diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2017-12-09 12:22:51 +0100 |
|---|---|---|
| committer | Andreas Rammhold <andreas@rammhold.de> | 2017-12-09 12:25:04 +0100 |
| commit | 4c6f7ee729d6d8830b7b554c9d8133083e61058b (patch) | |
| tree | f85d26aa5be12cd2f796b3b5e40007a15442568e /pkgs/desktops/gnome-2/desktop | |
| parent | 5ce5ef06ab49a50f1a4a6b437d84bf43288d0b7e (diff) | |
| download | nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.tar nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.tar.gz nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.tar.bz2 nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.tar.lz nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.tar.xz nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.tar.zst nixpkgs-4c6f7ee729d6d8830b7b554c9d8133083e61058b.zip | |
gnome2.vte: fix CVE-2012-2738
Diffstat (limited to 'pkgs/desktops/gnome-2/desktop')
| -rw-r--r-- | pkgs/desktops/gnome-2/desktop/vte/default.nix | 14 | ||||
| -rw-r--r-- | pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch | 40 |
2 files changed, 12 insertions, 42 deletions
diff --git a/pkgs/desktops/gnome-2/desktop/vte/default.nix b/pkgs/desktops/gnome-2/desktop/vte/default.nix index e5d2489436e..80c77d9b291 100644 --- a/pkgs/desktops/gnome-2/desktop/vte/default.nix +++ b/pkgs/desktops/gnome-2/desktop/vte/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, intltool, pkgconfig, glib, gtk, ncurses +{ stdenv, fetchurl, fetchpatch, intltool, pkgconfig, glib, gtk, ncurses , pythonSupport ? false, python27Packages}: let @@ -15,7 +15,17 @@ in stdenv.mkDerivation rec { ./alt.patch ./change-scroll-region.patch # CVE-2012-2738 - ./vte-0.28.2-limit-arguments.patch + # fixed in upstream version 0.32.2 + (fetchpatch{ + name = "CVE-2012-2738-1.patch"; + url = https://git.gnome.org/browse/vte/patch/?id=feeee4b5832b17641e505b7083e0d299fdae318e; + sha256 = "1455i6zxcx4rj2cz639s8qdc04z2nshprwl7k00mcsw49gv3hk5n"; + }) + (fetchpatch{ + name = "CVE-2012-2738-2.patch"; + url = https://git.gnome.org/browse/vte/patch/?id=98ce2f265f986fb88c38d508286bb5e3716b9e74; + sha256 = "0n24vw49h89w085ggq23iwlnnb6ajllfh2dg4vsar21d82jxc0sn"; + }) ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch b/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch deleted file mode 100644 index fd454079390..00000000000 --- a/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch +++ /dev/null @@ -1,40 +0,0 @@ -From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001 -From: Christian Persch <chpe@gnome.org> -Date: Sat, 19 May 2012 17:36:09 +0000 -Subject: emulation: Limit integer arguments to 65535 - -To guard against malicious sequences containing excessively big numbers, -limit all parsed numbers to 16 bit range. Doing this here in the parsing -routine is a catch-all guard; this doesn't preclude enforcing -more stringent limits in the handlers themselves. - -https://bugzilla.gnome.org/show_bug.cgi?id=676090 ---- -diff --git a/src/table.c b/src/table.c -index 140e8c8..85cf631 100644 ---- a/src/table.c -+++ b/src/table.c -@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array, - if (G_UNLIKELY (*array == NULL)) { - *array = g_value_array_new(1); - } -- g_value_set_long(&value, total); -+ g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT)); - g_value_array_append(*array, &value); - } while (i++ < arginfo->length); - g_value_unset(&value); -diff --git a/src/vteseq.c b/src/vteseq.c -index 457c06a..46def5b 100644 ---- a/src/vteseq.c -+++ b/src/vteseq.c -@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal, - GValueArray *params, - VteTerminalSequenceHandler handler) - { -- vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG); -+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT); - } - - static void --- -cgit v0.9.0.2 |