mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 20:36:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/rxvt-unicode: add mitigation for CVE-2021-33477

Browse Source
This commit is contained in:
Ariadne Conill 2021-05-31 18:17:41 -06:00
parent cf8d2c0183
commit d825775c2f
2 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
main/rxvt-unicode/APKBUILD
View File

@ -4,7 +4,7 @@
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=rxvt-unicode
pkgver=9.22
pkgrel=6
pkgrel=7
pkgdesc="rxvt fork with improved unicode support"
url="http://software.schmorp.de/pkg/rxvt-unicode.html"
arch="all"
@ -14,12 +14,17 @@ depends="$pkgname-terminfo"
makedepends="libx11-dev libxft-dev ncurses fontconfig-dev
gdk-pixbuf-dev libxrender-dev perl-dev startup-notification-dev"
subpackages="$pkgname-doc $pkgname-terminfo::noarch"
source="http://dist.schmorp.de/rxvt-unicode/$pkgname-$pkgver.tar.bz2
source="http://dist.schmorp.de/rxvt-unicode/Attic/$pkgname-$pkgver.tar.bz2
gentables.patch
rxvt-unicode-kerning.patch"
rxvt-unicode-kerning.patch
CVE-2021-33477.patch"
builddir="${srcdir}/${pkgname}-${pkgver}"
# secfixes:
# 9.22-r7:
# - CVE-2021-33477
build() {
cd "$builddir"
./configure \
@ -68,6 +73,9 @@ terminfo() {
"$subpkgdir"/usr/share/terminfo/
}
sha512sums="b39f1b2cbe6dd3fbd2a0ad6a9d391a2b6f49d7c5e67bc65fe44a9c86937f8db379572c67564c6e21ff6e09b447cdfd4e540544e486179e94da0e0db679c04dd9 rxvt-unicode-9.22.tar.bz2
sha512sums="
b39f1b2cbe6dd3fbd2a0ad6a9d391a2b6f49d7c5e67bc65fe44a9c86937f8db379572c67564c6e21ff6e09b447cdfd4e540544e486179e94da0e0db679c04dd9 rxvt-unicode-9.22.tar.bz2
2a973e001dacf900895d0c1045dfffd5a1ca7650669853bd5fdf09819b19a750bb59d913f8bdc83b103e5e0e7cce7f0d2b6184f36a29c1bac86e90c08ae6a475 gentables.patch
d2fb68b3e11a78328ded4d2d646ffbaae657e9f23f3b4b81e11bc4350dd3e1e7585eeaeee47a70246bdfb7e12fbb667e40a7766989154235064f56ed4ad0a987 rxvt-unicode-kerning.patch"
d2fb68b3e11a78328ded4d2d646ffbaae657e9f23f3b4b81e11bc4350dd3e1e7585eeaeee47a70246bdfb7e12fbb667e40a7766989154235064f56ed4ad0a987 rxvt-unicode-kerning.patch
2c1cb4dad04b0fdf9212949337a37b402ed86638b26390d18f00620a71a80e91894eb624ec8058e10b7c18e1c369d8e6af91a7cd26ca6c2b221a0cf060aa0950 CVE-2021-33477.patch
"

20
main/rxvt-unicode/CVE-2021-33477.patch Normal file
View File

@ -0,0 +1,20 @@
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
@@ -2695,7 +2695,7 @@
/* kidnapped escape sequence: Should be 8.3.48 */
case C1_ESA: /* ESC G */
// used by original rxvt for rob nations own graphics mode
- if (cmd_getc () == 'Q')
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
tt_printf ("\033G0\012"); /* query graphics - no graphics */
break;
@@ -2914,7 +2914,7 @@
break;
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
#ifdef ISO6429
arg[0] = -arg[0];
#else /* emulate common DEC VTs */