diff options
author | Kai Kang <kai.kang@windriver.com> | 2021-07-06 15:42:23 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-07-20 19:05:45 +0100 |
commit | 8d4748254e020954cdb7e6c866bb0ab0f2407db5 (patch) | |
tree | e8eeea1d61313f0fd521ea6bbfd2efa5db778747 /meta | |
parent | 210f8047602b17103c572b23428c6276fa212da8 (diff) | |
download | poky-8d4748254e020954cdb7e6c866bb0ab0f2407db5.tar.gz |
rxvt-unicode: fix CVE-2021-33477
Backport patch to fix CVE-2021-33477 for rxvt-unicode.
(From OE-Core rev: ad7582bcef28da48b9a7f97eb43805f393f4979a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch | 33 | ||||
-rw-r--r-- | meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb | 4 |
2 files changed, 36 insertions, 1 deletions
diff --git a/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch b/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch new file mode 100644 index 0000000000..6c3590c311 --- /dev/null +++ b/meta/recipes-sato/rxvt-unicode/rxvt-unicode/rxvt-unicode-fix-CVE-2021-33477.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | Backport patch to fix CVE-2021-33477. | ||
2 | |||
3 | CVE: CVE-2021-33477 | ||
4 | |||
5 | Upstream-Status: Backport [http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583] | ||
6 | |||
7 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
8 | --- | ||
9 | src/command.C | 4 ++-- | ||
10 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
11 | |||
12 | diff --git a/src/command.C b/src/command.C | ||
13 | index 7b79f51..2f7de60 100644 | ||
14 | --- a/src/command.C | ||
15 | +++ b/src/command.C | ||
16 | @@ -2725,7 +2725,7 @@ rxvt_term::process_escape_seq () | ||
17 | /* kidnapped escape sequence: Should be 8.3.48 */ | ||
18 | case C1_ESA: /* ESC G */ | ||
19 | // used by original rxvt for rob nations own graphics mode | ||
20 | - if (cmd_getc () == 'Q') | ||
21 | + if (cmd_getc () == 'Q' && option (Opt_insecure)) | ||
22 | tt_printf ("\033G0\012"); /* query graphics - no graphics */ | ||
23 | break; | ||
24 | |||
25 | @@ -2944,7 +2944,7 @@ rxvt_term::process_csi_seq () | ||
26 | break; | ||
27 | |||
28 | case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ | ||
29 | - case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ | ||
30 | + case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ | ||
31 | #ifdef ISO6429 | ||
32 | arg[0] = -arg[0]; | ||
33 | #else /* emulate common DEC VTs */ | ||
diff --git a/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb b/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb index 283e8d7751..dee549cc78 100644 --- a/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb +++ b/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb | |||
@@ -4,7 +4,9 @@ LICENSE = "GPLv3" | |||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ | 4 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ |
5 | file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6" | 5 | file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6" |
6 | 6 | ||
7 | SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch" | 7 | SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch \ |
8 | file://rxvt-unicode-fix-CVE-2021-33477.patch \ | ||
9 | " | ||
8 | 10 | ||
9 | SRC_URI[sha256sum] = "e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd" | 11 | SRC_URI[sha256sum] = "e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd" |
10 | 12 | ||