summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-05-27 11:01:25 -0400
committerLeo Famulari <leo@famulari.name>2017-05-28 14:41:46 -0400
commit0fd0bb56a806d3da4158e1744249de0296161fa6 (patch)
tree2110f5aa1002294c2f951702ea4186d250cc2c63
parent5cd0122e60edc9ed0ee365aebef960cf89f0fd19 (diff)
gnu: rxvt-unicode: Disable an unwanted code execution vector.
* gnu/packages/patches/rxvt-unicode-escape-sequences.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (rxvt-unicode)[source]: Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/rxvt-unicode-escape-sequences.patch35
-rw-r--r--gnu/packages/xdisorg.scm1
3 files changed, 37 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 1937da8968..e811e9a0be 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -972,6 +972,7 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-puma-ignore-broken-test.patch \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
+ %D%/packages/patches/rxvt-unicode-escape-sequences.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
%D%/packages/patches/screen-fix-info-syntax-error.patch \
diff --git a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
new file mode 100644
index 0000000000..064dd51e2d
--- /dev/null
+++ b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
@@ -0,0 +1,35 @@
+This patch prevents a code execution vector involving terminal escape
+sequences when rxvt-unicode is in "secure mode".
+
+This change was spurred by the following conversation on the
+oss-security mailing list:
+
+Problem description and proof of concept:
+http://seclists.org/oss-sec/2017/q2/190
+
+Upstream response:
+http://seclists.org/oss-sec/2017/q2/291
+
+Patch copied from upstream source repository:
+http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
+
+--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
++++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
+@@ -2695,7 +2695,7 @@
+ /* kidnapped escape sequence: Should be 8.3.48 */
+ case C1_ESA: /* ESC G */
+ // used by original rxvt for rob nations own graphics mode
+- if (cmd_getc () == 'Q')
++ if (cmd_getc () == 'Q' && option (Opt_insecure))
+ tt_printf ("\033G0\012"); /* query graphics - no graphics */
+ break;
+
+@@ -2914,7 +2914,7 @@
+ break;
+
+ case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
+- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
++ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ #ifdef ISO6429
+ arg[0] = -arg[0];
+ #else /* emulate common DEC VTs */
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index ad919a6b28..a2230c4e93 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -682,6 +682,7 @@ compact configuration syntax.")
(method url-fetch)
(uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/"
name "-" version ".tar.bz2"))
+ (patches (search-patches "rxvt-unicode-escape-sequences.patch"))
(sha256
(base32
"1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9"))))