[pkgsrc/trunk]: pkgsrc/x11/rxvt rxvt: apply fix for CVE-2021-33477. bump PKGR...

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/4a6323666030
branches:  trunk
changeset: 458651:4a6323666030
user:      nia <nia%pkgsrc.org@localhost>
date:      Sun Sep 19 08:41:13 2021 +0000

description:
rxvt: apply fix for CVE-2021-33477. bump PKGREVISION.

diffstat:

 x11/rxvt/Makefile                    |   4 ++--
 x11/rxvt/distinfo                    |   5 +++--
 x11/rxvt/patches/patch-src_command.c |  22 +++++++++++++++++++---
 3 files changed, 24 insertions(+), 7 deletions(-)

diffs (61 lines):

diff -r 0ae015c43e91 -r 4a6323666030 x11/rxvt/Makefile
--- a/x11/rxvt/Makefile Sun Sep 19 08:41:09 2021 +0000
+++ b/x11/rxvt/Makefile Sun Sep 19 08:41:13 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.63 2021/08/08 20:33:33 nia Exp $
+# $NetBSD: Makefile,v 1.64 2021/09/19 08:41:13 nia Exp $
 
 DISTNAME=              rxvt-2.7.10
-PKGREVISION=           8
+PKGREVISION=           9
 CATEGORIES=            x11
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=rxvt/}
 
diff -r 0ae015c43e91 -r 4a6323666030 x11/rxvt/distinfo
--- a/x11/rxvt/distinfo Sun Sep 19 08:41:09 2021 +0000
+++ b/x11/rxvt/distinfo Sun Sep 19 08:41:13 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2020/10/10 08:26:56 nia Exp $
+$NetBSD: distinfo,v 1.26 2021/09/19 08:41:13 nia Exp $
 
 SHA1 (rxvt-2.7.10.tar.gz) = dabb960d94703d4f81e9a9a50749210a2977ef2b
 RMD160 (rxvt-2.7.10.tar.gz) = 1bea3ff456b4f9ddce187b3e3a0ac11a7363c8eb
@@ -16,5 +16,6 @@
 SHA1 (patch-ak) = 83f7ffcf91d671bd8e75e5c063fd1336c0e08ed6
 SHA1 (patch-al) = 7107ec12205d0a5011a5828f8d30fbd577de41b7
 SHA1 (patch-am) = db69ba3b6754454613aa4aec61c1b033d7e013ae
-SHA1 (patch-src_command.c) = ca6af737445f2687e3823bd0d4390e3150f664b1
+SHA1 (patch-src_command.c) = 50a7e36e97232af7bfc92e3e41b73e4c88e1605b
+SHA1 (patch-src_feature.h) = da39a3ee5e6b4b0d3255bfef95601890afd80709
 SHA1 (patch-src_rxvt.h) = 86db6ffc24f1133771b6e94275a9edab07b97437
diff -r 0ae015c43e91 -r 4a6323666030 x11/rxvt/patches/patch-src_command.c
--- a/x11/rxvt/patches/patch-src_command.c      Sun Sep 19 08:41:09 2021 +0000
+++ b/x11/rxvt/patches/patch-src_command.c      Sun Sep 19 08:41:13 2021 +0000
@@ -1,8 +1,24 @@
-$NetBSD: patch-src_command.c,v 1.1 2017/08/05 07:00:20 nros Exp $
+$NetBSD: patch-src_command.c,v 1.2 2021/09/19 08:41:13 nia Exp $
+
+* fix CVE-2021-33477
 * fix CVE-2017-7483
---- src/command.c.orig 2017-08-05 06:35:48.000000000 +0000
+
+--- src/command.c.orig 2003-03-26 06:01:23.000000000 +0000
 +++ src/command.c
-@@ -2096,7 +2096,7 @@ rxvt_process_csi_seq(rxvt_t *r)
+@@ -1954,10 +1954,12 @@ rxvt_process_escape_seq(rxvt_t *r)
+       rxvt_scr_add_lines(r, (const unsigned char *)"\n\r", 1, 2);
+       break;
+ 
++#if 0 /* disabled because embedded newlines can make exploits easier */
+     /* kidnapped escape sequence: Should be 8.3.48 */
+     case C1_ESA:              /* ESC G */
+       rxvt_process_graphics(r);
+       break;
++#endif
+ 
+     /* 8.3.63: CHARACTER TABULATION SET */
+     case C1_HTS:              /* ESC H */
+@@ -2096,7 +2098,7 @@ rxvt_process_csi_seq(rxvt_t *r)
      i = ch - CSI_ICH;
      ndef = get_byte_array_bit(csi_defaults, i);
      for (p = 0; p < nargs; p++)