From d6c64b2816f7fc221155fbb9b4b0371dcec0a769 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 18 May 2021 17:19:23 +0200 Subject: [PATCH 1/2] rxvt-unicode: 9.22 -> 9.26 --- pkgs/applications/terminal-emulators/rxvt-unicode/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix b/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix index 82536e4b873..02f1b100f49 100644 --- a/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix +++ b/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix @@ -9,7 +9,7 @@ let pname = "rxvt-unicode"; - version = "9.22"; + version = "9.26"; description = "A clone of the well-known terminal emulator rxvt"; desktopItem = makeDesktopItem { @@ -31,7 +31,7 @@ stdenv.mkDerivation { src = fetchurl { url = "http://dist.schmorp.de/rxvt-unicode/Attic/rxvt-unicode-${version}.tar.bz2"; - sha256 = "1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9"; + sha256 = "12y9p32q0v7n7rhjla0j2g9d5rj2dmwk20c9yhlssaaxlawiccb4"; }; buildInputs = From 6205c47b025bf88abad32dd621bd2a3c68083505 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 18 May 2021 17:24:17 +0200 Subject: [PATCH 2/2] rxvt, mrxvt, eterm: Mark vulnerable to unexpected command execution https://www.openwall.com/lists/oss-security/2021/05/17/1 --- pkgs/applications/terminal-emulators/eterm/default.nix | 3 +++ pkgs/applications/terminal-emulators/mrxvt/default.nix | 3 +++ pkgs/applications/terminal-emulators/rxvt/default.nix | 3 +++ 3 files changed, 9 insertions(+) diff --git a/pkgs/applications/terminal-emulators/eterm/default.nix b/pkgs/applications/terminal-emulators/eterm/default.nix index 70b8311b105..b5ca8b88959 100644 --- a/pkgs/applications/terminal-emulators/eterm/default.nix +++ b/pkgs/applications/terminal-emulators/eterm/default.nix @@ -39,5 +39,8 @@ stdenv.mkDerivation rec { license = licenses.bsd2; maintainers = [ maintainers.AndersonTorres ]; platforms = platforms.linux; + knownVulnerabilities = [ + "Usage of ANSI escape sequences causes unexpected newline-termination, leading to unexpected command execution (https://www.openwall.com/lists/oss-security/2021/05/17/1)" + ]; }; } diff --git a/pkgs/applications/terminal-emulators/mrxvt/default.nix b/pkgs/applications/terminal-emulators/mrxvt/default.nix index b0b9ee61118..bd01b0843fb 100644 --- a/pkgs/applications/terminal-emulators/mrxvt/default.nix +++ b/pkgs/applications/terminal-emulators/mrxvt/default.nix @@ -36,5 +36,8 @@ stdenv.mkDerivation { homepage = "https://sourceforge.net/projects/materm"; license = licenses.gpl2; platforms = platforms.linux; + knownVulnerabilities = [ + "Usage of ANSI escape sequences causes unexpected newline-termination, leading to unexpected command execution (https://www.openwall.com/lists/oss-security/2021/05/17/1)" + ]; }; } diff --git a/pkgs/applications/terminal-emulators/rxvt/default.nix b/pkgs/applications/terminal-emulators/rxvt/default.nix index 0cd4f13e465..a6f4ab1321c 100644 --- a/pkgs/applications/terminal-emulators/rxvt/default.nix +++ b/pkgs/applications/terminal-emulators/rxvt/default.nix @@ -35,5 +35,8 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ AndersonTorres ]; license = licenses.gpl2; platforms = platforms.linux; + knownVulnerabilities = [ + "Usage of ANSI escape sequences causes unexpected newline-termination, leading to unexpected command execution (https://www.openwall.com/lists/oss-security/2021/05/17/1)" + ]; }; }