diff options
| author | Ariadne Conill <ariadne@dereferenced.org> | 2021-05-31 18:09:03 -0600 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-05-31 18:09:19 -0600 |
| commit | 7485e398630ec9df55994e0c639708567982b05c (patch) | |
| tree | 7257e8aa20b5268505d5c78dfa3ca001595305e5 | |
| parent | e10583f087096cdd2818356fdb9ebf9ce883157d (diff) | |
main/rxvt: add mitigation for CVE-2021-33477
| -rw-r--r-- | main/mrxvt/APKBUILD | 22 | ||||
| -rw-r--r-- | main/mrxvt/CVE-2021-33477.patch | 41 |
2 files changed, 52 insertions, 11 deletions
diff --git a/main/mrxvt/APKBUILD b/main/mrxvt/APKBUILD index 6c92f3ef5c2..56392906522 100644 --- a/main/mrxvt/APKBUILD +++ b/main/mrxvt/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Mark Constable <markc@renta.net> pkgname=mrxvt pkgver=0.5.4 -pkgrel=7 +pkgrel=8 pkgdesc="A multi-tabbed X terminal emulator based on rxvt code" url="http://materm.sourceforge.net/wiki/pmwiki.php" arch="all" @@ -13,9 +13,14 @@ source=" https://downloads.sourceforge.net/sourceforge/materm/$pkgname-$pkgver.tar.gz mrxvt-0.5.4-002-fix-segfault-when-wd-empty.patch musl-fix-includes.patch + CVE-2021-33477.patch mrxvt.desktop " +# secfixes: +# 0.5.4-r8: +# - CVE-2021-33477 + _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" @@ -58,15 +63,10 @@ package() { install -Dm644 ../mrxvt.desktop $pkgdir/usr/share/applications/mrxvt.desktop } -md5sums="0232c8868484751dcb931a28f0756f69 mrxvt-0.5.4.tar.gz -e4a8bb2521246aba85f8dcaa01aed527 mrxvt-0.5.4-002-fix-segfault-when-wd-empty.patch -762a151ed6d4f3ee6928678fda5b477f musl-fix-includes.patch -6ba3bcd484c8dad1b0b48465ded54de3 mrxvt.desktop" -sha256sums="f403ad5a908fcd38a55ed0a7e1b85584cb77be8781199653a39b8af1a9ad10d7 mrxvt-0.5.4.tar.gz -578f52cf072574ccfc8d500fb4d5d3ce97d7ecf610ec0f7798b8a74850b18756 mrxvt-0.5.4-002-fix-segfault-when-wd-empty.patch -146201eb1f3e525eac3e287dae80575e20c3c09ed9d7c1d2d1f32414cd9ca8cd musl-fix-includes.patch -3bdaed1adcd443347b01e3c976cd8c0923a75645ae75fcc4b5020dba07d20ac1 mrxvt.desktop" -sha512sums="572bb4dda9f9b9dcb597f3185922646523bce34003f536acca82992f68f8f7c1a5f2778d626f805ea2cd061e8451fbbf12010e5d655221f76b83440825c80992 mrxvt-0.5.4.tar.gz +sha512sums=" +572bb4dda9f9b9dcb597f3185922646523bce34003f536acca82992f68f8f7c1a5f2778d626f805ea2cd061e8451fbbf12010e5d655221f76b83440825c80992 mrxvt-0.5.4.tar.gz 27d8a9775a5ea6e5e0e588d84ab5c76cc76aaa4ebeb473950e8f6b3dbf660a380c2d2385356ab9bd12d2e00b98c467f99f8e1aac16c91f8ffa4e29a38124340a mrxvt-0.5.4-002-fix-segfault-when-wd-empty.patch 4f2cf06484b1b364f7eb9f2acc629d2e600d4e614071fca5035d3654b083347f00162d2077496626fe4184dcac938b0b91f3ffe23f259b53ed475c4b8e85dbb0 musl-fix-includes.patch -04e0f2e93449d2656e55bdbdf6742d50c625c86ba8e64062e40f447a077b3a01f457ea855a99df39b4a099b30517d4a8cc45e91de6300023d0072ee76ae2b375 mrxvt.desktop" +0b299ba3c049e91619a59df4c53053cdea0b3000e633495843518d1676b146214fea567fa1d441aca023e8c6ef0447cd43c7a4c4c0a498121e562d3afbafc59f CVE-2021-33477.patch +04e0f2e93449d2656e55bdbdf6742d50c625c86ba8e64062e40f447a077b3a01f457ea855a99df39b4a099b30517d4a8cc45e91de6300023d0072ee76ae2b375 mrxvt.desktop +" diff --git a/main/mrxvt/CVE-2021-33477.patch b/main/mrxvt/CVE-2021-33477.patch new file mode 100644 index 00000000000..b1c6185a089 --- /dev/null +++ b/main/mrxvt/CVE-2021-33477.patch @@ -0,0 +1,41 @@ +--- mrxvt-0.5.4/src/command.c.orig ++++ mrxvt-0.5.4/src/command.c +@@ -207,7 +207,9 @@ + int rxvt_privcases (rxvt_t*, int, int, uint32_t); + void rxvt_process_terminal_mode (rxvt_t*, int, int, int, unsigned int, const int*); + void rxvt_process_sgr_mode (rxvt_t*, int, unsigned int, const int*); ++#if 0 + void rxvt_process_graphics (rxvt_t*, int); ++#endif + void rxvt_process_getc (rxvt_t*, int, unsigned char); + /*--------------------------------------------------------------------* + * END `INTERNAL' ROUTINE PROTOTYPES * +@@ -5029,10 +5031,12 @@ + rxvt_scr_add_lines(r, page, (const unsigned char *)"\n\r", 1, 2); + break; + ++#if 0 + /* kidnapped escape sequence: Should be 8.3.48 */ + case C1_ESA: /* ESC G */ + rxvt_process_graphics(r, page); + break; ++#endif + + /* 8.3.63: CHARACTER TABULATION SET */ + case C1_HTS: /* ESC H */ +@@ -6671,6 +6675,7 @@ + } + /*}}} */ + ++#if 0 + /*{{{ process Rob Nation's own graphics mode sequences */ + /* INTPROTO */ + void +@@ -6707,6 +6712,7 @@ + printable characters. */ + } + /*}}} */ ++#endif + + /* ------------------------------------------------------------------------- */ + |