diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/rxvt-unicode-escape-sequences.patch | 35 | ||||
-rw-r--r-- | gnu/packages/xdisorg.scm | 5 |
3 files changed, 2 insertions, 39 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 1dc191092e..0e3e4eecf0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1672,7 +1672,6 @@ dist_patch_DATA = \ %D%/packages/patches/rust-nettle-sys-disable-vendor.patch \ %D%/packages/patches/rust-reproducible-builds.patch \ %D%/packages/patches/rust-openssl-sys-no-vendor.patch \ - %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ %D%/packages/patches/sbc-fix-build-non-x86.patch \ %D%/packages/patches/sbcl-clml-fix-types.patch \ %D%/packages/patches/scalapack-blacs-mpi-deprecations.patch \ diff --git a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch deleted file mode 100644 index 064dd51e2d..0000000000 --- a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch +++ /dev/null @@ -1,35 +0,0 @@ -This patch prevents a code execution vector involving terminal escape -sequences when rxvt-unicode is in "secure mode". - -This change was spurred by the following conversation on the -oss-security mailing list: - -Problem description and proof of concept: -http://seclists.org/oss-sec/2017/q2/190 - -Upstream response: -http://seclists.org/oss-sec/2017/q2/291 - -Patch copied from upstream source repository: -http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 - ---- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582 -+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583 -@@ -2695,7 +2695,7 @@ - /* kidnapped escape sequence: Should be 8.3.48 */ - case C1_ESA: /* ESC G */ - // used by original rxvt for rob nations own graphics mode -- if (cmd_getc () == 'Q') -+ if (cmd_getc () == 'Q' && option (Opt_insecure)) - tt_printf ("\033G0\012"); /* query graphics - no graphics */ - break; - -@@ -2914,7 +2914,7 @@ - break; - - case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ -- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ -+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ - #ifdef ISO6429 - arg[0] = -arg[0]; - #else /* emulate common DEC VTs */ diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index b5bacd3d97..8feea6bf92 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -1085,15 +1085,14 @@ compact configuration syntax.") (define-public rxvt-unicode (package (name "rxvt-unicode") - (version "9.22") + (version "9.26") (source (origin (method url-fetch) (uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/" name "-" version ".tar.bz2")) - (patches (search-patches "rxvt-unicode-escape-sequences.patch")) (sha256 (base32 - "1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9")))) + "12y9p32q0v7n7rhjla0j2g9d5rj2dmwk20c9yhlssaaxlawiccb4")))) (build-system gnu-build-system) (arguments ;; This sets the destination when installing the necessary terminal |