r1949 - trunk/rxvt-unicode

Wed, 14 May 2008 05:37:44 -0700 

Author: randy
Date: 2008-05-14 06:37:33 -0600 (Wed, 14 May 2008)
New Revision: 1949

Added:
   trunk/rxvt-unicode/rxvt-unicode-9.02-DISPLAY_fix-1.patch
Log:
Added an rxvt-unicode patch which fixed a vulnerability

Added: trunk/rxvt-unicode/rxvt-unicode-9.02-DISPLAY_fix-1.patch
===================================================================
--- trunk/rxvt-unicode/rxvt-unicode-9.02-DISPLAY_fix-1.patch                    
        (rev 0)
+++ trunk/rxvt-unicode/rxvt-unicode-9.02-DISPLAY_fix-1.patch    2008-05-14 
12:37:33 UTC (rev 1949)
@@ -0,0 +1,37 @@
+Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
+Date:                    2008-05-14
+Initial Package Version: 9.02
+Upstream Status:         Unknown (nothing mentioned in upstream mailing list
+                         logs or added to upstream CVS)
+Origin:                  
http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/rxvt-unicode/files/rxvt-unicode-9.02-CVE-2008-1142-DISPLAY.patch?rev=1.1&view=markup
+                         submitted to BLFS-Dev by Ag
+
+Description:             Fixes an expoitable vulnerability described at
+                         http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142
+
+
+diff -urN rxvt-unicode-9.02.orig/src/init.C rxvt-unicode-9.02/src/init.C
+--- rxvt-unicode-9.02.orig/src/init.C  2008-05-04 20:16:26.000000000 +0200
++++ rxvt-unicode-9.02/src/init.C       2008-05-04 20:24:14.000000000 +0200
+@@ -372,15 +372,16 @@
+    * Open display, get options/resources and create the window
+    */
+ 
+-  if ((rs[Rs_display_name] = getenv ("DISPLAY")) == NULL)
+-    rs[Rs_display_name] = ":0";
++  rs[Rs_display_name] = getenv ("DISPLAY");
+ 
+   get_options (r_argc, r_argv);
+ 
+-  if (!(display = displays.get (rs[Rs_display_name])))
++  if (!rs[Rs_display_name] || !(display = displays.get (rs[Rs_display_name])))
+     {
+       free (r_argv);
+-      rxvt_fatal ("can't open display %s, aborting.\n", rs[Rs_display_name]);
++      rxvt_fatal ("can't open display %s, aborting.\n", 
++                  (rs[Rs_display_name] ? rs[Rs_display_name] : 
++                   "as no -display option given and DISPLAY not set"));
+     }
+ 
+   // using a local pointer decreases code size a lot
+

-- 
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to