From 0e38b9b2e544a4101d4b4ed36bb92044aeef6713 Mon Sep 17 00:00:00 2001
From: Juergen Daubert <jue@jue.li>
Date: Sun, 24 Aug 2008 11:28:34 +0200
Subject: [PATCH] aterm: fix for CVE-2008-1142

---
 aterm/.md5sum                                 |  1 +
 aterm/Pkgfile                                 | 21 +++++++++------
 .../aterm-1.0.1-display-security-issue.patch  | 27 +++++++++++++++++++
 3 files changed, 41 insertions(+), 8 deletions(-)
 create mode 100644 aterm/aterm-1.0.1-display-security-issue.patch

diff --git a/aterm/.md5sum b/aterm/.md5sum
index d4882e5d4..62d819cef 100644
--- a/aterm/.md5sum
+++ b/aterm/.md5sum
@@ -1,3 +1,4 @@
+3ce0ac7af4446068694862cbb8d2e031  aterm-1.0.1-display-security-issue.patch
 b0975b4b46225544e2eac898d888c08a  aterm-1.0.1.tar.gz
 370ad2c16bc513fcc45b9ef07a0125f2  aterm-fake_root.patch
 5b2e5f14acd18893837d8734b41d505a  aterm-fkeys.patch
diff --git a/aterm/Pkgfile b/aterm/Pkgfile
index 48bc8357a..5d7609dc0 100644
--- a/aterm/Pkgfile
+++ b/aterm/Pkgfile
@@ -5,18 +5,23 @@
 
 name=aterm
 version=1.0.1
-release=1
-source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz \
-        $name-fake_root.patch $name-fkeys.patch)
+release=2
+source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz
+        $name-fake_root.patch 
+        $name-fkeys.patch 
+        $name-$version-display-security-issue.patch)
 
 build () {
     cd aterm-$version
-    patch -p1 < $SRC/$name-fake_root.patch
-    patch -p1 < $SRC/$name-fkeys.patch
+
+    patch -p1 -i $SRC/$name-$version-display-security-issue.patch
+    patch -p1 -i $SRC/$name-fake_root.patch
+    patch -p1 -i $SRC/$name-fkeys.patch
+
     cp autoconf/configure.in .
-    autoconf 
-    autoheader 
+    autoconf
+    autoheader
     ./configure --prefix=/usr --enable-fake-root --mandir=/usr/man
-    make 
+    make
     make DESTDIR=$PKG install
 }
diff --git a/aterm/aterm-1.0.1-display-security-issue.patch b/aterm/aterm-1.0.1-display-security-issue.patch
new file mode 100644
index 000000000..b59456071
--- /dev/null
+++ b/aterm/aterm-1.0.1-display-security-issue.patch
@@ -0,0 +1,27 @@
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
+# http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-terms/aterm/
+
+--- aterm-1.0.1/src/main.c	2007-08-01 16:08:29.000000000 +0200
++++ aterm-1.0.1.new/src/main.c	2008-05-03 14:06:52.000000000 +0200
+@@ -2057,10 +2057,6 @@
+  */
+     get_options(argc, argv);
+ 
+-	if( display_name == NULL )
+-    	if ((display_name = getenv("DISPLAY")) == NULL)
+-			display_name = ":0";
+-
+ #ifdef HAVE_AFTERSTEP
+ #ifdef MyArgs_IS_MACRO	
+     MyArgsPtr = safecalloc(1, sizeof(ASProgArgs) );
+@@ -2102,7 +2098,9 @@
+ 	Xdisplay = XOpenDisplay(display_name);
+     
+ 	if (!Xdisplay) {
+-		print_error("can't open display %s", display_name);
++		print_error("can't open display %s", display_name?display_name:
++				getenv("DISPLAY")?getenv("DISPLAY"):
++				"as no -d given and DISPLAY not set");
+ 		exit(EXIT_FAILURE);
+     }
+   /* changed from _MOTIF_WM_INFO - Vaevictus - gentoo bug #139554 */