vte291: apply correct patch for cve-2024-37535 fix (#10291)

2024-08-29 16:56:52 -07:00 · 2024-08-29 16:56:52 -07:00 · 71e149c603
--- a/SPECS/vte291/CVE-2024-37535.patch
+++ b/SPECS/vte291/CVE-2024-37535.patch
@ -77,3 +77,61 @@ index 24bdd7184..48cae79c1 100644
 catch (...)
 {
 --
+
+From fd5511f24b7269195a7083f409244e9787c705dc Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@src.gnome.org>
+Date: Sun, 2 Jun 2024 19:13:15 +0200
+Subject: [PATCH] emulation: Restrict resize request to sane numbers
+
+Fixes: https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+---
+ src/vteseq.cc | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/vteseq.cc b/src/vteseq.cc
+index 2430054c..225c6a59 100644
+--- a/src/vteseq.cc
+++ b/src/vteseq.cc
+@@ -216,9 +216,18 @@ Terminal::emit_bell()
+ /* Emit a "resize-window" signal.  (Grid size.) */
+ void
+ Terminal::emit_resize_window(guint columns,
+-                                       guint rows)
+-{
+-        _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n");
+                             guint rows)
+{
+        // Ignore resizes with excessive number of rows or columns,
+        // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+        if (columns < VTE_MIN_GRID_WIDTH ||
+            columns > 511 ||
+            rows < VTE_MIN_GRID_HEIGHT ||
+            rows > 511)
+                return;
+
+        _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n",
+                         columns, rows);
+         g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows);
+ }
+
+@@ -4702,8 +4711,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq)
+         else if (param < 24)
+                 return;
+
+-        _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param);
+-
+         emit_resize_window(m_column_count, param);
+ }
+
+@@ -9312,9 +9319,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq)
+                 seq.collect(1, {&height, &width});
+
+                 if (width != -1 && height != -1) {
+-                        _vte_debug_print(VTE_DEBUG_EMULATION,
+-                                         "Resizing window to %d columns, %d rows.\n",
+-                                         width, height);
+                         emit_resize_window(width, height);
+                 }
+                 break;
+--
+2.34.1
--- a/SPECS/vte291/vte291.spec
+++ b/SPECS/vte291/vte291.spec
@ -11,7 +11,7 @@
 Summary:        Terminal emulator library
 Name:           vte291
 Version:        0.66.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        CC-BY AND GPLv2+ AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -119,6 +119,9 @@ sed -i -e "/^vte_systemduserunitdir =/s|vte_prefix|'/usr'|" meson.build
 %{_sysconfdir}/profile.d/vte.sh

 %changelog
+* Thu Aug 29 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 0.66.2-4
+- Apply correct patch for CVE-2024-37535
+
 * Thu Jun 13 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 0.66.2-3
 - Patch CVE-2024-37535