commit rxvt-unicode for openSUSE:Factory

Mon, 12 Jun 2017 06:32:55 -0700 

Hello community,

here is the log from the commit of package rxvt-unicode for openSUSE:Factory 
checked in at 2017-06-12 15:28:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rxvt-unicode (Old)
 and      /work/SRC/openSUSE:Factory/.rxvt-unicode.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rxvt-unicode"

Mon Jun 12 15:28:39 2017 rev:34 rq:500181 version:9.22

Changes:
--------
--- /work/SRC/openSUSE:Factory/rxvt-unicode/rxvt-unicode.changes        
2016-11-07 13:25:48.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.rxvt-unicode.new/rxvt-unicode.changes   
2017-06-12 15:28:48.151071422 +0200
@@ -1,0 +2,7 @@
+Wed May 31 14:55:32 UTC 2017 - [email protected]
+
+- added rxvt-unicode-hardening.patch: (boo# 1036456)
+  While urxvt is not directly affected by CVE-2017-7483. We add a
+  patch to harden urxvt to avoid similar bugs in the future.
+
+-------------------------------------------------------------------

New:
----
  rxvt-unicode-hardening.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rxvt-unicode.spec ++++++
--- /var/tmp/diff_new_pack.oj9Bvo/_old  2017-06-12 15:28:48.882968202 +0200
+++ /var/tmp/diff_new_pack.oj9Bvo/_new  2017-06-12 15:28:48.886967638 +0200
@@ -38,6 +38,7 @@
 Patch1:         rxvt-unicode-9.20-CVE-2008-1142-DISPLAY.patch
 Patch2:         rxvt-unicode-9.21-xsubpp.patch
 Patch3:         rxvt-unicode-0001-Prefer-XDG_RUNTIME_DIR-over-the-HOME.patch
+Patch4:         rxvt-unicode-hardening.patch
 BuildRequires:  gcc-c++
 BuildRequires:  ncurses-devel
 BuildRequires:  perl
@@ -68,6 +69,7 @@
 %patch1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 find -type d -name CVS -print0 | xargs -r0 rm -r
 install -m 0644 %{SOURCE2} README.SUSE
 

++++++ rxvt-unicode-hardening.patch ++++++
diff -ru rxvt-unicode-9.22/src/command.C rxvt-unicode-9.22-patched/src/command.C
--- rxvt-unicode-9.22/src/command.C     2016-01-18 20:35:08.000000000 +0100
+++ rxvt-unicode-9.22-patched/src/command.C     2017-04-28 09:52:35.440245607 
+0200
@@ -2868,7 +2868,7 @@
   i = ch - CSI_ICH;
   ndef = get_byte_array_bit (csi_defaults, i);
   for (p = 0; p < nargs; p++)
-    if (arg[p] == -1)
+    if (arg[p] < 0 || arg[p] > 30000)
       arg[p] = ndef;
 
   /*

Reply via email to