Commit e0dcc37f authored by Ariadne Conill's avatar Ariadne Conill 🐰
Browse files

main/rxvt-unicode: add mitigation for CVE-2021-33477

parent 7485e398
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=rxvt-unicode pkgname=rxvt-unicode
pkgver=9.22 pkgver=9.22
pkgrel=7 pkgrel=8
pkgdesc="rxvt fork with improved unicode support" pkgdesc="rxvt fork with improved unicode support"
url="http://software.schmorp.de/pkg/rxvt-unicode.html" url="http://software.schmorp.de/pkg/rxvt-unicode.html"
arch="all" arch="all"
...@@ -14,12 +14,17 @@ depends="$pkgname-terminfo" ...@@ -14,12 +14,17 @@ depends="$pkgname-terminfo"
makedepends="libx11-dev libxft-dev ncurses fontconfig-dev makedepends="libx11-dev libxft-dev ncurses fontconfig-dev
gdk-pixbuf-dev libxrender-dev perl-dev startup-notification-dev" gdk-pixbuf-dev libxrender-dev perl-dev startup-notification-dev"
subpackages="$pkgname-doc $pkgname-terminfo::noarch" subpackages="$pkgname-doc $pkgname-terminfo::noarch"
source="http://dist.schmorp.de/rxvt-unicode/$pkgname-$pkgver.tar.bz2 source="http://dist.schmorp.de/rxvt-unicode/Attic/$pkgname-$pkgver.tar.bz2
gentables.patch gentables.patch
rxvt-unicode-kerning.patch" rxvt-unicode-kerning.patch
CVE-2021-33477.patch"
builddir="${srcdir}/${pkgname}-${pkgver}" builddir="${srcdir}/${pkgname}-${pkgver}"
# secfixes:
# 9.22-r8:
# - CVE-2021-33477
build() { build() {
cd "$builddir" cd "$builddir"
./configure \ ./configure \
...@@ -68,6 +73,9 @@ terminfo() { ...@@ -68,6 +73,9 @@ terminfo() {
"$subpkgdir"/usr/share/terminfo/ "$subpkgdir"/usr/share/terminfo/
} }
sha512sums="b39f1b2cbe6dd3fbd2a0ad6a9d391a2b6f49d7c5e67bc65fe44a9c86937f8db379572c67564c6e21ff6e09b447cdfd4e540544e486179e94da0e0db679c04dd9 rxvt-unicode-9.22.tar.bz2 sha512sums="
b39f1b2cbe6dd3fbd2a0ad6a9d391a2b6f49d7c5e67bc65fe44a9c86937f8db379572c67564c6e21ff6e09b447cdfd4e540544e486179e94da0e0db679c04dd9 rxvt-unicode-9.22.tar.bz2
2a973e001dacf900895d0c1045dfffd5a1ca7650669853bd5fdf09819b19a750bb59d913f8bdc83b103e5e0e7cce7f0d2b6184f36a29c1bac86e90c08ae6a475 gentables.patch 2a973e001dacf900895d0c1045dfffd5a1ca7650669853bd5fdf09819b19a750bb59d913f8bdc83b103e5e0e7cce7f0d2b6184f36a29c1bac86e90c08ae6a475 gentables.patch
d2fb68b3e11a78328ded4d2d646ffbaae657e9f23f3b4b81e11bc4350dd3e1e7585eeaeee47a70246bdfb7e12fbb667e40a7766989154235064f56ed4ad0a987 rxvt-unicode-kerning.patch" d2fb68b3e11a78328ded4d2d646ffbaae657e9f23f3b4b81e11bc4350dd3e1e7585eeaeee47a70246bdfb7e12fbb667e40a7766989154235064f56ed4ad0a987 rxvt-unicode-kerning.patch
2c1cb4dad04b0fdf9212949337a37b402ed86638b26390d18f00620a71a80e91894eb624ec8058e10b7c18e1c369d8e6af91a7cd26ca6c2b221a0cf060aa0950 CVE-2021-33477.patch
"
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
@@ -2695,7 +2695,7 @@
/* kidnapped escape sequence: Should be 8.3.48 */
case C1_ESA: /* ESC G */
// used by original rxvt for rob nations own graphics mode
- if (cmd_getc () == 'Q')
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
tt_printf ("\033G0\012"); /* query graphics - no graphics */
break;
@@ -2914,7 +2914,7 @@
break;
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
#ifdef ISO6429
arg[0] = -arg[0];
#else /* emulate common DEC VTs */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment