diff options
author | Eitan Adler <eadler@FreeBSD.org> | 2012-01-21 23:11:04 +0000 |
---|---|---|
committer | Eitan Adler <eadler@FreeBSD.org> | 2012-01-21 23:11:04 +0000 |
commit | 459f0e50785f65955c1d48038d935b8aeb34ceae (patch) | |
tree | 6c3a6cce199562fbb98398e7e85dc280970acf31 | |
parent | 956a6b714ef438ff6d4ccd55888e67571d05d0fe (diff) | |
download | ports-459f0e50785f65955c1d48038d935b8aeb34ceae.tar.gz ports-459f0e50785f65955c1d48038d935b8aeb34ceae.zip |
Notes
-rw-r--r-- | x11/xrdb/Makefile | 3 | ||||
-rw-r--r-- | x11/xrdb/distinfo | 4 | ||||
-rw-r--r-- | x11/xrdb/files/patch-xrdb.c | 178 |
3 files changed, 3 insertions, 182 deletions
diff --git a/x11/xrdb/Makefile b/x11/xrdb/Makefile index 3fe31220e5cd..2ebf34cf1744 100644 --- a/x11/xrdb/Makefile +++ b/x11/xrdb/Makefile @@ -6,8 +6,7 @@ # PORTNAME= xrdb -PORTVERSION= 1.0.6 -PORTREVISION= 1 +PORTVERSION= 1.0.9 CATEGORIES= x11 MAINTAINER= x11@FreeBSD.org diff --git a/x11/xrdb/distinfo b/x11/xrdb/distinfo index 7bb4881f7e17..89753bee76b1 100644 --- a/x11/xrdb/distinfo +++ b/x11/xrdb/distinfo @@ -1,2 +1,2 @@ -SHA256 (xorg/app/xrdb-1.0.6.tar.bz2) = 8d062a3764665fcf22b14df4a5aca6af1e6d7d613296875b31b68e74ef66fc99 -SIZE (xorg/app/xrdb-1.0.6.tar.bz2) = 108542 +SHA256 (xorg/app/xrdb-1.0.9.tar.bz2) = 642401e12996efe3e5e5307a245e24c282b94a44c1f147e177c8484b862aeab7 +SIZE (xorg/app/xrdb-1.0.9.tar.bz2) = 118971 diff --git a/x11/xrdb/files/patch-xrdb.c b/x11/xrdb/files/patch-xrdb.c deleted file mode 100644 index 6fa62c4f22a1..000000000000 --- a/x11/xrdb/files/patch-xrdb.c +++ /dev/null @@ -1,178 +0,0 @@ -From 1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 Mon Sep 17 00:00:00 2001 -From: Matthias Hopf <mhopf@suse.de> -Date: Tue, 01 Mar 2011 18:37:34 +0000 -Subject: Create shell-escape-safe cpp options in the non-pathetic-cpp case. - -Fixes CVE-2011-0465. - -Signed-off-by: Matthias Hopf <mhopf@suse.de> -Reviewed-by: Adam Jackson <ajax@redhat.com> ---- -diff --git a/xrdb.c b/xrdb.c -index c3ef0fd..ea698b9 100644 ---- xrdb.c -+++ xrdb.c -@@ -142,6 +142,8 @@ static Entries newDB; - - static void fatal(char *, ...); - static void addstring ( String *arg, const char *s ); -+static void addescapedstring ( String *arg, const char *s ); -+static void addtokstring ( String *arg, const char *s ); - static void FormatEntries ( Buffer *buffer, Entries *entries ); - static void StoreProperty ( Display *dpy, Window root, Atom res_prop ); - static void Process ( int scrno, Bool doScreen, Bool execute ); -@@ -433,14 +435,20 @@ AddDef(String *buff, char *title, char *value) - addstring(buff, " -D"); - } else - addstring(buff, "-D"); -- addstring(buff, title); -+ addtokstring(buff, title); - if (value && (value[0] != '\0')) { - addstring(buff, "="); -- addstring(buff, value); -+ addescapedstring(buff, value); - } - } - - static void -+AddSimpleDef(String *buff, char *title) -+{ -+ AddDef(buff, title, (char *)NULL); -+} -+ -+static void - AddDefQ(String *buff, char *title, char *value) - { - #ifdef PATHETICCPP -@@ -449,8 +457,9 @@ AddDefQ(String *buff, char *title, char *value) - else - #endif - if (value && (value[0] != '\0')) { -- AddDef(buff, title, "\""); -- addstring(buff, value); -+ AddSimpleDef(buff, title); -+ addstring(buff, "=\""); -+ addescapedstring(buff, value); - addstring(buff, "\""); - } else - AddDef(buff, title, NULL); -@@ -465,24 +474,28 @@ AddNum(String *buff, char *title, int value) - } - - static void --AddSimpleDef(String *buff, char *title) -+AddDefTok(String *buff, char *prefix, char *title) - { -- AddDef(buff, title, (char *)NULL); -+ char name[512]; -+ -+ snprintf(name, sizeof(name), "%s%s", prefix, title); -+ AddSimpleDef(buff, name); - } - - static void --AddDefTok(String *buff, char *prefix, char *title) -+AddDefHostname(String *buff, char *title, char *value) - { - char *s; - char name[512]; - char c; - -- snprintf(name, sizeof(name), "%s%s", prefix, title); -+ strncpy (name, value, sizeof(name)-1); -+ name[sizeof(name)-1] = '\0'; - for (s = name; (c = *s); s++) { -- if (!isalpha(c) && !isdigit(c) && c != '_') -+ if (!isalpha(c) && !isdigit(c) && c != '_' && c != '.' && c != ':' && c != '-') - *s = '_'; - } -- AddSimpleDef(buff, name); -+ AddDef(buff, title, name); - } - - static void -@@ -502,7 +515,7 @@ AddUndef(String *buff, char *title) - addstring(buff, " -U"); - } else - addstring(buff, "-U"); -- addstring(buff, title); -+ addtokstring(buff, title); - } - - static void -@@ -565,11 +578,11 @@ DoDisplayDefines(Display *display, String *defs, char *host) - } - if (!*server || !strcmp(server, "unix") || !strcmp(server, "localhost")) - strcpy(server, client); -- AddDef(defs, "HOST", server); /* R3 compatibility */ -- AddDef(defs, "SERVERHOST", server); -+ AddDefHostname(defs, "HOST", server); /* R3 compatibility */ -+ AddDefHostname(defs, "SERVERHOST", server); - AddDefTok(defs, "SRVR_", server); - AddNum(defs, "DISPLAY_NUM", n); -- AddDef(defs, "CLIENTHOST", client); -+ AddDefHostname(defs, "CLIENTHOST", client); - AddDefTok(defs, "CLNT_", client); - AddNum(defs, "VERSION", ProtocolVersion(display)); - AddNum(defs, "REVISION", ProtocolRevision(display)); -@@ -612,7 +625,7 @@ DoScreenDefines(Display *display, int scrno, String *defs) - AddNum(defs, "Y_RESOLUTION", Resolution(screen->height,screen->mheight)); - AddNum(defs, "PLANES", DisplayPlanes(display, scrno)); - AddNum(defs, "BITS_PER_RGB", visual->bits_per_rgb); -- AddDef(defs, "CLASS", ClassNames[visual->class]); -+ AddDefQ(defs, "CLASS", ClassNames[visual->class]); - snprintf(name, sizeof(name), "CLASS_%s", ClassNames[visual->class]); - AddNum(defs, name, (int)visual->visualid); - switch(visual->class) { -@@ -780,6 +793,40 @@ addstring(String *arg, const char *s) - arg->used += strlen(s); - } - -+static void -+addescapedstring(String *arg, const char *s) -+{ -+ char copy[512], *c; -+ -+ for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { -+ switch (*s) { -+ case '"': case '\'': case '`': -+ case '$': case '\\': -+ *c++ = '_'; -+ break; -+ default: -+ *c++ = *s; -+ } -+ } -+ *c = 0; -+ addstring (arg, copy); -+} -+ -+static void -+addtokstring(String *arg, const char *s) -+{ -+ char copy[512], *c; -+ -+ for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { -+ if (!isalpha(*s) && !isdigit(*s) && *s != '_') -+ *c++ = '_'; -+ else -+ *c++ = *s; -+ } -+ *c = 0; -+ addstring (arg, copy); -+} -+ - - int - main(int argc, char *argv[]) -@@ -892,7 +939,7 @@ main(int argc, char *argv[]) - continue; - } else if (arg[1] == 'I') { - addstring(&includes, " "); -- addstring(&includes, arg); -+ addescapedstring(&includes, arg); - continue; - } else if (arg[1] == 'U' || arg[1] == 'D') { - if (num_cmd_defines < MAX_CMD_DEFINES) { --- -cgit v0.8.3-6-g21f6 |