Skip to content
Snippets Groups Projects
Commit 8e623da7 authored by Ariadne Conill's avatar Ariadne Conill
Browse files

community/rxvt-unicode: add mitigation for CVE-2021-33477

parent 30e7f1ad
No related branches found
No related tags found
No related merge requests found
......@@ -4,7 +4,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=rxvt-unicode
pkgver=9.22
pkgrel=9
pkgrel=10
pkgdesc="rxvt fork with improved unicode support"
url="http://software.schmorp.de/pkg/rxvt-unicode.html"
arch="all"
......@@ -14,11 +14,16 @@ depends="$pkgname-terminfo"
makedepends="libx11-dev libxft-dev ncurses fontconfig-dev
gdk-pixbuf-dev libxrender-dev perl-dev startup-notification-dev"
subpackages="$pkgname-doc $pkgname-terminfo::noarch"
source="http://dist.schmorp.de/rxvt-unicode/rxvt-unicode-$pkgver.tar.bz2
source="http://dist.schmorp.de/rxvt-unicode/Attic/rxvt-unicode-$pkgver.tar.bz2
gentables.patch
rxvt-unicode-kerning.patch
CVE-2021-33477.patch
"
# secfixes:
# 9.22-r10:
# - CVE-2021-33477
build() {
./configure \
--build=$CBUILD \
......@@ -65,6 +70,9 @@ terminfo() {
"$subpkgdir"/usr/share/terminfo/
}
sha512sums="b39f1b2cbe6dd3fbd2a0ad6a9d391a2b6f49d7c5e67bc65fe44a9c86937f8db379572c67564c6e21ff6e09b447cdfd4e540544e486179e94da0e0db679c04dd9 rxvt-unicode-9.22.tar.bz2
sha512sums="
b39f1b2cbe6dd3fbd2a0ad6a9d391a2b6f49d7c5e67bc65fe44a9c86937f8db379572c67564c6e21ff6e09b447cdfd4e540544e486179e94da0e0db679c04dd9 rxvt-unicode-9.22.tar.bz2
2a973e001dacf900895d0c1045dfffd5a1ca7650669853bd5fdf09819b19a750bb59d913f8bdc83b103e5e0e7cce7f0d2b6184f36a29c1bac86e90c08ae6a475 gentables.patch
d2fb68b3e11a78328ded4d2d646ffbaae657e9f23f3b4b81e11bc4350dd3e1e7585eeaeee47a70246bdfb7e12fbb667e40a7766989154235064f56ed4ad0a987 rxvt-unicode-kerning.patch"
d2fb68b3e11a78328ded4d2d646ffbaae657e9f23f3b4b81e11bc4350dd3e1e7585eeaeee47a70246bdfb7e12fbb667e40a7766989154235064f56ed4ad0a987 rxvt-unicode-kerning.patch
2c1cb4dad04b0fdf9212949337a37b402ed86638b26390d18f00620a71a80e91894eb624ec8058e10b7c18e1c369d8e6af91a7cd26ca6c2b221a0cf060aa0950 CVE-2021-33477.patch
"
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
@@ -2695,7 +2695,7 @@
/* kidnapped escape sequence: Should be 8.3.48 */
case C1_ESA: /* ESC G */
// used by original rxvt for rob nations own graphics mode
- if (cmd_getc () == 'Q')
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
tt_printf ("\033G0\012"); /* query graphics - no graphics */
break;
@@ -2914,7 +2914,7 @@
break;
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
#ifdef ISO6429
arg[0] = -arg[0];
#else /* emulate common DEC VTs */
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment