diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-14 10:30:39 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-06-14 10:37:24 +0200 |
commit | cf45338daafa8d5f517fda82b707b26f2036099f (patch) | |
tree | a6fa56cf4bf50ffd325da4c264c1d7914186ef88 | |
parent | 52d9e7b149a47445bc334c456fbc736550584b66 (diff) | |
download | alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.tar.bz2 alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.tar.xz alpine_aports-cf45338daafa8d5f517fda82b707b26f2036099f.zip |
main/vte: backport a couple of fixes (CVE-2012-2738)
This should also fix paste in xfce4-terminal
(cherry picked from commit e9cfe80026064d13021162dcda10d34cee685ece)
-rw-r--r-- | main/vte/APKBUILD | 31 | ||||
-rw-r--r-- | main/vte/CVE-2012-2738.patch | 40 | ||||
-rw-r--r-- | main/vte/vte-0.28.2-paste-fix.patch | 71 |
3 files changed, 130 insertions, 12 deletions
diff --git a/main/vte/APKBUILD b/main/vte/APKBUILD index 5a0a57f13f..4d4c8c446d 100644 --- a/main/vte/APKBUILD +++ b/main/vte/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=vte | 2 | pkgname=vte |
3 | pkgver=0.28.2 | 3 | pkgver=0.28.2 |
4 | pkgrel=10 | 4 | pkgrel=12 |
5 | pkgdesc="Virtual Terminal Emulator library" | 5 | pkgdesc="Virtual Terminal Emulator library" |
6 | url="http://www.gnome.org" | 6 | url="http://www.gnome.org" |
7 | arch="all" | 7 | arch="all" |
@@ -14,11 +14,17 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" | |||
14 | source="http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2 | 14 | source="http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.bz2 |
15 | allow_alt_in_terminal.patch | 15 | allow_alt_in_terminal.patch |
16 | fix-includes.patch | 16 | fix-includes.patch |
17 | vte-0.28.2-paste-fix.patch | ||
18 | CVE-2012-2738.patch | ||
17 | " | 19 | " |
18 | 20 | ||
19 | _builddir="$srcdir/$pkgname-$pkgver" | 21 | builddir="$srcdir/$pkgname-$pkgver" |
22 | # secfixes: | ||
23 | # 0.28.2-r12: | ||
24 | # - CVE-2012-2738 | ||
25 | |||
20 | prepare() { | 26 | prepare() { |
21 | cd $_builddir | 27 | cd "$builddir" |
22 | update_config_sub || return 1 | 28 | update_config_sub || return 1 |
23 | for i in $source; do | 29 | for i in $source; do |
24 | case $i in | 30 | case $i in |
@@ -30,7 +36,7 @@ prepare() { | |||
30 | } | 36 | } |
31 | 37 | ||
32 | build() { | 38 | build() { |
33 | cd $_builddir | 39 | cd "$builddir" |
34 | ./configure \ | 40 | ./configure \ |
35 | --build=$CBUILD \ | 41 | --build=$CBUILD \ |
36 | --host=$CHOST \ | 42 | --host=$CHOST \ |
@@ -44,17 +50,18 @@ build() { | |||
44 | } | 50 | } |
45 | 51 | ||
46 | package() { | 52 | package() { |
47 | cd $_builddir | 53 | cd "$builddir" |
48 | make DESTDIR="$pkgdir" install || return 1 | 54 | make DESTDIR="$pkgdir" install || return 1 |
49 | ln -sf /usr/share/vte/termcap-0.0 "$pkgdir"/usr/share/vte/termcap | 55 | ln -sf /usr/share/vte/termcap-0.0 "$pkgdir"/usr/share/vte/termcap |
50 | } | 56 | } |
51 | 57 | ||
52 | md5sums="f07a4bf943194f94b7f142db8f7f36dc vte-0.28.2.tar.bz2 | 58 | check() { |
53 | 6ae30139b7d7ca78b56a3b55426c83f2 allow_alt_in_terminal.patch | 59 | cd "$builddir" |
54 | 4872d596fb461f11e9aa753f5a65dd08 fix-includes.patch" | 60 | make check |
55 | sha256sums="8d04e202b617373dfb47689e5e628febe2c58840b34cccc4af4feb88c48df903 vte-0.28.2.tar.bz2 | 61 | } |
56 | 6e4488f9a60f52a2a7eeb09865bdc42f00c309eb4cf8d548b524b9c33fadcd8a allow_alt_in_terminal.patch | 62 | |
57 | bb8bfcb6d88f40dba0025e9ec95f579219db7e80654371a1c926fa39a38134b2 fix-includes.patch" | ||
58 | sha512sums="271aecbc0444c424afb70d81838d0f6f49957a3b74d3952c0b97fadacfe359eab989abae03b9b64a8b598abdb189db00ee534254d8044e496906c51947d314d1 vte-0.28.2.tar.bz2 | 63 | sha512sums="271aecbc0444c424afb70d81838d0f6f49957a3b74d3952c0b97fadacfe359eab989abae03b9b64a8b598abdb189db00ee534254d8044e496906c51947d314d1 vte-0.28.2.tar.bz2 |
59 | a4786a97a5caa42db3b29808c3542777684fcf7d931a116d4e3d847e859a64fb59a2d5b60927dc8e5c2733efc55c29aa4d30aeb02597aff5f034c172cc528833 allow_alt_in_terminal.patch | 64 | a4786a97a5caa42db3b29808c3542777684fcf7d931a116d4e3d847e859a64fb59a2d5b60927dc8e5c2733efc55c29aa4d30aeb02597aff5f034c172cc528833 allow_alt_in_terminal.patch |
60 | bf8174189fe842d171c04633ce1f8b920f3a515108db48bfe1fff7e537960a88f7439a55b283b6ade6ebfe78ab8ff2473f3be2d062dc00aa74b93a13624b4d3c fix-includes.patch" | 65 | bf8174189fe842d171c04633ce1f8b920f3a515108db48bfe1fff7e537960a88f7439a55b283b6ade6ebfe78ab8ff2473f3be2d062dc00aa74b93a13624b4d3c fix-includes.patch |
66 | 488a3d55c4afb5b74057c97adfaafc1cc6de697c157a2009905632af2137305eee671b1e0b294f153b37ee97e79d402d6e44fc19945f8c2dd332e95eef1b144f vte-0.28.2-paste-fix.patch | ||
67 | e5639d94fd455195c354d03cab04bbb73eff98bc540c813cccf4ab5eb793f4c8ae645fcf2bd502924ed4d38412101341deaf2d28ea8aaea3530a98ffbba8256d CVE-2012-2738.patch" | ||
diff --git a/main/vte/CVE-2012-2738.patch b/main/vte/CVE-2012-2738.patch new file mode 100644 index 0000000000..fd45407939 --- /dev/null +++ b/main/vte/CVE-2012-2738.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001 | ||
2 | From: Christian Persch <chpe@gnome.org> | ||
3 | Date: Sat, 19 May 2012 17:36:09 +0000 | ||
4 | Subject: emulation: Limit integer arguments to 65535 | ||
5 | |||
6 | To guard against malicious sequences containing excessively big numbers, | ||
7 | limit all parsed numbers to 16 bit range. Doing this here in the parsing | ||
8 | routine is a catch-all guard; this doesn't preclude enforcing | ||
9 | more stringent limits in the handlers themselves. | ||
10 | |||
11 | https://bugzilla.gnome.org/show_bug.cgi?id=676090 | ||
12 | --- | ||
13 | diff --git a/src/table.c b/src/table.c | ||
14 | index 140e8c8..85cf631 100644 | ||
15 | --- a/src/table.c | ||
16 | +++ b/src/table.c | ||
17 | @@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array, | ||
18 | if (G_UNLIKELY (*array == NULL)) { | ||
19 | *array = g_value_array_new(1); | ||
20 | } | ||
21 | - g_value_set_long(&value, total); | ||
22 | + g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT)); | ||
23 | g_value_array_append(*array, &value); | ||
24 | } while (i++ < arginfo->length); | ||
25 | g_value_unset(&value); | ||
26 | diff --git a/src/vteseq.c b/src/vteseq.c | ||
27 | index 457c06a..46def5b 100644 | ||
28 | --- a/src/vteseq.c | ||
29 | +++ b/src/vteseq.c | ||
30 | @@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal, | ||
31 | GValueArray *params, | ||
32 | VteTerminalSequenceHandler handler) | ||
33 | { | ||
34 | - vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG); | ||
35 | + vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT); | ||
36 | } | ||
37 | |||
38 | static void | ||
39 | -- | ||
40 | cgit v0.9.0.2 | ||
diff --git a/main/vte/vte-0.28.2-paste-fix.patch b/main/vte/vte-0.28.2-paste-fix.patch new file mode 100644 index 0000000000..cc51eadde0 --- /dev/null +++ b/main/vte/vte-0.28.2-paste-fix.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | diff -ur vte-0.28.2.orig/src/vte.c vte-0.28.2/src/vte.c | ||
2 | --- vte-0.28.2.orig/src/vte.c 2011-08-29 00:31:45.000000000 +0300 | ||
3 | +++ vte-0.28.2/src/vte.c 2014-06-26 04:20:52.409371214 +0300 | ||
4 | @@ -5806,10 +5806,10 @@ | ||
5 | p++; | ||
6 | } | ||
7 | } | ||
8 | - if (terminal->pvt->screen->bracketed_paste_mode) | ||
9 | + if (terminal->pvt->bracketed_paste_mode) | ||
10 | vte_terminal_feed_child(terminal, "\e[200~", -1); | ||
11 | vte_terminal_feed_child(terminal, paste, length); | ||
12 | - if (terminal->pvt->screen->bracketed_paste_mode) | ||
13 | + if (terminal->pvt->bracketed_paste_mode) | ||
14 | vte_terminal_feed_child(terminal, "\e[201~", -1); | ||
15 | g_free(paste); | ||
16 | } | ||
17 | @@ -14065,14 +14065,12 @@ | ||
18 | pvt->normal_screen.linefeed_mode = FALSE; | ||
19 | pvt->normal_screen.origin_mode = FALSE; | ||
20 | pvt->normal_screen.reverse_mode = FALSE; | ||
21 | - pvt->normal_screen.bracketed_paste_mode = FALSE; | ||
22 | pvt->alternate_screen.scrolling_restricted = FALSE; | ||
23 | pvt->alternate_screen.sendrecv_mode = TRUE; | ||
24 | pvt->alternate_screen.insert_mode = FALSE; | ||
25 | pvt->alternate_screen.linefeed_mode = FALSE; | ||
26 | pvt->alternate_screen.origin_mode = FALSE; | ||
27 | pvt->alternate_screen.reverse_mode = FALSE; | ||
28 | - pvt->alternate_screen.bracketed_paste_mode = FALSE; | ||
29 | pvt->cursor_visible = TRUE; | ||
30 | /* Reset the encoding. */ | ||
31 | vte_terminal_set_encoding(terminal, NULL); | ||
32 | @@ -14102,6 +14100,8 @@ | ||
33 | pvt->mouse_last_y = 0; | ||
34 | /* Clear modifiers. */ | ||
35 | pvt->modifiers = 0; | ||
36 | + /* Reset miscellaneous stuff. */ | ||
37 | + pvt->bracketed_paste_mode = FALSE; | ||
38 | /* Cause everything to be redrawn (or cleared). */ | ||
39 | vte_terminal_maybe_scroll_to_bottom(terminal); | ||
40 | _vte_invalidate_all(terminal); | ||
41 | diff -ur vte-0.28.2.orig/src/vte-private.h vte-0.28.2/src/vte-private.h | ||
42 | --- vte-0.28.2.orig/src/vte-private.h 2011-08-17 00:52:48.000000000 +0300 | ||
43 | +++ vte-0.28.2/src/vte-private.h 2014-06-26 04:20:52.410371214 +0300 | ||
44 | @@ -219,7 +219,6 @@ | ||
45 | gboolean sendrecv_mode; /* sendrecv mode */ | ||
46 | gboolean insert_mode; /* insert mode */ | ||
47 | gboolean linefeed_mode; /* linefeed mode */ | ||
48 | - gboolean bracketed_paste_mode; | ||
49 | struct vte_scrolling_region { | ||
50 | int start, end; | ||
51 | } scrolling_region; /* the region we scroll in */ | ||
52 | @@ -274,6 +273,7 @@ | ||
53 | gboolean text_modified_flag; | ||
54 | gboolean text_inserted_flag; | ||
55 | gboolean text_deleted_flag; | ||
56 | + gboolean bracketed_paste_mode; | ||
57 | |||
58 | /* Scrolling options. */ | ||
59 | gboolean scroll_background; | ||
60 | diff -ur vte-0.28.2.orig/src/vteseq.c vte-0.28.2/src/vteseq.c | ||
61 | --- vte-0.28.2.orig/src/vteseq.c 2014-06-26 04:08:49.998358634 +0300 | ||
62 | +++ vte-0.28.2/src/vteseq.c 2014-06-26 04:34:00.214384933 +0300 | ||
63 | @@ -737,7 +737,7 @@ | ||
64 | GINT_TO_POINTER(TRUE), | ||
65 | NULL, NULL}, | ||
66 | /* 2004: Bracketed paste mode. */ | ||
67 | - {2004, &terminal->pvt->screen->bracketed_paste_mode, NULL, NULL, | ||
68 | + {2004, &terminal->pvt->bracketed_paste_mode, NULL, NULL, | ||
69 | GINT_TO_POINTER(FALSE), | ||
70 | GINT_TO_POINTER(TRUE), | ||
71 | NULL, NULL,}, | ||