aterm: fix for CVE-2008-1142

2008-08-24 11:28:34 +02:00 · 2008-08-24 11:28:34 +02:00 · 0e38b9b2e5
commit 0e38b9b2e5
parent cfaae5f327
3 changed files with 41 additions and 8 deletions
--- a/aterm/.md5sum
+++ b/aterm/.md5sum
@ -1,3 +1,4 @@
+3ce0ac7af4446068694862cbb8d2e031  aterm-1.0.1-display-security-issue.patch
 b0975b4b46225544e2eac898d888c08a  aterm-1.0.1.tar.gz
 370ad2c16bc513fcc45b9ef07a0125f2  aterm-fake_root.patch
 5b2e5f14acd18893837d8734b41d505a  aterm-fkeys.patch
--- a/aterm/Pkgfile
+++ b/aterm/Pkgfile
@ -5,18 +5,23 @@

 name=aterm
 version=1.0.1
-release=1
-source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz \
-        $name-fake_root.patch $name-fkeys.patch)
+release=2
+source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz
+        $name-fake_root.patch 
+        $name-fkeys.patch 
+        $name-$version-display-security-issue.patch)

 build () {
    cd aterm-$version
-    patch -p1 < $SRC/$name-fake_root.patch
-    patch -p1 < $SRC/$name-fkeys.patch
+
+    patch -p1 -i $SRC/$name-$version-display-security-issue.patch
+    patch -p1 -i $SRC/$name-fake_root.patch
+    patch -p1 -i $SRC/$name-fkeys.patch
+
    cp autoconf/configure.in .
-    autoconf 
-    autoheader 
+    autoconf
+    autoheader
    ./configure --prefix=/usr --enable-fake-root --mandir=/usr/man
-    make 
+    make
    make DESTDIR=$PKG install
 }
--- a/aterm/aterm-1.0.1-display-security-issue.patch
+++ b/aterm/aterm-1.0.1-display-security-issue.patch
@ -0,0 +1,27 @@
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
+# http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/aterm/
+
+--- aterm-1.0.1/src/main.c	2007-08-01 16:08:29.000000000 +0200
+++ aterm-1.0.1.new/src/main.c	2008-05-03 14:06:52.000000000 +0200
+@@ -2057,10 +2057,6 @@
+  */
+     get_options(argc, argv);
+ 
+-	if( display_name == NULL )
+-    	if ((display_name = getenv("DISPLAY")) == NULL)
+-			display_name = ":0";
+-
+ #ifdef HAVE_AFTERSTEP
+ #ifdef MyArgs_IS_MACRO	
+     MyArgsPtr = safecalloc(1, sizeof(ASProgArgs) );
+@@ -2102,7 +2098,9 @@
+ 	Xdisplay = XOpenDisplay(display_name);
+     
+ 	if (!Xdisplay) {
+-		print_error("can't open display %s", display_name);
+		print_error("can't open display %s", display_name?display_name:
+				getenv("DISPLAY")?getenv("DISPLAY"):
+				"as no -d given and DISPLAY not set");
+ 		exit(EXIT_FAILURE);
+     }
+   /* changed from _MOTIF_WM_INFO - Vaevictus - gentoo bug #139554 */