From 164d635f3782522c324c710b767ef21c598228c4 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Tue, 19 Sep 2023 23:04:05 +0200 Subject: [PATCH] package/xterm: security bump to version 384 - Fix CVE-2023-40359: xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature. - Update COPYING hash (update in year and version) https://invisible-island.net/xterm/xterm.log.html#xterm_384 Signed-off-by: Fabrice Fontaine Signed-off-by: Yann E. MORIN --- package/xterm/xterm.hash | 4 ++-- package/xterm/xterm.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/xterm/xterm.hash b/package/xterm/xterm.hash index 12cd2e639b..1a2ad8fea0 100644 --- a/package/xterm/xterm.hash +++ b/package/xterm/xterm.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -sha256 1e5bb7aad068fb31d6d3cbb77f80c7ad1526cd4c956a4ddcf2c5cf28af5334e1 xterm-376.tgz +sha256 31ef870740ceae020c3c4b4a9601c7f47bfd46672c1aaf2d213a565d64cbc373 xterm-384.tgz # Locally calculated -sha256 9521ef761474cd31ea406f56a751646a7b42a9287cdc6f2f8e52ed4c4d2a73e7 COPYING +sha256 98d02d0b7f7b8aabb742b05e6960caaa9ae20e26d2f0d0dc57808362f2ac79bc COPYING diff --git a/package/xterm/xterm.mk b/package/xterm/xterm.mk index d01b608d99..2fc2f734c8 100644 --- a/package/xterm/xterm.mk +++ b/package/xterm/xterm.mk @@ -4,7 +4,7 @@ # ################################################################################ -XTERM_VERSION = 376 +XTERM_VERSION = 384 XTERM_SOURCE = xterm-$(XTERM_VERSION).tgz XTERM_SITE = http://invisible-mirror.net/archives/xterm XTERM_DEPENDENCIES = ncurses xlib_libXaw host-pkgconf