[OE-core] [hardknott][PATCH v2] rxvt-unicode: fix CVE-2021-33477

Mon, 19 Jul 2021 22:43:18 -0700 

From: Kai Kang <kai.k...@windriver.com>

It fixed CVE-2021-33477 and disabled problematic code in 2 commits in
rxvt-unicode upstream. Backport and rebase the latter one to fix
CVE-2021-33477 for rxvt-unicode.

CVE: CVE-2021-33477

Ref to:
https://security-tracker.debian.org/tracker/CVE-2021-33477

Signed-off-by: Kai Kang <kai.k...@windriver.com>
---
 .../rxvt-unicode/CVE-2021-33477.patch         | 25 +++++++++++++++++++
 .../rxvt-unicode/rxvt-unicode_9.22.bb         |  4 ++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-sato/rxvt-unicode/rxvt-unicode/CVE-2021-33477.patch

diff --git a/meta/recipes-sato/rxvt-unicode/rxvt-unicode/CVE-2021-33477.patch 
b/meta/recipes-sato/rxvt-unicode/rxvt-unicode/CVE-2021-33477.patch
new file mode 100644
index 0000000000..1b7c47c866
--- /dev/null
+++ b/meta/recipes-sato/rxvt-unicode/rxvt-unicode/CVE-2021-33477.patch
@@ -0,0 +1,25 @@
+Backport patch to fix CVE-2021-33477.
+
+CVE: CVE-2021-33477
+
+Upstream-Status: Backport 
[http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585]
+
+Signed-off-by: Kai Kang <kai.k...@windriver.com>
+---
+--- rxvt-unicode/src/command.C 2019/07/07 08:02:15     1.584
++++ rxvt-unicode/src/command.C 2019/07/07 08:06:44     1.585
+@@ -2692,12 +2692,14 @@
+         }
+         break;
+ 
++#if 0 // disabled because embedded newlines can make exploits easier
+         /* kidnapped escape sequence: Should be 8.3.48 */
+       case C1_ESA:            /* ESC G */
+         // used by original rxvt for rob nations own graphics mode
+         if (cmd_getc () == 'Q')
+           tt_printf ("\033G0\012");   /* query graphics - no graphics */
+         break;
++#endif
+ 
+         /* 8.3.63: CHARACTER TABULATION SET */
+       case C1_HTS:            /* ESC H */
diff --git a/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb 
b/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb
index 283e8d7751..c14e8d06a7 100644
--- a/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb
+++ b/meta/recipes-sato/rxvt-unicode/rxvt-unicode_9.22.bb
@@ -4,7 +4,9 @@ LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
                     
file://src/main.C;beginline=1;endline=31;md5=d3600d7ee1062667fcd1193fbe6485f6"
 
-SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch"
+SRC_URI += "file://0001-libev-remove-deprecated-throw-specification.patch \
+            file://CVE-2021-33477.patch \
+            "
 
 SRC_URI[sha256sum] = 
"e94628e9bcfa0adb1115d83649f898d6edb4baced44f5d5b769c2eeb8b95addd"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#154000): 
https://lists.openembedded.org/g/openembedded-core/message/154000
Mute This Topic: https://lists.openembedded.org/mt/84327032/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to