aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-05-31 18:04:09 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-05-31 18:04:09 -0600
commitc8ee77c5333647d3a267d3eea51f0af15c45a8ba (patch)
tree0711991584ed44a9bf5b98d02193fbdd19f99ee7
parentfcc680cb7159c67b8a32a3c4f58213c7e0667ec5 (diff)
downloadaports-c8ee77c5333647d3a267d3eea51f0af15c45a8ba.tar.gz
aports-c8ee77c5333647d3a267d3eea51f0af15c45a8ba.tar.bz2
aports-c8ee77c5333647d3a267d3eea51f0af15c45a8ba.tar.xz
community/mrxvt: add mitigation for CVE-2021-33477
-rw-r--r--community/mrxvt/APKBUILD14
-rw-r--r--community/mrxvt/CVE-2021-33477.patch41
2 files changed, 52 insertions, 3 deletions
diff --git a/community/mrxvt/APKBUILD b/community/mrxvt/APKBUILD
index 739c694fd0..3dacad3ceb 100644
--- a/community/mrxvt/APKBUILD
+++ b/community/mrxvt/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Mark Constable <markc@renta.net>
pkgname=mrxvt
pkgver=0.5.4
-pkgrel=8
+pkgrel=9
pkgdesc="A multi-tabbed X terminal emulator based on rxvt code"
url="http://materm.sourceforge.net/wiki/pmwiki.php"
arch="all"
@@ -13,9 +13,14 @@ source="https://downloads.sourceforge.net/sourceforge/materm/mrxvt-$pkgver.tar.g
mrxvt-0.5.4-002-fix-segfault-when-wd-empty.patch
musl-fix-includes.patch
gcc-10.patch
+ CVE-2021-33477.patch
mrxvt.desktop
"
+# secfixes:
+# 0.5.4-r9:
+# - CVE-2021-33477
+
prepare() {
default_prepare
update_config_sub
@@ -49,8 +54,11 @@ package() {
install -Dm644 ../mrxvt.desktop $pkgdir/usr/share/applications/mrxvt.desktop
}
-sha512sums="572bb4dda9f9b9dcb597f3185922646523bce34003f536acca82992f68f8f7c1a5f2778d626f805ea2cd061e8451fbbf12010e5d655221f76b83440825c80992 mrxvt-0.5.4.tar.gz
+sha512sums="
+572bb4dda9f9b9dcb597f3185922646523bce34003f536acca82992f68f8f7c1a5f2778d626f805ea2cd061e8451fbbf12010e5d655221f76b83440825c80992 mrxvt-0.5.4.tar.gz
27d8a9775a5ea6e5e0e588d84ab5c76cc76aaa4ebeb473950e8f6b3dbf660a380c2d2385356ab9bd12d2e00b98c467f99f8e1aac16c91f8ffa4e29a38124340a mrxvt-0.5.4-002-fix-segfault-when-wd-empty.patch
4f2cf06484b1b364f7eb9f2acc629d2e600d4e614071fca5035d3654b083347f00162d2077496626fe4184dcac938b0b91f3ffe23f259b53ed475c4b8e85dbb0 musl-fix-includes.patch
1cb5ad1a64f105da63914ee321dcc9753887d8584a8f99d7d8ee1326fdb1d94fb188854393003b33097c00bfe509af3eb12c92564cddce46fccd4cf00c1bf7b6 gcc-10.patch
-04e0f2e93449d2656e55bdbdf6742d50c625c86ba8e64062e40f447a077b3a01f457ea855a99df39b4a099b30517d4a8cc45e91de6300023d0072ee76ae2b375 mrxvt.desktop"
+0b299ba3c049e91619a59df4c53053cdea0b3000e633495843518d1676b146214fea567fa1d441aca023e8c6ef0447cd43c7a4c4c0a498121e562d3afbafc59f CVE-2021-33477.patch
+04e0f2e93449d2656e55bdbdf6742d50c625c86ba8e64062e40f447a077b3a01f457ea855a99df39b4a099b30517d4a8cc45e91de6300023d0072ee76ae2b375 mrxvt.desktop
+"
diff --git a/community/mrxvt/CVE-2021-33477.patch b/community/mrxvt/CVE-2021-33477.patch
new file mode 100644
index 0000000000..b1c6185a08
--- /dev/null
+++ b/community/mrxvt/CVE-2021-33477.patch
@@ -0,0 +1,41 @@
+--- mrxvt-0.5.4/src/command.c.orig
++++ mrxvt-0.5.4/src/command.c
+@@ -207,7 +207,9 @@
+ int rxvt_privcases (rxvt_t*, int, int, uint32_t);
+ void rxvt_process_terminal_mode (rxvt_t*, int, int, int, unsigned int, const int*);
+ void rxvt_process_sgr_mode (rxvt_t*, int, unsigned int, const int*);
++#if 0
+ void rxvt_process_graphics (rxvt_t*, int);
++#endif
+ void rxvt_process_getc (rxvt_t*, int, unsigned char);
+ /*--------------------------------------------------------------------*
+ * END `INTERNAL' ROUTINE PROTOTYPES *
+@@ -5029,10 +5031,12 @@
+ rxvt_scr_add_lines(r, page, (const unsigned char *)"\n\r", 1, 2);
+ break;
+
++#if 0
+ /* kidnapped escape sequence: Should be 8.3.48 */
+ case C1_ESA: /* ESC G */
+ rxvt_process_graphics(r, page);
+ break;
++#endif
+
+ /* 8.3.63: CHARACTER TABULATION SET */
+ case C1_HTS: /* ESC H */
+@@ -6671,6 +6675,7 @@
+ }
+ /*}}} */
+
++#if 0
+ /*{{{ process Rob Nation's own graphics mode sequences */
+ /* INTPROTO */
+ void
+@@ -6707,6 +6712,7 @@
+ printable characters. */
+ }
+ /*}}} */
++#endif
+
+ /* ------------------------------------------------------------------------- */
+