| 1 |
commit: 7754b4970254a816210ca814289256a43d7625f7 |
| 2 |
Author: Marek Szuba <marecki <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue May 18 15:25:01 2021 +0000 |
| 4 |
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue May 18 15:33:09 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7754b497 |
| 7 |
|
| 8 |
x11-terms/rxvt-unicode-9.22: mark ANSI sequence ESC G Q as insecure |
| 9 |
|
| 10 |
Can in theory be used to perform remote code execution, see |
| 11 |
https://seclists.org/oss-sec/2021/q2/145 . This was fixed upstream in 2017 |
| 12 |
(see http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583) |
| 13 |
so 9.26 is not vulnerable, that said 9.22 will likely not go away any |
| 14 |
time soon (if only because of 24-bit colour support) so let's backport |
| 15 |
this. |
| 16 |
|
| 17 |
Reported-by: Roman Dobosz <gryf73 <AT> gmail.com> |
| 18 |
Bug: https://bugs.gentoo.org/790782 |
| 19 |
Closes: https://github.com/gentoo/gentoo/pull/20863 |
| 20 |
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> |
| 21 |
|
| 22 |
...rxvt-unicode-9.22-query-graphics-insecure.patch | 11 ++ |
| 23 |
x11-terms/rxvt-unicode/rxvt-unicode-9.22-r9.ebuild | 120 +++++++++++++++++++++ |
| 24 |
2 files changed, 131 insertions(+) |
| 25 |
|
| 26 |
diff --git a/x11-terms/rxvt-unicode/files/rxvt-unicode-9.22-query-graphics-insecure.patch b/x11-terms/rxvt-unicode/files/rxvt-unicode-9.22-query-graphics-insecure.patch |
| 27 |
new file mode 100644 |
| 28 |
index 00000000000..52a8c829705 |
| 29 |
--- /dev/null |
| 30 |
+++ b/x11-terms/rxvt-unicode/files/rxvt-unicode-9.22-query-graphics-insecure.patch |
| 31 |
@@ -0,0 +1,11 @@ |
| 32 |
+--- a/src/command.C |
| 33 |
++++ b/src/command.C |
| 34 |
+@@ -2695,7 +2695,7 @@ |
| 35 |
+ /* kidnapped escape sequence: Should be 8.3.48 */ |
| 36 |
+ case C1_ESA: /* ESC G */ |
| 37 |
+ // used by original rxvt for rob nations own graphics mode |
| 38 |
+- if (cmd_getc () == 'Q') |
| 39 |
++ if (cmd_getc () == 'Q' && option (Opt_insecure)) |
| 40 |
+ tt_printf ("\033G0\012"); /* query graphics - no graphics */ |
| 41 |
+ break; |
| 42 |
+ |
| 43 |
|
| 44 |
diff --git a/x11-terms/rxvt-unicode/rxvt-unicode-9.22-r9.ebuild b/x11-terms/rxvt-unicode/rxvt-unicode-9.22-r9.ebuild |
| 45 |
new file mode 100644 |
| 46 |
index 00000000000..b4572db26bc |
| 47 |
--- /dev/null |
| 48 |
+++ b/x11-terms/rxvt-unicode/rxvt-unicode-9.22-r9.ebuild |
| 49 |
@@ -0,0 +1,120 @@ |
| 50 |
+# Copyright 1999-2021 Gentoo Authors |
| 51 |
+# Distributed under the terms of the GNU General Public License v2 |
| 52 |
+ |
| 53 |
+EAPI=7 |
| 54 |
+ |
| 55 |
+inherit autotools desktop flag-o-matic systemd prefix |
| 56 |
+ |
| 57 |
+COLOUR_PATCH_NAME="${PN}-9.22_24-bit-color_cpixl-20201108.patch" |
| 58 |
+ |
| 59 |
+DESCRIPTION="rxvt clone with xft and unicode support" |
| 60 |
+HOMEPAGE="http://software.schmorp.de/pkg/rxvt-unicode.html" |
| 61 |
+SRC_URI="http://dist.schmorp.de/rxvt-unicode/Attic/${P}.tar.bz2 |
| 62 |
+ https://dev.gentoo.org/~marecki/dists/${PN}/${COLOUR_PATCH_NAME}.xz" |
| 63 |
+ |
| 64 |
+LICENSE="GPL-3" |
| 65 |
+SLOT="0" |
| 66 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris" |
| 67 |
+IUSE="-24-bit-color 256-color blink fading-colors +font-styles gdk-pixbuf iso14755 +mousewheel |
| 68 |
+ +perl -sgrmouse startup-notification unicode3 +utmp +wtmp xft" |
| 69 |
+ |
| 70 |
+RESTRICT="test" |
| 71 |
+ |
| 72 |
+RDEPEND=">=sys-libs/ncurses-5.7-r6:= |
| 73 |
+ media-libs/fontconfig |
| 74 |
+ x11-libs/libX11 |
| 75 |
+ x11-libs/libXrender |
| 76 |
+ gdk-pixbuf? ( x11-libs/gdk-pixbuf ) |
| 77 |
+ kernel_Darwin? ( dev-perl/Mac-Pasteboard ) |
| 78 |
+ perl? ( dev-lang/perl:= ) |
| 79 |
+ startup-notification? ( x11-libs/startup-notification ) |
| 80 |
+ xft? ( x11-libs/libXft )" |
| 81 |
+DEPEND="${RDEPEND} |
| 82 |
+ x11-base/xorg-proto" |
| 83 |
+BDEPEND="virtual/pkgconfig" |
| 84 |
+ |
| 85 |
+PATCHES=( |
| 86 |
+ "${FILESDIR}"/${PN}-9.06-case-insensitive-fs.patch |
| 87 |
+ "${FILESDIR}"/${PN}-9.21-xsubpp.patch |
| 88 |
+ "${FILESDIR}"/${PN}-9.22-perl-segfault-on-exit.patch |
| 89 |
+ "${FILESDIR}"/${PN}-9.22-query-graphics-insecure.patch |
| 90 |
+ "${FILESDIR}"/${PN}-9.22-sgr-mouse-mode-flag.patch |
| 91 |
+ "${WORKDIR}"/${COLOUR_PATCH_NAME} |
| 92 |
+) |
| 93 |
+DOCS=( |
| 94 |
+ Changes |
| 95 |
+ README.FAQ |
| 96 |
+ doc/README.xvt |
| 97 |
+ doc/changes.txt |
| 98 |
+ doc/etc/${PN}.term{cap,info} |
| 99 |
+ doc/rxvt-tabbed |
| 100 |
+) |
| 101 |
+ |
| 102 |
+src_prepare() { |
| 103 |
+ # Bug #787104 |
| 104 |
+ append-cxxflags -std=c++14 |
| 105 |
+ |
| 106 |
+ default |
| 107 |
+ |
| 108 |
+ # kill the rxvt-unicode terminfo file - #192083 |
| 109 |
+ sed -i -e "/rxvt-unicode.terminfo/d" doc/Makefile.in || die "sed failed" |
| 110 |
+ |
| 111 |
+ # use xsubpp from Prefix - #506500 |
| 112 |
+ hprefixify -q '"' -w "/xsubpp/" src/Makefile.in |
| 113 |
+ |
| 114 |
+ eautoreconf |
| 115 |
+} |
| 116 |
+ |
| 117 |
+src_configure() { |
| 118 |
+ # --enable-everything goes first: the order of the arguments matters |
| 119 |
+ econf --enable-everything \ |
| 120 |
+ $(use_enable 24-bit-color) \ |
| 121 |
+ $(use_enable 256-color) \ |
| 122 |
+ $(use_enable blink text-blink) \ |
| 123 |
+ $(use_enable fading-colors fading) \ |
| 124 |
+ $(use_enable font-styles) \ |
| 125 |
+ $(use_enable gdk-pixbuf pixbuf) \ |
| 126 |
+ $(use_enable iso14755) \ |
| 127 |
+ $(use_enable mousewheel) \ |
| 128 |
+ $(use_enable perl) \ |
| 129 |
+ $(use_enable sgrmouse) \ |
| 130 |
+ $(use_enable startup-notification) \ |
| 131 |
+ $(use_enable unicode3) \ |
| 132 |
+ $(use_enable utmp) \ |
| 133 |
+ $(use_enable wtmp) \ |
| 134 |
+ $(use_enable xft) |
| 135 |
+} |
| 136 |
+ |
| 137 |
+src_compile() { |
| 138 |
+ default |
| 139 |
+ |
| 140 |
+ sed -i \ |
| 141 |
+ -e 's/RXVT_BASENAME = "rxvt"/RXVT_BASENAME = "urxvt"/' \ |
| 142 |
+ "${S}"/doc/rxvt-tabbed || die |
| 143 |
+} |
| 144 |
+ |
| 145 |
+src_install() { |
| 146 |
+ default |
| 147 |
+ |
| 148 |
+ systemd_douserunit "${FILESDIR}"/urxvtd.service |
| 149 |
+ |
| 150 |
+ make_desktop_entry urxvt rxvt-unicode utilities-terminal \ |
| 151 |
+ "System;TerminalEmulator" |
| 152 |
+} |
| 153 |
+ |
| 154 |
+pkg_postinst() { |
| 155 |
+ if use 24-bit-color; then |
| 156 |
+ ewarn |
| 157 |
+ ewarn "You have enabled 24-bit colour support in ${PN}, which is UNOFFICIAL and INCOMPLETE." |
| 158 |
+ ewarn "You may or may not encounter visual glitches or stability issues. When in doubt," |
| 159 |
+ ewarn "rebuild =${CATEGORY}/${PF} with USE=-24-bit-color (the default setting)." |
| 160 |
+ ewarn |
| 161 |
+ fi |
| 162 |
+ |
| 163 |
+ if use sgrmouse; then |
| 164 |
+ ewarn |
| 165 |
+ ewarn "Support for the SGR 1006 mouse extension in ${PN} is UNOFFICIAL and provided as-is." |
| 166 |
+ ewarn "When in doubt, rebuild =${CATEGORY}/${PF} with USE=-sgrmouse (the default setting)." |
| 167 |
+ ewarn |
| 168 |
+ fi |
| 169 |
+} |
Archives