summary refs log tree commit diff
path: root/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/rxvt-unicode-escape-sequences.patch')
-rw-r--r--gnu/packages/patches/rxvt-unicode-escape-sequences.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
new file mode 100644
index 0000000000..064dd51e2d
--- /dev/null
+++ b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
@@ -0,0 +1,35 @@
+This patch prevents a code execution vector involving terminal escape
+sequences when rxvt-unicode is in "secure mode".
+
+This change was spurred by the following conversation on the
+oss-security mailing list:
+
+Problem description and proof of concept:
+http://seclists.org/oss-sec/2017/q2/190
+
+Upstream response:
+http://seclists.org/oss-sec/2017/q2/291
+
+Patch copied from upstream source repository:
+http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
+
+--- rxvt-unicode/src/command.C	2016/07/14 05:33:26	1.582
++++ rxvt-unicode/src/command.C	2017/05/18 02:43:18	1.583
+@@ -2695,7 +2695,7 @@
+         /* kidnapped escape sequence: Should be 8.3.48 */
+       case C1_ESA:		/* ESC G */
+         // used by original rxvt for rob nations own graphics mode
+-        if (cmd_getc () == 'Q')
++        if (cmd_getc () == 'Q' && option (Opt_insecure))
+           tt_printf ("\033G0\012");	/* query graphics - no graphics */
+         break;
+ 
+@@ -2914,7 +2914,7 @@
+         break;
+ 
+       case CSI_CUB:		/* 8.3.18: (1) CURSOR LEFT */
+-      case CSI_HPB: 		/* 8.3.59: (1) CHARACTER POSITION BACKWARD */
++      case CSI_HPB:		/* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ #ifdef ISO6429
+         arg[0] = -arg[0];
+ #else				/* emulate common DEC VTs */