[arch-commits] Commit in lxterminal/trunk (Fix-CVE-2016-10369.patch PKGBUILD)

Wed Nov 22 13:36:14 UTC 2017

Date: Wednesday, November 22, 2017 @ 13:36:13
  Author: bgyorgy
Revision: 268005

upgpkg: lxterminal 0.3.1-1

Update to new version

Modified:
  lxterminal/trunk/PKGBUILD
Deleted:
  lxterminal/trunk/Fix-CVE-2016-10369.patch

--------------------------+
 Fix-CVE-2016-10369.patch |   29 -----------------------------
 PKGBUILD                 |   15 ++++-----------
 2 files changed, 4 insertions(+), 40 deletions(-)

Deleted: Fix-CVE-2016-10369.patch
===================================================================

--- Fix-CVE-2016-10369.patch	2017-11-22 13:31:32 UTC (rev 268004)
+++ Fix-CVE-2016-10369.patch	2017-11-22 13:36:13 UTC (rev 268005)
@@ -1,29 +0,0 @@
-From f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Mon Sep 17 00:00:00 2001
-From: Yao Wei <mwei at lxde.org>
-Date: Mon, 8 May 2017 00:47:55 +0800
-Subject: [PATCH] fix: use g_get_user_runtime_dir for socket directory
-
-This bug is pointed out by stackexchange user that putting socket file in
-/tmp is a potential risk. Putting the socket dir in user directory could
-mitigate the risk.
----
- src/unixsocket.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/unixsocket.c b/src/unixsocket.c
-index 4c660ac..f88284c 100644
---- a/src/unixsocket.c
-+++ b/src/unixsocket.c
-@@ -140,7 +140,8 @@ gboolean lxterminal_socket_initialize(LXTermWindow * lxtermwin, gint argc, gchar
-      * This function returns TRUE if this process should keep running and FALSE if it should exit. */
- 
-     /* Formulate the path for the Unix domain socket. */
--    gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_display_get_name(gdk_display_get_default()), g_get_user_name());
-+    gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default()));
-+    printf("%s\n", socket_path);
- 
-     /* Create socket. */
-     int fd = socket(PF_UNIX, SOCK_STREAM, 0);
--- 
-2.1.4
-

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-11-22 13:31:32 UTC (rev 268004)
+++ PKGBUILD	2017-11-22 13:36:13 UTC (rev 268005)
@@ -6,8 +6,8 @@
 
 pkgbase=lxterminal
 pkgname=(lxterminal lxterminal-gtk3)
-pkgver=0.3.0
-pkgrel=2
+pkgver=0.3.1
+pkgrel=1
 pkgdesc="VTE-based terminal emulator (part of LXDE)"
 arch=('x86_64')
 license=('GPL2')
@@ -14,16 +14,9 @@
 url="http://lxde.org/"
 depends=('vte' 'vte3')
 makedepends=('intltool')
-source=(https://downloads.sourceforge.net/lxde/${pkgbase}-${pkgver}.tar.xz
-        Fix-CVE-2016-10369.patch)
-sha256sums=('2a424653565f04f4459cc86756e583f3107ca90e5e81250804dced5f8236c7f9'
-            '9b0304b102c98812517e3db5e1439fad6290f2646d27adf79419cbaabb55a33b')
+source=(https://downloads.sourceforge.net/lxde/${pkgbase}-${pkgver}.tar.xz)
+sha256sums=('cd8df387c2dd40e03b48caacf700820f9421b421954a0ed56395f505411d2c4b')
 
-prepare() {
-  cd $pkgname-$pkgver
-  patch -Np1 -i ../Fix-CVE-2016-10369.patch
-}
-
 build() {
   # GTK+ 2 version
   [ -d gtk2 ] || cp -r $pkgbase-$pkgver gtk2

