From 4c6f7ee729d6d8830b7b554c9d8133083e61058b Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sat, 9 Dec 2017 12:22:51 +0100
Subject: gnome2.vte: fix CVE-2012-2738

---
 pkgs/desktops/gnome-2/desktop/vte/default.nix      | 14 ++++++--
 .../desktop/vte/vte-0.28.2-limit-arguments.patch   | 40 ----------------------
 2 files changed, 12 insertions(+), 42 deletions(-)
 delete mode 100644 pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch

(limited to 'pkgs/desktops/gnome-2/desktop')

diff --git a/pkgs/desktops/gnome-2/desktop/vte/default.nix b/pkgs/desktops/gnome-2/desktop/vte/default.nix
index e5d2489436e..80c77d9b291 100644
--- a/pkgs/desktops/gnome-2/desktop/vte/default.nix
+++ b/pkgs/desktops/gnome-2/desktop/vte/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, intltool, pkgconfig, glib, gtk, ncurses
+{ stdenv, fetchurl, fetchpatch, intltool, pkgconfig, glib, gtk, ncurses
 , pythonSupport ? false, python27Packages}:
 
 let
@@ -15,7 +15,17 @@ in stdenv.mkDerivation rec {
     ./alt.patch
     ./change-scroll-region.patch
     # CVE-2012-2738
-    ./vte-0.28.2-limit-arguments.patch
+    # fixed in upstream version 0.32.2
+    (fetchpatch{
+      name = "CVE-2012-2738-1.patch";
+      url = https://git.gnome.org/browse/vte/patch/?id=feeee4b5832b17641e505b7083e0d299fdae318e;
+      sha256 = "1455i6zxcx4rj2cz639s8qdc04z2nshprwl7k00mcsw49gv3hk5n";
+    })
+    (fetchpatch{
+      name = "CVE-2012-2738-2.patch";
+      url = https://git.gnome.org/browse/vte/patch/?id=98ce2f265f986fb88c38d508286bb5e3716b9e74;
+      sha256 = "0n24vw49h89w085ggq23iwlnnb6ajllfh2dg4vsar21d82jxc0sn";
+    })
   ];
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch b/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch
deleted file mode 100644
index fd454079390..00000000000
--- a/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
-From: Christian Persch <chpe@gnome.org>
-Date: Sat, 19 May 2012 17:36:09 +0000
-Subject: emulation: Limit integer arguments to 65535
-
-To guard against malicious sequences containing excessively big numbers,
-limit all parsed numbers to 16 bit range. Doing this here in the parsing
-routine is a catch-all guard; this doesn't preclude enforcing
-more stringent limits in the handlers themselves.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=676090
----
-diff --git a/src/table.c b/src/table.c
-index 140e8c8..85cf631 100644
---- a/src/table.c
-+++ b/src/table.c
-@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
- 		if (G_UNLIKELY (*array == NULL)) {
- 			*array = g_value_array_new(1);
- 		}
--		g_value_set_long(&value, total);
-+		g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
- 		g_value_array_append(*array, &value);
- 	} while (i++ < arginfo->length);
- 	g_value_unset(&value);
-diff --git a/src/vteseq.c b/src/vteseq.c
-index 457c06a..46def5b 100644
---- a/src/vteseq.c
-+++ b/src/vteseq.c
-@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
-                               GValueArray *params,
-                               VteTerminalSequenceHandler handler)
- {
--        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
-+        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
- }
- 
- static void
---
-cgit v0.9.0.2
-- 
cgit 1.4.1