CVS commit: pkgsrc/x11/rxvt

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Sun Sep 19 08:41:13 UTC 2021

Modified Files:
        pkgsrc/x11/rxvt: Makefile distinfo
        pkgsrc/x11/rxvt/patches: patch-src_command.c

Log Message:
rxvt: apply fix for CVE-2021-33477. bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 pkgsrc/x11/rxvt/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/x11/rxvt/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/x11/rxvt/patches/patch-src_command.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/x11/rxvt/Makefile
diff -u pkgsrc/x11/rxvt/Makefile:1.63 pkgsrc/x11/rxvt/Makefile:1.64
--- pkgsrc/x11/rxvt/Makefile:1.63       Sun Aug  8 20:33:33 2021
+++ pkgsrc/x11/rxvt/Makefile    Sun Sep 19 08:41:13 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.63 2021/08/08 20:33:33 nia Exp $
+# $NetBSD: Makefile,v 1.64 2021/09/19 08:41:13 nia Exp $
 
 DISTNAME=              rxvt-2.7.10
-PKGREVISION=           8
+PKGREVISION=           9
 CATEGORIES=            x11
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=rxvt/}
 

Index: pkgsrc/x11/rxvt/distinfo
diff -u pkgsrc/x11/rxvt/distinfo:1.25 pkgsrc/x11/rxvt/distinfo:1.26
--- pkgsrc/x11/rxvt/distinfo:1.25       Sat Oct 10 08:26:56 2020
+++ pkgsrc/x11/rxvt/distinfo    Sun Sep 19 08:41:13 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2020/10/10 08:26:56 nia Exp $
+$NetBSD: distinfo,v 1.26 2021/09/19 08:41:13 nia Exp $
 
 SHA1 (rxvt-2.7.10.tar.gz) = dabb960d94703d4f81e9a9a50749210a2977ef2b
 RMD160 (rxvt-2.7.10.tar.gz) = 1bea3ff456b4f9ddce187b3e3a0ac11a7363c8eb
@@ -16,5 +16,6 @@ SHA1 (patch-aj) = 43ca25f034e6160f3a3dab
 SHA1 (patch-ak) = 83f7ffcf91d671bd8e75e5c063fd1336c0e08ed6
 SHA1 (patch-al) = 7107ec12205d0a5011a5828f8d30fbd577de41b7
 SHA1 (patch-am) = db69ba3b6754454613aa4aec61c1b033d7e013ae
-SHA1 (patch-src_command.c) = ca6af737445f2687e3823bd0d4390e3150f664b1
+SHA1 (patch-src_command.c) = 50a7e36e97232af7bfc92e3e41b73e4c88e1605b
+SHA1 (patch-src_feature.h) = da39a3ee5e6b4b0d3255bfef95601890afd80709
 SHA1 (patch-src_rxvt.h) = 86db6ffc24f1133771b6e94275a9edab07b97437

Index: pkgsrc/x11/rxvt/patches/patch-src_command.c
diff -u pkgsrc/x11/rxvt/patches/patch-src_command.c:1.1 pkgsrc/x11/rxvt/patches/patch-src_command.c:1.2
--- pkgsrc/x11/rxvt/patches/patch-src_command.c:1.1     Sat Aug  5 07:00:20 2017
+++ pkgsrc/x11/rxvt/patches/patch-src_command.c Sun Sep 19 08:41:13 2021
@@ -1,8 +1,24 @@
-$NetBSD: patch-src_command.c,v 1.1 2017/08/05 07:00:20 nros Exp $
+$NetBSD: patch-src_command.c,v 1.2 2021/09/19 08:41:13 nia Exp $
+
+* fix CVE-2021-33477
 * fix CVE-2017-7483
---- src/command.c.orig 2017-08-05 06:35:48.000000000 +0000
+
+--- src/command.c.orig 2003-03-26 06:01:23.000000000 +0000
 +++ src/command.c
-@@ -2096,7 +2096,7 @@ rxvt_process_csi_seq(rxvt_t *r)
+@@ -1954,10 +1954,12 @@ rxvt_process_escape_seq(rxvt_t *r)
+       rxvt_scr_add_lines(r, (const unsigned char *)"\n\r", 1, 2);
+       break;
+ 
++#if 0 /* disabled because embedded newlines can make exploits easier */
+     /* kidnapped escape sequence: Should be 8.3.48 */
+     case C1_ESA:              /* ESC G */
+       rxvt_process_graphics(r);
+       break;
++#endif
+ 
+     /* 8.3.63: CHARACTER TABULATION SET */
+     case C1_HTS:              /* ESC H */
+@@ -2096,7 +2098,7 @@ rxvt_process_csi_seq(rxvt_t *r)
      i = ch - CSI_ICH;
      ndef = get_byte_array_bit(csi_defaults, i);
      for (p = 0; p < nargs; p++)