[pkgsrc/pkgsrc-2018Q3]: pkgsrc/devel Pullup ticket #5849 - requested by bsiegert

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2018Q3]: pkgsrc/devel Pullup ticket #5849 - requested by bsiegert
From: spz <spz%pkgsrc.org@localhost>
Date: Sat, 20 Oct 2018 17:27:05 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/59f1908eec08
branches:  pkgsrc-2018Q3
changeset: 314181:59f1908eec08
user:      spz <spz%pkgsrc.org@localhost>
date:      Sat Oct 20 16:24:01 2018 +0000

description:
Pullup ticket #5849 - requested by bsiegert
devel/ncurses: security patch
devel/ncursesw: security patch

Revisions pulled up:
- devel/ncurses/Makefile                                        1.100
- devel/ncurses/distinfo                                        1.35
- devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c      1.3
- devel/ncursesw/Makefile                                       1.17

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   leot
   Date:           Thu Oct 18 19:42:50 UTC 2018

   Modified Files:
           pkgsrc/devel/ncurses: Makefile distinfo
           pkgsrc/devel/ncursesw: Makefile
   Added Files:
           pkgsrc/devel/ncurses/patches: patch-ncurses_tinfo_parse__entry.c

   Log Message:
   ncurses{,w}: Backport patch for CVE-2018-10754

   Patch provided by Attila F?l?p via NetBSD/pkgsrc#34, thanks!

   Bump PKGREVISION


   To generate a diff of this commit:
   cvs rdiff -u -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile
   cvs rdiff -u -r1.34 -r1.35 pkgsrc/devel/ncurses/distinfo
   cvs rdiff -u -r0 -r1.3 \
       pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ncursesw/Makefile

diffstat:

 devel/ncurses/Makefile                                   |   4 +-
 devel/ncurses/distinfo                                   |   3 +-
 devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c |  23 ++++++++++++++++
 devel/ncursesw/Makefile                                  |   3 +-
 4 files changed, 29 insertions(+), 4 deletions(-)

diffs (69 lines):

diff -r bd6b1e18f875 -r 59f1908eec08 devel/ncurses/Makefile
--- a/devel/ncurses/Makefile    Sat Oct 20 16:18:20 2018 +0000
+++ b/devel/ncurses/Makefile    Sat Oct 20 16:24:01 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.99 2018/09/15 22:47:41 wiz Exp $
+# $NetBSD: Makefile,v 1.99.2.1 2018/10/20 16:24:01 spz Exp $
 
 .include "Makefile.common"
-PKGREVISION=   2
+PKGREVISION=   3
 COMMENT=       CRT screen handling and optimization package
 
 INSTALLATION_DIRS+=    share/examples
diff -r bd6b1e18f875 -r 59f1908eec08 devel/ncurses/distinfo
--- a/devel/ncurses/distinfo    Sat Oct 20 16:18:20 2018 +0000
+++ b/devel/ncurses/distinfo    Sat Oct 20 16:24:01 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2018/04/02 16:26:03 spz Exp $
+$NetBSD: distinfo,v 1.34.4.1 2018/10/20 16:24:01 spz Exp $
 
 SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc
 RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17
@@ -12,3 +12,4 @@
 SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa
 SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca
 SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527
+SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a
diff -r bd6b1e18f875 -r 59f1908eec08 devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c  Sat Oct 20 16:24:01 2018 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.3.2.2 2018/10/20 16:24:02 spz Exp $
+
+ - Fixes CVE-2018-10754
+
+--- ncurses/tinfo/parse_entry.c.orig   2018-10-09 21:41:29.020445746 +0000
++++ ncurses/tinfo/parse_entry.c
+@@ -543,11 +543,12 @@ _nc_parse_entry(ENTRY * entryp, int lite
+                * Otherwise, look for a base entry that will already
+                * have picked up defaults via translation.
+                */
+-              for (i = 0; i < entryp->nuses; i++)
+-                  if (!strchr((char *) entryp->uses[i].name, '+'))
+-                      has_base_entry = TRUE;
++              for (i = 0; i < entryp->nuses; i++) {
++                if (entryp->uses[i].name != 0
++                    && !strchr(entryp->uses[i].name, '+'))
++                  has_base_entry = TRUE;
++              }
+           }
+-
+           postprocess_termcap(&entryp->tterm, has_base_entry);
+       } else
+           postprocess_terminfo(&entryp->tterm);
diff -r bd6b1e18f875 -r 59f1908eec08 devel/ncursesw/Makefile
--- a/devel/ncursesw/Makefile   Sat Oct 20 16:18:20 2018 +0000
+++ b/devel/ncursesw/Makefile   Sat Oct 20 16:24:01 2018 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.16 2018/04/02 16:26:04 spz Exp $
+# $NetBSD: Makefile,v 1.16.4.1 2018/10/20 16:24:02 spz Exp $
 
 .include "../../devel/ncurses/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/ncurses/ncursesw/}
 COMMENT=       Wide character CRT screen handling and optimization package
+PKGREVISION=   1
 
 PATCHDIR=      ${.CURDIR}/../../devel/ncurses/patches
 DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo

Prev by Date: [pkgsrc/pkgsrc-2018Q3]: pkgsrc/mail/spamassassin Pullup ticket #5846 - reques...
Next by Date: [pkgsrc/pkgsrc-2018Q3]: pkgsrc/doc tickets 5846-5850
Previous by Thread: [pkgsrc/pkgsrc-2018Q3]: pkgsrc/mail/spamassassin Pullup ticket #5846 - reques...
Next by Thread: [pkgsrc/pkgsrc-2018Q3]: pkgsrc/doc tickets 5846-5850
Indexes:

Home | Main Index | Thread Index | Old Index