("can't open display %s", display_name);

38

+	print_error ("can't open display %s", display_name?display_name:

39

+			getenv("DISPLAY")?getenv("DISPLAY"):

40

+			"as no -d given and DISPLAY not set");

41

 	goto Abort;

42

}

43

44

diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c

45

--- rxvt-2.7.10.orig/src/init.c	2008-05-03 14:23:07.247082766 +0200

46

+++ rxvt-2.7.10/src/init.c	2008-05-03 14:43:44.705227631 +0200

47

@@ -532,8 +532,7 @@

48

/*

49

  * Open display, get options/resources and create the window

50

*/

51

-    if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL)

52

-	rs[Rs_display_name] = ":0";

53

+    rs[Rs_display_name] = getenv("DISPLAY");

54

55

     rxvt_get_options(r, r_argc, r_argv);

56

     free(r_argv);

57

@@ -550,7 +549,9 @@

58

59

     if (r->Xdisplay == NULL

60

 	&& (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) {

61

-	rxvt_print_error("can't open display %s", rs[Rs_display_name]);

62

+	rxvt_print_error("can't open display %s",

63

+			rs[Rs_display_name]?rs[Rs_display_name]:

64

+			"as no -display option given and DISPLAY not set");

65

 	exit(EXIT_FAILURE);

66

}

--

72

gentoo-commits@l.g.o mailing list

1	hoffie 08/05/03 12:55:04
2
3	Added: rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch
4	Log:
5	revbump to include a patch to fix CVE-2008-1142 (do not default to :0 if DISPLAY is unset), bug 217819; stable on amd64
6	(Portage version: 2.1.5_rc6, RepoMan options: --force)
7
8	Revision Changes Path
9	1.1 x11-terms/rxvt/files/rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt/files/rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt/files/rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch?rev=1.1&content-type=text/plain
13
14	Index: rxvt-2.7.10-CVE-2008-1142-DISPLAY.patch
15	===================================================================
16	# CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.)
17	# Based on http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=41;filename=diff;att=1;bug=469296
18	# bug 217819
19
20	diff -Naur rxvt-2.7.10.orig/rclock/rclock.c rxvt-2.7.10/rclock/rclock.c
21	--- rxvt-2.7.10.orig/rclock/rclock.c 2008-05-03 14:23:07.264082222 +0200
22	+++ rxvt-2.7.10/rclock/rclock.c 2008-05-03 14:24:55.433082735 +0200
23	@@ -324,9 +324,6 @@
24	CheckMaildir();
25	#endif
26
27	- if ((display_name = getenv ("DISPLAY")) == NULL)
28	- display_name = ":0";
29	-
30	/* parse the command line */
31	for (i = 1; i < argc; i += 2)
32	{
33	@@ -424,7 +421,9 @@
34	Xdisplay = XOpenDisplay (display_name);
35	if (!Xdisplay)
36	{
37	- print_error ("can't open display %s", display_name);
38	+ print_error ("can't open display %s", display_name?display_name:
39	+ getenv("DISPLAY")?getenv("DISPLAY"):
40	+ "as no -d given and DISPLAY not set");
41	goto Abort;
42	}
43
44	diff -Naur rxvt-2.7.10.orig/src/init.c rxvt-2.7.10/src/init.c
45	--- rxvt-2.7.10.orig/src/init.c 2008-05-03 14:23:07.247082766 +0200
46	+++ rxvt-2.7.10/src/init.c 2008-05-03 14:43:44.705227631 +0200
47	@@ -532,8 +532,7 @@
48	/*
49	* Open display, get options/resources and create the window
50	*/
51	- if ((rs[Rs_display_name] = getenv("DISPLAY")) == NULL)
52	- rs[Rs_display_name] = ":0";
53	+ rs[Rs_display_name] = getenv("DISPLAY");
54
55	rxvt_get_options(r, r_argc, r_argv);
56	free(r_argv);
57	@@ -550,7 +549,9 @@
58
59	if (r->Xdisplay == NULL
60	&& (r->Xdisplay = XOpenDisplay(rs[Rs_display_name])) == NULL) {
61	- rxvt_print_error("can't open display %s", rs[Rs_display_name]);
62	+ rxvt_print_error("can't open display %s",
63	+ rs[Rs_display_name]?rs[Rs_display_name]:
64	+ "as no -display option given and DISPLAY not set");
65	exit(EXIT_FAILURE);
66	}
67
68
69
70
71	--
72	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits