guix-devel/gnu/packages/patches/rxvt-unicode-escape-sequences.patch

This patch prevents a code execution vector involving terminal escape
sequences when rxvt-unicode is in "secure mode".

This change was spurred by the following conversation on the
oss-security mailing list:

Problem description and proof of concept:
http://seclists.org/oss-sec/2017/q2/190

Upstream response:
http://seclists.org/oss-sec/2017/q2/291

Patch copied from upstream source repository:
http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583

--- rxvt-unicode/src/command.C	2016/07/14 05:33:26	1.582
+++ rxvt-unicode/src/command.C	2017/05/18 02:43:18	1.583
@@ -2695,7 +2695,7 @@
         /* kidnapped escape sequence: Should be 8.3.48 */
       case C1_ESA:		/* ESC G */
         // used by original rxvt for rob nations own graphics mode
-        if (cmd_getc () == 'Q')
+        if (cmd_getc () == 'Q' && option (Opt_insecure))
           tt_printf ("\033G0\012");	/* query graphics - no graphics */
         break;
 
@@ -2914,7 +2914,7 @@
         break;
 
       case CSI_CUB:		/* 8.3.18: (1) CURSOR LEFT */
-      case CSI_HPB: 		/* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+      case CSI_HPB:		/* 8.3.59: (1) CHARACTER POSITION BACKWARD */
 #ifdef ISO6429
         arg[0] = -arg[0];
 #else				/* emulate common DEC VTs */