[arch-commits] Commit in lxterminal/repos (6 files)
Balló György
bgyorgy at archlinux.org
Sun Jun 18 09:28:00 UTC 2017
Date: Sunday, June 18, 2017 @ 09:27:59
Author: bgyorgy
Revision: 238029
archrelease: copy trunk to community-i686, community-x86_64
Added:
lxterminal/repos/community-i686/Fix-CVE-2016-10369.patch
(from rev 238028, lxterminal/trunk/Fix-CVE-2016-10369.patch)
lxterminal/repos/community-i686/PKGBUILD
(from rev 238028, lxterminal/trunk/PKGBUILD)
lxterminal/repos/community-x86_64/Fix-CVE-2016-10369.patch
(from rev 238028, lxterminal/trunk/Fix-CVE-2016-10369.patch)
lxterminal/repos/community-x86_64/PKGBUILD
(from rev 238028, lxterminal/trunk/PKGBUILD)
Deleted:
lxterminal/repos/community-i686/PKGBUILD
lxterminal/repos/community-x86_64/PKGBUILD
-------------------------------------------+
/PKGBUILD | 116 ++++++++++++++++++++++++++++
community-i686/Fix-CVE-2016-10369.patch | 29 +++++++
community-i686/PKGBUILD | 51 ------------
community-x86_64/Fix-CVE-2016-10369.patch | 29 +++++++
community-x86_64/PKGBUILD | 51 ------------
5 files changed, 174 insertions(+), 102 deletions(-)
Copied: lxterminal/repos/community-i686/Fix-CVE-2016-10369.patch (from rev 238028, lxterminal/trunk/Fix-CVE-2016-10369.patch)
===================================================================
--- community-i686/Fix-CVE-2016-10369.patch (rev 0)
+++ community-i686/Fix-CVE-2016-10369.patch 2017-06-18 09:27:59 UTC (rev 238029)
@@ -0,0 +1,29 @@
+From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
+From: Yao Wei <mwei at lxde.org>
+Date: Mon, 8 May 2017 00:47:55 +0800
+Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
+
+This bug is pointed out by stackexchange user that putting socket file in
+/tmp is a potential risk. Putting the socket dir in user directory could
+mitigate the risk.
+---
+ src/unixsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/unixsocket.c b/src/unixsocket.c
+index 4c660ac..f88284c 100644
+--- a/src/unixsocket.c
++++ b/src/unixsocket.c
+@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
+ * This function returns TRUE if this process should keep running and FALSE if it should exit. */
+
+ /* Formulate the path for the Unix domain socket. */
+- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
++ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
++ printf("%s\n", socket_path);
+
+ /* Create socket. */
+ int fd = socket(PF_UNIX, SOCK_STREAM, 0);
+--
+2.1.4
+
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2017-06-18 09:27:52 UTC (rev 238028)
+++ community-i686/PKGBUILD 2017-06-18 09:27:59 UTC (rev 238029)
@@ -1,51 +0,0 @@
-# $Id$
-# Maintainer: Balló György <ballogyor+arch at gmail dot com>
-# Contributor: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
-# Contributor: Angel Velasquez <angvp at archlinux.org>
-# Contributor: Geoffroy Carrier <geoffroy.carrier at koon.fr>
-
-pkgbase=lxterminal
-pkgname=(lxterminal lxterminal-gtk3)
-pkgver=0.3.0
-pkgrel=1
-pkgdesc="VTE-based terminal emulator (part of LXDE)"
-arch=('i686' 'x86_64')
-license=('GPL2')
-url="http://lxde.org/"
-depends=('vte' 'vte3')
-makedepends=('intltool')
-source=(https://downloads.sourceforge.net/lxde/${pkgbase}-${pkgver}.tar.xz)
-sha256sums=('2a424653565f04f4459cc86756e583f3107ca90e5e81250804dced5f8236c7f9')
-
-build() {
- # GTK+ 2 version
- [ -d gtk2 ] || cp -r $pkgbase-$pkgver gtk2
- cd gtk2
- ./configure --sysconfdir=/etc --prefix=/usr
- make
-
- cd "$srcdir"
- # GTK+ 3 version
- [ -d gtk3 ] || cp -r $pkgbase-$pkgver gtk3
- cd gtk3
- ./configure --sysconfdir=/etc --prefix=/usr --enable-gtk3
- make
-}
-
-package_lxterminal() {
- groups=('lxde')
- depends=('vte')
-
- cd gtk2
- make DESTDIR="$pkgdir" install
-}
-
-package_lxterminal-gtk3() {
- groups=('lxde-gtk3')
- pkgdesc+=' (GTK+ 3 version)'
- depends=('vte3')
- conflicts=('lxterminal')
-
- cd gtk3
- make DESTDIR="$pkgdir" install
-}
Copied: lxterminal/repos/community-i686/PKGBUILD (from rev 238028, lxterminal/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2017-06-18 09:27:59 UTC (rev 238029)
@@ -0,0 +1,58 @@
+# $Id$
+# Maintainer: Balló György <ballogyor+arch at gmail dot com>
+# Contributor: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Contributor: Angel Velasquez <angvp at archlinux.org>
+# Contributor: Geoffroy Carrier <geoffroy.carrier at koon.fr>
+
+pkgbase=lxterminal
+pkgname=(lxterminal lxterminal-gtk3)
+pkgver=0.3.0
+pkgrel=2
+pkgdesc="VTE-based terminal emulator (part of LXDE)"
+arch=('i686' 'x86_64')
+license=('GPL2')
+url="http://lxde.org/"
+depends=('vte' 'vte3')
+makedepends=('intltool')
+source=(https://downloads.sourceforge.net/lxde/${pkgbase}-${pkgver}.tar.xz
+ Fix-CVE-2016-10369.patch)
+sha256sums=('2a424653565f04f4459cc86756e583f3107ca90e5e81250804dced5f8236c7f9'
+ '9b0304b102c98812517e3db5e1439fad6290f2646d27adf79419cbaabb55a33b')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../Fix-CVE-2016-10369.patch
+}
+
+build() {
+ # GTK+ 2 version
+ [ -d gtk2 ] || cp -r $pkgbase-$pkgver gtk2
+ cd gtk2
+ ./configure --sysconfdir=/etc --prefix=/usr
+ make
+
+ cd "$srcdir"
+ # GTK+ 3 version
+ [ -d gtk3 ] || cp -r $pkgbase-$pkgver gtk3
+ cd gtk3
+ ./configure --sysconfdir=/etc --prefix=/usr --enable-gtk3
+ make
+}
+
+package_lxterminal() {
+ groups=('lxde')
+ depends=('vte')
+
+ cd gtk2
+ make DESTDIR="$pkgdir" install
+}
+
+package_lxterminal-gtk3() {
+ groups=('lxde-gtk3')
+ pkgdesc+=' (GTK+ 3 version)'
+ depends=('vte3')
+ conflicts=('lxterminal')
+
+ cd gtk3
+ make DESTDIR="$pkgdir" install
+}
Copied: lxterminal/repos/community-x86_64/Fix-CVE-2016-10369.patch (from rev 238028, lxterminal/trunk/Fix-CVE-2016-10369.patch)
===================================================================
--- community-x86_64/Fix-CVE-2016-10369.patch (rev 0)
+++ community-x86_64/Fix-CVE-2016-10369.patch 2017-06-18 09:27:59 UTC (rev 238029)
@@ -0,0 +1,29 @@
+From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
+From: Yao Wei <mwei at lxde.org>
+Date: Mon, 8 May 2017 00:47:55 +0800
+Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
+
+This bug is pointed out by stackexchange user that putting socket file in
+/tmp is a potential risk. Putting the socket dir in user directory could
+mitigate the risk.
+---
+ src/unixsocket.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/unixsocket.c b/src/unixsocket.c
+index 4c660ac..f88284c 100644
+--- a/src/unixsocket.c
++++ b/src/unixsocket.c
+@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
+ * This function returns TRUE if this process should keep running and FALSE if it should exit. */
+
+ /* Formulate the path for the Unix domain socket. */
+- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
++ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
++ printf("%s\n", socket_path);
+
+ /* Create socket. */
+ int fd = socket(PF_UNIX, SOCK_STREAM, 0);
+--
+2.1.4
+
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2017-06-18 09:27:52 UTC (rev 238028)
+++ community-x86_64/PKGBUILD 2017-06-18 09:27:59 UTC (rev 238029)
@@ -1,51 +0,0 @@
-# $Id$
-# Maintainer: Balló György <ballogyor+arch at gmail dot com>
-# Contributor: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
-# Contributor: Angel Velasquez <angvp at archlinux.org>
-# Contributor: Geoffroy Carrier <geoffroy.carrier at koon.fr>
-
-pkgbase=lxterminal
-pkgname=(lxterminal lxterminal-gtk3)
-pkgver=0.3.0
-pkgrel=1
-pkgdesc="VTE-based terminal emulator (part of LXDE)"
-arch=('i686' 'x86_64')
-license=('GPL2')
-url="http://lxde.org/"
-depends=('vte' 'vte3')
-makedepends=('intltool')
-source=(https://downloads.sourceforge.net/lxde/${pkgbase}-${pkgver}.tar.xz)
-sha256sums=('2a424653565f04f4459cc86756e583f3107ca90e5e81250804dced5f8236c7f9')
-
-build() {
- # GTK+ 2 version
- [ -d gtk2 ] || cp -r $pkgbase-$pkgver gtk2
- cd gtk2
- ./configure --sysconfdir=/etc --prefix=/usr
- make
-
- cd "$srcdir"
- # GTK+ 3 version
- [ -d gtk3 ] || cp -r $pkgbase-$pkgver gtk3
- cd gtk3
- ./configure --sysconfdir=/etc --prefix=/usr --enable-gtk3
- make
-}
-
-package_lxterminal() {
- groups=('lxde')
- depends=('vte')
-
- cd gtk2
- make DESTDIR="$pkgdir" install
-}
-
-package_lxterminal-gtk3() {
- groups=('lxde-gtk3')
- pkgdesc+=' (GTK+ 3 version)'
- depends=('vte3')
- conflicts=('lxterminal')
-
- cd gtk3
- make DESTDIR="$pkgdir" install
-}
Copied: lxterminal/repos/community-x86_64/PKGBUILD (from rev 238028, lxterminal/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2017-06-18 09:27:59 UTC (rev 238029)
@@ -0,0 +1,58 @@
+# $Id$
+# Maintainer: Balló György <ballogyor+arch at gmail dot com>
+# Contributor: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Contributor: Angel Velasquez <angvp at archlinux.org>
+# Contributor: Geoffroy Carrier <geoffroy.carrier at koon.fr>
+
+pkgbase=lxterminal
+pkgname=(lxterminal lxterminal-gtk3)
+pkgver=0.3.0
+pkgrel=2
+pkgdesc="VTE-based terminal emulator (part of LXDE)"
+arch=('i686' 'x86_64')
+license=('GPL2')
+url="http://lxde.org/"
+depends=('vte' 'vte3')
+makedepends=('intltool')
+source=(https://downloads.sourceforge.net/lxde/${pkgbase}-${pkgver}.tar.xz
+ Fix-CVE-2016-10369.patch)
+sha256sums=('2a424653565f04f4459cc86756e583f3107ca90e5e81250804dced5f8236c7f9'
+ '9b0304b102c98812517e3db5e1439fad6290f2646d27adf79419cbaabb55a33b')
+
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../Fix-CVE-2016-10369.patch
+}
+
+build() {
+ # GTK+ 2 version
+ [ -d gtk2 ] || cp -r $pkgbase-$pkgver gtk2
+ cd gtk2
+ ./configure --sysconfdir=/etc --prefix=/usr
+ make
+
+ cd "$srcdir"
+ # GTK+ 3 version
+ [ -d gtk3 ] || cp -r $pkgbase-$pkgver gtk3
+ cd gtk3
+ ./configure --sysconfdir=/etc --prefix=/usr --enable-gtk3
+ make
+}
+
+package_lxterminal() {
+ groups=('lxde')
+ depends=('vte')
+
+ cd gtk2
+ make DESTDIR="$pkgdir" install
+}
+
+package_lxterminal-gtk3() {
+ groups=('lxde-gtk3')
+ pkgdesc+=' (GTK+ 3 version)'
+ depends=('vte3')
+ conflicts=('lxterminal')
+
+ cd gtk3
+ make DESTDIR="$pkgdir" install
+}
More information about the arch-commits
mailing list