slackware-current/patches/source/rxvt-unicode/CVE-2022-4170.diff

--- ./src/perl/background.orig	2021-05-09 10:04:44.000000000 -0500
+++ ./src/perl/background	2023-01-03 13:53:59.865031717 -0600
@@ -1451,8 +1451,7 @@
 # any code execution or other shenanigans. does not
 # support binary NULs in string.
 sub q0 {
-   (my $str = shift) =~ s/\x00//g; # make sure there really aren't any embedded NULs
-   "q\x00$str\x00"
+   "qq\x00\Q$_[0]\E\x00"
 }
 
 sub old_bg_expr {
Wed Jan 4 02:18:08 UTC 2023 patches/packages/libtiff-4.4.0-x86_64-1_slack15.0.txz: Upgraded. Patched various security bugs. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-2056 https://www.cve.org/CVERecord?id=CVE-2022-2057 https://www.cve.org/CVERecord?id=CVE-2022-2058 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://www.cve.org/CVERecord?id=CVE-2022-34526 (* Security fix ) patches/packages/rxvt-unicode-9.26-x86_64-3_slack15.0.txz: Rebuilt. When the "background" extension was loaded, an attacker able to control the data written to the terminal would be able to execute arbitrary code as the terminal's user. Thanks to David Leadbeater and Ben Collver. For more information, see: https://www.openwall.com/lists/oss-security/2022/12/05/1 https://www.cve.org/CVERecord?id=CVE-2022-4170 ( Security fix *) patches/packages/whois-5.5.15-x86_64-1_slack15.0.txz: Upgraded. Updated the .bd, .nz and .tv TLD servers. Added the .llyw.cymru, .gov.scot and .gov.wales SLD servers. Updated the .ac.uk and .gov.uk SLD servers. Recursion has been enabled for whois.nic.tv. Updated the list of new gTLDs with four generic TLDs assigned in October 2013 which were missing due to a bug. Removed 4 new gTLDs which are no longer active. Added the Georgian translation, contributed by Temuri Doghonadze. Updated the Finnish translation, contributed by Lauri Nurmi. 2023-01-04 03:18:08 +01:00			`--- ./src/perl/background.orig 2021-05-09 10:04:44.000000000 -0500`
			`+++ ./src/perl/background 2023-01-03 13:53:59.865031717 -0600`
			`@@ -1451,8 +1451,7 @@`
			`# any code execution or other shenanigans. does not`
			`# support binary NULs in string.`
			`sub q0 {`
			`- (my $str = shift) =~ s/\x00//g; # make sure there really aren't any embedded NULs`
			`- "q\x00$str\x00"`
			`+ "qq\x00\Q$_[0]\E\x00"`
			`}`

			`sub old_bg_expr {`