main/vte: backport a couple of fixes (CVE-2012-2738)

This should also fix paste in xfce4-terminal (cherry picked from commit e9cfe80026064d13021162dcda10d34cee685ece)
author: Natanael Copa <ncopa@alpinelinux.org> 2017-06-14 10:30:39 +0200
committer: Natanael Copa <ncopa@alpinelinux.org> 2017-06-14 10:37:24 +0200
commit: cf45338daafa8d5f517fda82b707b26f2036099f (patch)
tree: a6fa56cf4bf50ffd325da4c264c1d7914186ef88
parent: 52d9e7b149a47445bc334c456fbc736550584b66 (diff)
download: alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.tar.bz2
alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.tar.xz
alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.zip
3 files changed, 130 insertions, 12 deletions
diff --git a/main/vte/APKBUILD b/main/vte/APKBUILD
index 5a0a57f13f..4d4c8c446d 100644
--- a/main/vte/APKBUILD
+++ b/main/vte/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=vte
 pkgver=0.28.2
-pkgrel=10
+pkgrel=12
 pkgdesc="Virtual Terminal Emulator library"
 url="http://www.gnome.org"
 arch="all"
@@ -14,11 +14,17 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 source="http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2
        allow_alt_in_terminal.patch
        fix-includes.patch
+        vte-0.28.2-paste-fix.patch
+        CVE-2012-2738.patch
        "
-_builddir="$srcdir/$pkgname-$pkgver"
+builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+#   0.28.2-r12:
+#   - CVE-2012-2738
 prepare() {
-        cd $_builddir
+        cd "$builddir"
        update_config_sub || return 1
        for i in $source; do
                case $i in
@@ -30,7 +36,7 @@ prepare() {
 }
 build() {
-        cd $_builddir
+        cd "$builddir"
        ./configure \
                --build=$CBUILD \
                --host=$CHOST \
@@ -44,17 +50,18 @@ build() {
 }
 package() {
-        cd $_builddir
+        cd "$builddir"
        make DESTDIR="$pkgdir" install || return 1
        ln -sf /usr/share/vte/termcap-0.0 "$pkgdir"/usr/share/vte/termcap
 }
-md5sums="f07a4bf943194f94b7f142db8f7f36dc  vte-0.28.2.tar.bz2
+check() {
-6ae30139b7d7ca78b56a3b55426c83f2  allow_alt_in_terminal.patch
+        cd "$builddir"
-4872d596fb461f11e9aa753f5a65dd08  fix-includes.patch"
+        make check
-sha256sums="8d04e202b617373dfb47689e5e628febe2c58840b34cccc4af4feb88c48df903  vte-0.28.2.tar.bz2
+}
-6e4488f9a60f52a2a7eeb09865bdc42f00c309eb4cf8d548b524b9c33fadcd8a  allow_alt_in_terminal.patch
-bb8bfcb6d88f40dba0025e9ec95f579219db7e80654371a1c926fa39a38134b2  fix-includes.patch"
 sha512sums="271aecbc0444c424afb70d81838d0f6f49957a3b74d3952c0b97fadacfe359eab989abae03b9b64a8b598abdb189db00ee534254d8044e496906c51947d314d1  vte-0.28.2.tar.bz2
 a4786a97a5caa42db3b29808c3542777684fcf7d931a116d4e3d847e859a64fb59a2d5b60927dc8e5c2733efc55c29aa4d30aeb02597aff5f034c172cc528833  allow_alt_in_terminal.patch
-bf8174189fe842d171c04633ce1f8b920f3a515108db48bfe1fff7e537960a88f7439a55b283b6ade6ebfe78ab8ff2473f3be2d062dc00aa74b93a13624b4d3c  fix-includes.patch"
+bf8174189fe842d171c04633ce1f8b920f3a515108db48bfe1fff7e537960a88f7439a55b283b6ade6ebfe78ab8ff2473f3be2d062dc00aa74b93a13624b4d3c  fix-includes.patch
+488a3d55c4afb5b74057c97adfaafc1cc6de697c157a2009905632af2137305eee671b1e0b294f153b37ee97e79d402d6e44fc19945f8c2dd332e95eef1b144f  vte-0.28.2-paste-fix.patch
+e5639d94fd455195c354d03cab04bbb73eff98bc540c813cccf4ab5eb793f4c8ae645fcf2bd502924ed4d38412101341deaf2d28ea8aaea3530a98ffbba8256d  CVE-2012-2738.patch"
diff --git a/main/vte/CVE-2012-2738.patch b/main/vte/CVE-2012-2738.patch
new file mode 100644
index 0000000000..fd45407939
--- /dev/null
+++ b/main/vte/CVE-2012-2738.patch
@@ -0,0 +1,40 @@
+From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@gnome.org>
+Date: Sat, 19 May 2012 17:36:09 +0000
+Subject: emulation: Limit integer arguments to 65535
+To guard against malicious sequences containing excessively big numbers,
+limit all parsed numbers to 16 bit range. Doing this here in the parsing
+routine is a catch-all guard; this doesn't preclude enforcing
+more stringent limits in the handlers themselves.
+https://bugzilla.gnome.org/show_bug.cgi?id=676090
+---
+diff --git a/src/table.c b/src/table.c
+index 140e8c8..85cf631 100644
+--- a/src/table.c
+++ b/src/table.c
+@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
+                if (G_UNLIKELY (*array == NULL)) {
+                        *array = g_value_array_new(1);
+                }
+-               g_value_set_long(&value, total);
+               g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
+                g_value_array_append(*array, &value);
+        } while (i++ < arginfo->length);
+        g_value_unset(&value);
+diff --git a/src/vteseq.c b/src/vteseq.c
+index 457c06a..46def5b 100644
+--- a/src/vteseq.c
+++ b/src/vteseq.c
+@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
+                               GValueArray *params,
+                               VteTerminalSequenceHandler handler)
+ {
+-        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
+ }
+ 
+ static void
+--
+cgit v0.9.0.2
diff --git a/main/vte/vte-0.28.2-paste-fix.patch b/main/vte/vte-0.28.2-paste-fix.patch
new file mode 100644
index 0000000000..cc51eadde0
--- /dev/null
+++ b/main/vte/vte-0.28.2-paste-fix.patch
@@ -0,0 +1,71 @@
+diff -ur vte-0.28.2.orig/src/vte.c vte-0.28.2/src/vte.c
+--- vte-0.28.2.orig/src/vte.c   2011-08-29 00:31:45.000000000 +0300
+++ vte-0.28.2/src/vte.c        2014-06-26 04:20:52.409371214 +0300
+@@ -5806,10 +5806,10 @@
+                                p++;
+                        }
+                }
+-               if (terminal->pvt->screen->bracketed_paste_mode)
+               if (terminal->pvt->bracketed_paste_mode)
+                        vte_terminal_feed_child(terminal, "\e[200~", -1);
+                vte_terminal_feed_child(terminal, paste, length);
+-               if (terminal->pvt->screen->bracketed_paste_mode)
+               if (terminal->pvt->bracketed_paste_mode)
+                        vte_terminal_feed_child(terminal, "\e[201~", -1);
+                g_free(paste);
+        }
+@@ -14065,14 +14065,12 @@
+        pvt->normal_screen.linefeed_mode = FALSE;
+        pvt->normal_screen.origin_mode = FALSE;
+        pvt->normal_screen.reverse_mode = FALSE;
+-       pvt->normal_screen.bracketed_paste_mode = FALSE;
+        pvt->alternate_screen.scrolling_restricted = FALSE;
+        pvt->alternate_screen.sendrecv_mode = TRUE;
+        pvt->alternate_screen.insert_mode = FALSE;
+        pvt->alternate_screen.linefeed_mode = FALSE;
+        pvt->alternate_screen.origin_mode = FALSE;
+        pvt->alternate_screen.reverse_mode = FALSE;
+-       pvt->alternate_screen.bracketed_paste_mode = FALSE;
+        pvt->cursor_visible = TRUE;
+        /* Reset the encoding. */
+        vte_terminal_set_encoding(terminal, NULL);
+@@ -14102,6 +14100,8 @@
+        pvt->mouse_last_y = 0;
+        /* Clear modifiers. */
+        pvt->modifiers = 0;
+       /* Reset miscellaneous stuff. */
+       pvt->bracketed_paste_mode = FALSE;
+        /* Cause everything to be redrawn (or cleared). */
+        vte_terminal_maybe_scroll_to_bottom(terminal);
+        _vte_invalidate_all(terminal);
+diff -ur vte-0.28.2.orig/src/vte-private.h vte-0.28.2/src/vte-private.h
+--- vte-0.28.2.orig/src/vte-private.h   2011-08-17 00:52:48.000000000 +0300
+++ vte-0.28.2/src/vte-private.h        2014-06-26 04:20:52.410371214 +0300
+@@ -219,7 +219,6 @@
+                gboolean sendrecv_mode; /* sendrecv mode */
+                gboolean insert_mode;   /* insert mode */
+                gboolean linefeed_mode; /* linefeed mode */
+-               gboolean bracketed_paste_mode;
+                struct vte_scrolling_region {
+                        int start, end;
+                } scrolling_region;     /* the region we scroll in */
+@@ -274,6 +273,7 @@
+        gboolean text_modified_flag;
+        gboolean text_inserted_flag;
+        gboolean text_deleted_flag;
+       gboolean bracketed_paste_mode;
+ 
+        /* Scrolling options. */
+        gboolean scroll_background;
+diff -ur vte-0.28.2.orig/src/vteseq.c vte-0.28.2/src/vteseq.c
+--- vte-0.28.2.orig/src/vteseq.c        2014-06-26 04:08:49.998358634 +0300
+++ vte-0.28.2/src/vteseq.c     2014-06-26 04:34:00.214384933 +0300
+@@ -737,7 +737,7 @@
+                 GINT_TO_POINTER(TRUE),
+                 NULL, NULL},
+                /* 2004: Bracketed paste mode. */
+-               {2004, &terminal->pvt->screen->bracketed_paste_mode, NULL, NULL,
+               {2004, &terminal->pvt->bracketed_paste_mode, NULL, NULL,
+                 GINT_TO_POINTER(FALSE),
+                 GINT_TO_POINTER(TRUE),
+                 NULL, NULL,},
author	Natanael Copa <ncopa@alpinelinux.org>	2017-06-14 10:30:39 +0200
committer	Natanael Copa <ncopa@alpinelinux.org>	2017-06-14 10:37:24 +0200
commit	cf45338daafa8d5f517fda82b707b26f2036099f (patch)
tree	a6fa56cf4bf50ffd325da4c264c1d7914186ef88
parent	52d9e7b149a47445bc334c456fbc736550584b66 (diff)
download	alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.tar.bz2 alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.tar.xz alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.zip

diff --git a/main/vte/APKBUILD b/main/vte/APKBUILD index 5a0a57f13f..4d4c8c446d 100644 --- a/main/vte/APKBUILD +++ b/main/vte/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=vte	2	pkgname=vte
3	pkgver=0.28.2	3	pkgver=0.28.2
4	pkgrel=10	4	pkgrel=12
5	pkgdesc="Virtual Terminal Emulator library"	5	pkgdesc="Virtual Terminal Emulator library"
6	url="http://www.gnome.org"	6	url="http://www.gnome.org"
7	arch="all"	7	arch="all"
@@ -14,11 +14,17 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
14	source="http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2	14	source="http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2
15	allow_alt_in_terminal.patch	15	allow_alt_in_terminal.patch
16	fix-includes.patch	16	fix-includes.patch
		17	vte-0.28.2-paste-fix.patch
		18	CVE-2012-2738.patch
17	"	19	"
18		20
19	_builddir="$srcdir/$pkgname-$pkgver"	21	builddir="$srcdir/$pkgname-$pkgver"
		22	# secfixes:
		23	# 0.28.2-r12:
		24	# - CVE-2012-2738
		25
20	prepare() {	26	prepare() {
21	cd $_builddir	27	cd "$builddir"
22	update_config_sub \|\| return 1	28	update_config_sub \|\| return 1
23	for i in $source; do	29	for i in $source; do
24	case $i in	30	case $i in
@@ -30,7 +36,7 @@ prepare() {
30	}	36	}
31		37
32	build() {	38	build() {
33	cd $_builddir	39	cd "$builddir"
34	./configure \	40	./configure \
35	--build=$CBUILD \	41	--build=$CBUILD \
36	--host=$CHOST \	42	--host=$CHOST \
@@ -44,17 +50,18 @@ build() {
44	}	50	}
45		51
46	package() {	52	package() {
47	cd $_builddir	53	cd "$builddir"
48	make DESTDIR="$pkgdir" install \|\| return 1	54	make DESTDIR="$pkgdir" install \|\| return 1
49	ln -sf /usr/share/vte/termcap-0.0 "$pkgdir"/usr/share/vte/termcap	55	ln -sf /usr/share/vte/termcap-0.0 "$pkgdir"/usr/share/vte/termcap
50	}	56	}
51		57
52	md5sums="f07a4bf943194f94b7f142db8f7f36dc vte-0.28.2.tar.bz2	58	check() {
53	6ae30139b7d7ca78b56a3b55426c83f2 allow_alt_in_terminal.patch	59	cd "$builddir"
54	4872d596fb461f11e9aa753f5a65dd08 fix-includes.patch"	60	make check
55	sha256sums="8d04e202b617373dfb47689e5e628febe2c58840b34cccc4af4feb88c48df903 vte-0.28.2.tar.bz2	61	}
56	6e4488f9a60f52a2a7eeb09865bdc42f00c309eb4cf8d548b524b9c33fadcd8a allow_alt_in_terminal.patch	62
57	bb8bfcb6d88f40dba0025e9ec95f579219db7e80654371a1c926fa39a38134b2 fix-includes.patch"
58	sha512sums="271aecbc0444c424afb70d81838d0f6f49957a3b74d3952c0b97fadacfe359eab989abae03b9b64a8b598abdb189db00ee534254d8044e496906c51947d314d1 vte-0.28.2.tar.bz2	63	sha512sums="271aecbc0444c424afb70d81838d0f6f49957a3b74d3952c0b97fadacfe359eab989abae03b9b64a8b598abdb189db00ee534254d8044e496906c51947d314d1 vte-0.28.2.tar.bz2
59	a4786a97a5caa42db3b29808c3542777684fcf7d931a116d4e3d847e859a64fb59a2d5b60927dc8e5c2733efc55c29aa4d30aeb02597aff5f034c172cc528833 allow_alt_in_terminal.patch	64	a4786a97a5caa42db3b29808c3542777684fcf7d931a116d4e3d847e859a64fb59a2d5b60927dc8e5c2733efc55c29aa4d30aeb02597aff5f034c172cc528833 allow_alt_in_terminal.patch
60	bf8174189fe842d171c04633ce1f8b920f3a515108db48bfe1fff7e537960a88f7439a55b283b6ade6ebfe78ab8ff2473f3be2d062dc00aa74b93a13624b4d3c fix-includes.patch"	65	bf8174189fe842d171c04633ce1f8b920f3a515108db48bfe1fff7e537960a88f7439a55b283b6ade6ebfe78ab8ff2473f3be2d062dc00aa74b93a13624b4d3c fix-includes.patch
		66	488a3d55c4afb5b74057c97adfaafc1cc6de697c157a2009905632af2137305eee671b1e0b294f153b37ee97e79d402d6e44fc19945f8c2dd332e95eef1b144f vte-0.28.2-paste-fix.patch
		67	e5639d94fd455195c354d03cab04bbb73eff98bc540c813cccf4ab5eb793f4c8ae645fcf2bd502924ed4d38412101341deaf2d28ea8aaea3530a98ffbba8256d CVE-2012-2738.patch"


diff --git a/main/vte/CVE-2012-2738.patch b/main/vte/CVE-2012-2738.patch new file mode 100644 index 0000000000..fd45407939 --- /dev/null +++ b/main/vte/CVE-2012-2738.patch
@@ -0,0 +1,40 @@
		1	From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
		2	From: Christian Persch <chpe@gnome.org>
		3	Date: Sat, 19 May 2012 17:36:09 +0000
		4	Subject: emulation: Limit integer arguments to 65535
		5
		6	To guard against malicious sequences containing excessively big numbers,
		7	limit all parsed numbers to 16 bit range. Doing this here in the parsing
		8	routine is a catch-all guard; this doesn't preclude enforcing
		9	more stringent limits in the handlers themselves.
		10
		11	https://bugzilla.gnome.org/show_bug.cgi?id=676090
		12	---
		13	diff --git a/src/table.c b/src/table.c
		14	index 140e8c8..85cf631 100644
		15	--- a/src/table.c
		16	+++ b/src/table.c
		17	@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
		18	if (G_UNLIKELY (*array == NULL)) {
		19	*array = g_value_array_new(1);
		20	}
		21	- g_value_set_long(&value, total);
		22	+ g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
		23	g_value_array_append(*array, &value);
		24	} while (i++ < arginfo->length);
		25	g_value_unset(&value);
		26	diff --git a/src/vteseq.c b/src/vteseq.c
		27	index 457c06a..46def5b 100644
		28	--- a/src/vteseq.c
		29	+++ b/src/vteseq.c
		30	@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
		31	GValueArray *params,
		32	VteTerminalSequenceHandler handler)
		33	{
		34	- vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
		35	+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
		36	}
		37
		38	static void
		39	--
		40	cgit v0.9.0.2


diff --git a/main/vte/vte-0.28.2-paste-fix.patch b/main/vte/vte-0.28.2-paste-fix.patch new file mode 100644 index 0000000000..cc51eadde0 --- /dev/null +++ b/main/vte/vte-0.28.2-paste-fix.patch
@@ -0,0 +1,71 @@
		1	diff -ur vte-0.28.2.orig/src/vte.c vte-0.28.2/src/vte.c
		2	--- vte-0.28.2.orig/src/vte.c 2011-08-29 00:31:45.000000000 +0300
		3	+++ vte-0.28.2/src/vte.c 2014-06-26 04:20:52.409371214 +0300
		4	@@ -5806,10 +5806,10 @@
		5	p++;
		6	}
		7	}
		8	- if (terminal->pvt->screen->bracketed_paste_mode)
		9	+ if (terminal->pvt->bracketed_paste_mode)
		10	vte_terminal_feed_child(terminal, "\e[200~", -1);
		11	vte_terminal_feed_child(terminal, paste, length);
		12	- if (terminal->pvt->screen->bracketed_paste_mode)
		13	+ if (terminal->pvt->bracketed_paste_mode)
		14	vte_terminal_feed_child(terminal, "\e[201~", -1);
		15	g_free(paste);
		16	}
		17	@@ -14065,14 +14065,12 @@
		18	pvt->normal_screen.linefeed_mode = FALSE;
		19	pvt->normal_screen.origin_mode = FALSE;
		20	pvt->normal_screen.reverse_mode = FALSE;
		21	- pvt->normal_screen.bracketed_paste_mode = FALSE;
		22	pvt->alternate_screen.scrolling_restricted = FALSE;
		23	pvt->alternate_screen.sendrecv_mode = TRUE;
		24	pvt->alternate_screen.insert_mode = FALSE;
		25	pvt->alternate_screen.linefeed_mode = FALSE;
		26	pvt->alternate_screen.origin_mode = FALSE;
		27	pvt->alternate_screen.reverse_mode = FALSE;
		28	- pvt->alternate_screen.bracketed_paste_mode = FALSE;
		29	pvt->cursor_visible = TRUE;
		30	/* Reset the encoding. */
		31	vte_terminal_set_encoding(terminal, NULL);
		32	@@ -14102,6 +14100,8 @@
		33	pvt->mouse_last_y = 0;
		34	/* Clear modifiers. */
		35	pvt->modifiers = 0;
		36	+ /* Reset miscellaneous stuff. */
		37	+ pvt->bracketed_paste_mode = FALSE;
		38	/* Cause everything to be redrawn (or cleared). */
		39	vte_terminal_maybe_scroll_to_bottom(terminal);
		40	_vte_invalidate_all(terminal);
		41	diff -ur vte-0.28.2.orig/src/vte-private.h vte-0.28.2/src/vte-private.h
		42	--- vte-0.28.2.orig/src/vte-private.h 2011-08-17 00:52:48.000000000 +0300
		43	+++ vte-0.28.2/src/vte-private.h 2014-06-26 04:20:52.410371214 +0300
		44	@@ -219,7 +219,6 @@
		45	gboolean sendrecv_mode; /* sendrecv mode */
		46	gboolean insert_mode; /* insert mode */
		47	gboolean linefeed_mode; /* linefeed mode */
		48	- gboolean bracketed_paste_mode;
		49	struct vte_scrolling_region {
		50	int start, end;
		51	} scrolling_region; /* the region we scroll in */
		52	@@ -274,6 +273,7 @@
		53	gboolean text_modified_flag;
		54	gboolean text_inserted_flag;
		55	gboolean text_deleted_flag;
		56	+ gboolean bracketed_paste_mode;
		57
		58	/* Scrolling options. */
		59	gboolean scroll_background;
		60	diff -ur vte-0.28.2.orig/src/vteseq.c vte-0.28.2/src/vteseq.c
		61	--- vte-0.28.2.orig/src/vteseq.c 2014-06-26 04:08:49.998358634 +0300
		62	+++ vte-0.28.2/src/vteseq.c 2014-06-26 04:34:00.214384933 +0300
		63	@@ -737,7 +737,7 @@
		64	GINT_TO_POINTER(TRUE),
		65	NULL, NULL},
		66	/* 2004: Bracketed paste mode. */
		67	- {2004, &terminal->pvt->screen->bracketed_paste_mode, NULL, NULL,
		68	+ {2004, &terminal->pvt->bracketed_paste_mode, NULL, NULL,
		69	GINT_TO_POINTER(FALSE),
		70	GINT_TO_POINTER(TRUE),
		71	NULL, NULL,},