Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.09] kitty: fix CVE-2020-35605 #107662

Merged
merged 1 commit into from Dec 28, 2020
Merged

[20.09] kitty: fix CVE-2020-35605 #107662

merged 1 commit into from Dec 28, 2020

Conversation

mweinelt
Copy link
Member

Motivation for this change

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

https://nvd.nist.gov/vuln/detail/CVE-2020-35605

Fixes: CVE-2020-35605

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@mweinelt
kitty: fix CVE-2020-35605
0baa56f 
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows
remote attackers to execute arbitrary code because a filename containing
special characters can be included in an error message.

kovidgoyal/kitty#3128

Fixes: CVE-2020-35605
@ofborg ofborg bot requested a review from tex December 26, 2020 20:38
@SuperSandro2000
Copy link
Member

Result of nixpkgs-review pr 107662 run on x86_64-darwin 1

1 package failed to build:
  • kitty

Traceback (most recent call last):
File "/private/tmp/nix-build-kitty-0.18.3.drv-0/source/kitty_tests/fonts.py", line 25, in setUp
self.test_ctx.enter()
self = <kitty_tests.fonts.Rendering testMethod=test_sprite_map>
File "/private/tmp/nix-build-kitty-0.18.3.drv-0/source/kitty/fonts/render.py", line 389, in enter
set_font_family(opts)
opts = <kitty.conf.utils.Options object at 0x7feb2e92e010>
self = <kitty.fonts.render.setup_for_testing object at 0x10d543100>
send_to_gpu = <function setup_for_testing.enter..send_to_gpu at 0x10d5803a0>
sprites = {}
File "/private/tmp/nix-build-kitty-0.18.3.drv-0/source/kitty/fonts/render.py", line 181, in set_font_family
font_map = get_font_files(opts)
debug_font_matching = False
opts = <kitty.conf.utils.Options object at 0x7feb2e92e010>
override_font_size = None
sz = 11.0
File "/private/tmp/nix-build-kitty-0.18.3.drv-0/source/kitty/fonts/render.py", line 38, in get_font_files
return get_font_files_coretext(opts)
opts = <kitty.conf.utils.Options object at 0x7feb2e92e010>
File "/private/tmp/nix-build-kitty-0.18.3.drv-0/source/kitty/fonts/core_text.py", line 94, in get_font_files
face = find_best_match(resolve_family(getattr(opts, attr), opts.font_family, bold, italic), bold, italic)
ans = {}
attr = 'font_family'
bold = False
italic = False
opts = <kitty.conf.utils.Options object at 0x7feb2e92e010>
File "/private/tmp/nix-build-kitty-0.18.3.drv-0/source/kitty/fonts/core_text.py", line 79, in find_best_match
candidates = font_map['family_map'][q]
bold = False
candidates = None
family = 'Menlo'
font_map = {'family_map': {}, 'ps_map': {}, 'full_map': {}}
italic = False
q = 'menlo'
score = <function find_best_match..score at 0x10d6d3700>
selector = 'full_map'
KeyError: 'menlo'

Ran 77 tests in 0.679s

FAILED (errors=7, skipped=1)

@SuperSandro2000
Copy link
Member

Result of nixpkgs-review pr 107662 run on x86_64-linux 1

1 package built:
  • kitty

Luflosi
Luflosi approved these changes Dec 27, 2020
View reviewed changes
Copy link
Contributor

@Luflosi Luflosi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mweinelt mweinelt merged commit 5c46389 into NixOS:release-20.09 Dec 28, 2020
@mweinelt mweinelt deleted the 20.09/kitty branch December 28, 2020 11:12
@sternenseemann sternenseemann mentioned this pull request Jan 12, 2021
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tex tex tex approved these changes

@Luflosi Luflosi Luflosi approved these changes

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mweinelt @SuperSandro2000 @tex @Luflosi