iTerm2: fix CVE-2019-9535

The Mozilla Foundation has generously sponsored a security audit of the iTerm2 source code. As part of this audit, a problem was discovered which could cause iTerm2 to issue commands in response to receiving certain input. This is a serious security issue because in some circumstances it could allow an attacker to execute commands on your machine when you view a file or otherwise receive input they have crafted in iTerm2.
macports · Oct 10, 2019 · 4a4f7ab · 4a4f7ab
1 parent 567321e
commit 4a4f7ab
Show file tree

Hide file tree

Showing 2 changed files with 1,843 additions and 0 deletions.
diff --git a/aqua/iTerm2/Portfile b/aqua/iTerm2/Portfile
@@ -10,18 +10,21 @@ if {[info exists use_xcode]} {
 
 if {[vercmp ${os.version} 17.0.0] < 0} {
     version             3.2.0
+    revision            0
     checksums \
         rmd160  07915ff5db0545c0c059f47e7f71761e023a26e1 \
         sha256  017aff348352369abcc994caaca0f6112e1f17c4d65041acdb9f19830b2b96bd \
         size    11969144
     patchfiles          patch-Makefile.diff
 } else {
     version             3.3.5
+    revision            1
     checksums \
         rmd160  612cb41be30fe2940bc300055afbb77938d4a19d \
         sha256  6ce9e5650fa4245fc5b702c58cdea43b6d3fe995abc7b52520377f840fd8a492 \
         size    18852672
     patchfiles          patch-Makefile-XC10.diff
+    patchfiles-append   patch-CVE-2019-9535.diff
 }
 
 github.setup        gnachman iTerm2 ${version} v