pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel patches from
details: https://anonhg.NetBSD.org/pkgsrc/rev/549366db7528
branches: trunk
changeset: 366273:549366db7528
user: spz <spz%pkgsrc.org@localhost>
date: Tue Aug 08 18:38:21 2017 +0000
description:
patches from
ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
+ add/improve checks in tic's parser to address invalid input
(Redhat #1464684, #1464685, #1464686, #1464691).
+ alloc_entry.c, add a check for a null-pointer.
+ parse_entry.c, add several checks for valid pointers as well as
one check to ensure that a single character on a line is not
treated as the 2-character termcap short-name.
that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113
diffstat:
devel/ncurses/Makefile | 4 +-
devel/ncurses/distinfo | 4 +-
devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c | 28 ++++++
devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c | 74 ++++++++++++++++
devel/ncursesw/Makefile | 4 +-
5 files changed, 109 insertions(+), 5 deletions(-)
diffs (150 lines):
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/Makefile
--- a/devel/ncurses/Makefile Tue Aug 08 18:16:35 2017 +0000
+++ b/devel/ncurses/Makefile Tue Aug 08 18:38:21 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.94 2016/12/18 23:30:34 joerg Exp $
+# $NetBSD: Makefile,v 1.95 2017/08/08 18:38:21 spz Exp $
-PKGREVISION= 3
+PKGREVISION= 4
.include "Makefile.common"
COMMENT= CRT screen handling and optimization package
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/distinfo
--- a/devel/ncurses/distinfo Tue Aug 08 18:16:35 2017 +0000
+++ b/devel/ncurses/distinfo Tue Aug 08 18:38:21 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2016/12/30 11:28:19 wiz Exp $
+$NetBSD: distinfo,v 1.32 2017/08/08 18:38:21 spz Exp $
SHA1 (ncurses-6.0.tar.gz) = acd606135a5124905da770803c05f1f20dd3b21c
RMD160 (ncurses-6.0.tar.gz) = 4d9e5938f00b400bfb0d37f3c54f2f36c4157d48
@@ -11,4 +11,6 @@
SHA1 (patch-c++_Makefile.in) = 974f89c75737a8079977fc35a924b54d32e98df2
SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa
SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527
+SHA1 (patch-ncurses_tinfo_alloc__entry.c) = b9f3ab1ba347f9725a97874b0020e14b56341195
SHA1 (patch-ncurses_tinfo_lib__baudrate.c) = e383a11530a3045e729ab8c738e57a9e217a994f
+SHA1 (patch-ncurses_tinfo_parse__entry.c) = c99eb89dcdbf0ad4e05eea9b7f9820a0d4328173
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c Tue Aug 08 18:38:21 2017 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-ncurses_tinfo_alloc__entry.c,v 1.1 2017/08/08 18:38:21 spz Exp $
+
+from ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
++ add/improve checks in tic's parser to address invalid input
+ (Redhat #1464684, #1464685, #1464686, #1464691).
+ + alloc_entry.c, add a check for a null-pointer.
+ + parse_entry.c, add several checks for valid pointers as well as
+ one check to ensure that a single character on a line is not
+ treated as the 2-character termcap short-name.
+
+that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113
+
+
+--- ncurses/tinfo/alloc_entry.c.orig 2013-08-17 19:20:38.000000000 +0000
++++ ncurses/tinfo/alloc_entry.c
+@@ -96,7 +96,11 @@ _nc_save_str(const char *const string)
+ {
+ char *result = 0;
+ size_t old_next_free = next_free;
+- size_t len = strlen(string) + 1;
++ size_t len;
++
++ if (string == 0)
++ return _nc_save_str("");
++ len = strlen(string) + 1;
+
+ if (len == 1 && next_free != 0) {
+ /*
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c Tue Aug 08 18:38:21 2017 +0000
@@ -0,0 +1,74 @@
+$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.1 2017/08/08 18:38:21 spz Exp $
+
+from ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
++ add/improve checks in tic's parser to address invalid input
+ (Redhat #1464684, #1464685, #1464686, #1464691).
+ + alloc_entry.c, add a check for a null-pointer.
+ + parse_entry.c, add several checks for valid pointers as well as
+ one check to ensure that a single character on a line is not
+ treated as the 2-character termcap short-name.
+
+that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113
+
+--- ncurses/tinfo/parse_entry.c.orig 2015-04-04 14:18:38.000000000 +0000
++++ ncurses/tinfo/parse_entry.c
+@@ -236,13 +236,14 @@ _nc_parse_entry(struct entry *entryp, in
+ * implemented it. Note that the resulting terminal type was never the
+ * 2-character name, but was instead the first alias after that.
+ */
++#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|')
+ ptr = _nc_curr_token.tk_name;
+ if (_nc_syntax == SYN_TERMCAP
+ #if NCURSES_XNAMES
+ && !_nc_user_definable
+ #endif
+ ) {
+- if (ptr[2] == '|') {
++ if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && (ptr[2] == '|')) {
+ ptr += 3;
+ _nc_curr_token.tk_name[2] = '\0';
+ }
+@@ -284,9 +285,11 @@ _nc_parse_entry(struct entry *entryp, in
+ if (is_use || is_tc) {
+ entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+ entryp->uses[entryp->nuses].line = _nc_curr_line;
+- entryp->nuses++;
+- if (entryp->nuses > 1 && is_tc) {
+- BAD_TC_USAGE
++ if (VALID_STRING(entryp->uses[entryp->nuses].name)) {
++ entryp->nuses++;
++ if (entryp->nuses > 1 && is_tc) {
++ BAD_TC_USAGE
++ }
+ }
+ } else {
+ /* normal token lookup */
+@@ -571,7 +574,7 @@ append_acs0(string_desc * dst, int code,
+ static void
+ append_acs(string_desc * dst, int code, char *src)
+ {
+- if (src != 0 && strlen(src) == 1) {
++ if (VALID_STRING(src) && strlen(src) == 1) {
+ append_acs0(dst, code, *src);
+ }
+ }
+@@ -832,15 +835,14 @@ postprocess_termcap(TERMTYPE *tp, bool h
+ }
+
+ if (tp->Strings[to_ptr->nte_index]) {
++ const char *s = tp->Strings[from_ptr->nte_index];
++ const char *t = tp->Strings[to_ptr->nte_index];
+ /* There's no point in warning about it if it's the same
+ * string; that's just an inefficiency.
+ */
+- if (strcmp(
+- tp->Strings[from_ptr->nte_index],
+- tp->Strings[to_ptr->nte_index]) != 0)
++ if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0)
+ _nc_warning("%s (%s) already has an explicit value %s, ignoring ko",
+- ap->to, ap->from,
+- _nc_visbuf(tp->Strings[to_ptr->nte_index]));
++ ap->to, ap->from, t);
+ continue;
+ }
+
diff -r 828e62187f0b -r 549366db7528 devel/ncursesw/Makefile
--- a/devel/ncursesw/Makefile Tue Aug 08 18:16:35 2017 +0000
+++ b/devel/ncursesw/Makefile Tue Aug 08 18:38:21 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2016/12/18 23:30:34 joerg Exp $
+# $NetBSD: Makefile,v 1.14 2017/08/08 18:38:21 spz Exp $
-PKGREVISION= 2
+PKGREVISION= 3
.include "../../devel/ncurses/Makefile.common"
PKGNAME= ${DISTNAME:S/ncurses/ncursesw/}
Home |
Main Index |
Thread Index |
Old Index