diff options
| author |   Krzysztof Pawlik <nelchael@gentoo.org> | 2008-04-30 07:02:27 +0000 |
|---|---|---|
| committer | Krzysztof Pawlik <nelchael@gentoo.org> | 2008-04-30 07:02:27 +0000 |
| commit | d9f3a605222f309a48fd9f98773edffdd79914ad (patch) | |
| tree | f8b142231d24dd8aba7552b0c7190cdf05acbbcc /x11-terms/mrxvt/files | |
| parent | remove old (diff) | |
| download | historical-d9f3a605222f309a48fd9f98773edffdd79914ad.tar.gz historical-d9f3a605222f309a48fd9f98773edffdd79914ad.tar.bz2 historical-d9f3a605222f309a48fd9f98773edffdd79914ad.zip | |
Added patch to fix unsecure default DISPLAY, patch created by Gautam Iyer. See bug #219750. Dropped stable mips keyword.
Package-Manager: portage-2.1.5_rc6
Diffstat (limited to 'x11-terms/mrxvt/files')
| -rw-r--r-- | x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch b/x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch new file mode 100644 index 000000000000..69f24d88eda4 --- /dev/null +++ b/x11-terms/mrxvt/files/mrxvt-0.5.3-display-security.patch @@ -0,0 +1,64 @@ +Index: src/init.c +=================================================================== +--- src/init.c (revision 265) ++++ src/init.c (working copy) +@@ -1030,38 +1030,38 @@ + /* + * Open display, get options/resources and create the window + */ +- if (IS_NULL(rs[Rs_display_name] = getenv("DISPLAY"))) +- rs[Rs_display_name] = ":0"; +- + rxvt_get_options( r, r_argc, r_argv ); + rxvt_free( r_argv ); /* XXX memory leak? */ + + #ifdef LOCAL_X_IS_UNIX +- if( rs[Rs_display_name][0] == ':' ) ++ /* ++ * 2008-04-29 gi1242: Force UNIX sockets for security (Gentoo Bug #219750) ++ */ ++ if( IS_NULL( rs[Rs_display_name] ) ) ++ rs[Rs_display_name] = getenv( "DISPLAY" ); ++ ++ if( rs[Rs_display_name] && rs[Rs_display_name][0] == ':' ) + { +- int l = 5 + STRLEN(rs[Rs_display_name]); ++ char *val; ++ int l = 5 + STRLEN(rs[Rs_display_name]); + if (l <= 0 || l > 1024) /* possible integer overflow */ + l = 1024; ++ + val = rxvt_malloc(l); +- STRCPY(val, "unix"); +- STRNCAT(val, rs[Rs_display_name], l-5); +- val[l-1] = (char) 0; +- rxvt_msg (DBG_INFO, DBG_INIT, "Open X display %s\n", val); +- r->Xdisplay = XOpenDisplay(val); +- rxvt_free(val); ++ STRCPY( val, "unix"); ++ STRNCAT( val, rs[Rs_display_name], l-5); ++ ++ rs[Rs_display_name] = val; + } +-#endif ++#endif /* LOCAL_X_IS_UNIX */ + +- if (IS_NULL(r->Xdisplay)) ++ rxvt_msg( DBG_INFO, DBG_INIT, "Open X display %s\n", rs[Rs_display_name] ); ++ r->Xdisplay = XOpenDisplay( rs[Rs_display_name] ); ++ if( IS_NULL(r->Xdisplay) ) + { +- rxvt_msg (DBG_INFO, DBG_INIT, "Open X display %s\n", +- rs[Rs_display_name] ? rs[Rs_display_name] : "nil"); +- r->Xdisplay = XOpenDisplay( rs[Rs_display_name] ); +- if (IS_NULL(r->Xdisplay)) +- { +- rxvt_msg (DBG_ERROR, DBG_INIT, "can't open display %s", rs[Rs_display_name] ); +- exit( EXIT_FAILURE ); +- } ++ rxvt_msg( DBG_ERROR, DBG_INIT, "Error opening display %s\n", ++ rs[Rs_display_name] ); ++ exit( EXIT_FAILURE ); + } + + |