[pkgsrc/trunk]: pkgsrc/devel Add patches to address CVE-2018-19211, CVE-2019-...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/devel Add patches to address CVE-2018-19211, CVE-2019-...
From: kim <kim%pkgsrc.org@localhost>
Date: Sat, 11 Jan 2020 02:33:19 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/c4e87dceb8d0
branches:  trunk
changeset: 347364:c4e87dceb8d0
user:      kim <kim%pkgsrc.org@localhost>
date:      Sat Jan 11 01:39:19 2020 +0000

description:
Add patches to address CVE-2018-19211, CVE-2019-17594, and CVE-2019-17595.

diffstat:

 devel/ncurses/Makefile                                   |   4 +-
 devel/ncurses/distinfo                                   |   8 +++-
 devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c |  20 ++++++++++
 devel/ncurses/patches/patch-ncurses_tinfo_alloc__ttype.c |  31 ++++++++++++++++
 devel/ncurses/patches/patch-ncurses_tinfo_comp__hash.c   |  31 ++++++++++++++++
 devel/ncurses/patches/patch-ncurses_tinfo_comp__parse.c  |  30 +++++++++++++++
 devel/ncurses/patches/patch-ncurses_tinfo_read__entry.c  |  20 ++++++++++
 devel/ncurses/patches/patch-progs_dump__entry.c          |  29 ++++++++++++++
 devel/ncursesw/Makefile                                  |   4 +-
 9 files changed, 172 insertions(+), 5 deletions(-)

diffs (234 lines):

diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/Makefile
--- a/devel/ncurses/Makefile    Sat Jan 11 01:34:26 2020 +0000
+++ b/devel/ncurses/Makefile    Sat Jan 11 01:39:19 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.103 2019/10/10 12:29:11 triaxx Exp $
+# $NetBSD: Makefile,v 1.104 2020/01/11 01:39:19 kim Exp $
 
 .include "Makefile.common"
-PKGREVISION=   6
+PKGREVISION=   7
 COMMENT=       CRT screen handling and optimization package
 
 INSTALLATION_DIRS+=    share/examples
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/distinfo
--- a/devel/ncurses/distinfo    Sat Jan 11 01:34:26 2020 +0000
+++ b/devel/ncurses/distinfo    Sat Jan 11 01:39:19 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36 2019/02/25 11:54:05 jperkin Exp $
+$NetBSD: distinfo,v 1.37 2020/01/11 01:39:19 kim Exp $
 
 SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc
 RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17
@@ -13,4 +13,10 @@
 SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca
 SHA1 (patch-misc_terminfo.src) = 3423a09b0b6aac1139ab21f514c631ee8c36c2f7
 SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527
+SHA1 (patch-ncurses_tinfo_alloc__entry.c) = a1fc6ce016f33aea422f82d4df2cd60ef352760e
+SHA1 (patch-ncurses_tinfo_alloc__ttype.c) = 6cec181b4dd24008ed62b90e6d6c508a7caccc0a
+SHA1 (patch-ncurses_tinfo_comp__hash.c) = 44c646f9fc5e6f7b3e4e4de5df0506b7bc8f8a25
+SHA1 (patch-ncurses_tinfo_comp__parse.c) = 98f9e7bbaf3aa7883a8bb2ec359fae3647e0989f
 SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a
+SHA1 (patch-ncurses_tinfo_read__entry.c) = 251878d3625df25bdbb8c16f9ef619e50d786dae
+SHA1 (patch-progs_dump__entry.c) = 5cade588859c3e91287ef933253b792728df5a44
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c  Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ncurses_tinfo_alloc__entry.c,v 1.3 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+  a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/alloc_entry.c
++++ ncurses/tinfo/alloc_entry.c
+@@ -229,6 +229,9 @@ _nc_merge_entry(ENTRY * const target, ENTRY * const source)
+     TERMTYPE2 *from = &(source->tterm);
+     unsigned i;
+ 
++    if (source == 0 || from == 0 || target == 0 || to == 0)
++      return;
++
+ #if NCURSES_XNAMES
+     _nc_align_termtype(to, from);
+ #endif
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/patches/patch-ncurses_tinfo_alloc__ttype.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_alloc__ttype.c  Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ncurses_tinfo_alloc__ttype.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+  a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/alloc_ttype.c
++++ ncurses/tinfo/alloc_ttype.c
+@@ -388,12 +388,16 @@ adjust_cancels(TERMTYPE2 *to, TERMTYPE2 *from)
+ NCURSES_EXPORT(void)
+ _nc_align_termtype(TERMTYPE2 *to, TERMTYPE2 *from)
+ {
+-    int na = (int) NUM_EXT_NAMES(to);
+-    int nb = (int) NUM_EXT_NAMES(from);
++    int na;
++    int nb;
+     char **ext_Names;
+ 
+-    DEBUG(2, ("align_termtype to(%d:%s), from(%d:%s)", na, to->term_names,
+-            nb, from->term_names));
++    na = to ? ((int) NUM_EXT_NAMES(to)) : 0;
++    nb = from ? ((int) NUM_EXT_NAMES(from)) : 0;
++
++    DEBUG(2, ("align_termtype to(%d:%s), from(%d:%s)",
++            na, to ? NonNull(to->term_names) : "?",
++            nb, from ? NonNull(from->term_names) : "?"));
+ 
+     if (na != 0 || nb != 0) {
+       int ext_Booleans, ext_Numbers, ext_Strings;
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/patches/patch-ncurses_tinfo_comp__hash.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_comp__hash.c    Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ncurses_tinfo_comp__hash.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2019-17594 cherry-picked from upstream patchlevel 20191012.
+Check for invalid hashcode in _nc_find_type_entry and nc_find_entry.
+
+https://bugs.debian.org/942401
+
+--- ncurses/tinfo/comp_hash.c
++++ ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+ 
+     hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++      && (unsigned) hashvalue < data->table_size
++      && data->table_data[hashvalue] >= 0) {
+ 
+       real_table = _nc_get_table(termcap);
+       ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+     const HashData *data = _nc_get_hash_info(termcap);
+     int hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++      && (unsigned) hashvalue < data->table_size
++      && data->table_data[hashvalue] >= 0) {
+       const struct name_table_entry *const table = _nc_get_table(termcap);
+ 
+       ptr = table + data->table_data[hashvalue];
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/patches/patch-ncurses_tinfo_comp__parse.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_comp__parse.c   Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-ncurses_tinfo_comp__parse.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+  a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/comp_parse.c
++++ ncurses/tinfo/comp_parse.c
+@@ -317,6 +437,9 @@ _nc_resolve_uses2(bool fullresolve, bool literal)
+           char *lookfor = qp->uses[i].name;
+           long lookline = qp->uses[i].line;
+ 
++          if (lookfor == 0)
++              continue;
++
+           foundit = FALSE;
+ 
+           _nc_set_type(child);
+@@ -394,7 +517,8 @@ _nc_resolve_uses2(bool fullresolve, bool literal)
+                    * subsequent pass.
+                    */
+                   for (i = 0; i < qp->nuses; i++)
+-                      if (qp->uses[i].link->nuses) {
++                      if (qp->uses[i].link
++                          && qp->uses[i].link->nuses) {
+                           DEBUG(2, ("%s: use entry %d unresolved",
+                                     _nc_first_name(qp->tterm.term_names), i));
+                           goto incomplete;
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/patches/patch-ncurses_tinfo_read__entry.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_read__entry.c   Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ncurses_tinfo_read__entry.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+  a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/read_entry.c
++++ ncurses/tinfo/read_entry.c
+@@ -837,6 +837,9 @@ _nc_read_entry2(const char *const name, char *const filename, TERMTYPE2 *const t
+ {
+     int code = TGETENT_NO;
+ 
++    if (name == 0)
++      return _nc_read_entry2("", filename, tp);
++
+     _nc_SPRINTF(filename, _nc_SLIMIT(PATH_MAX)
+               "%.*s", PATH_MAX - 1, name);
+ 
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncurses/patches/patch-progs_dump__entry.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-progs_dump__entry.c   Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-progs_dump__entry.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2019-17595 cherry-picked from upstream patchlevel 20191012.
+Additionally to the CVE fix, this contains a check for acsc with odd
+length in dump_entry in check for one-one mapping.
+
+https://bugs.debian.org/942401
+
+--- progs/dump_entry.c
++++ progs/dump_entry.c
+@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
+                               *d++ = '\\';
+                               *d = ':';
+                           } else if (*d == '\\') {
+-                              *++d = *s++;
++                              if ((*++d = *s++) == '\0')
++                                  break;
+                           }
+                           d++;
+                           *d = '\0';
+@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping)
+ 
+     if (VALID_STRING(mapping)) {
+       int n = 0;
+-      while (mapping[n] != '\0') {
++      while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
+           if (isLine(mapping[n]) &&
+               mapping[n] != mapping[n + 1]) {
+               result = FALSE;
diff -r 5ab18e454aa1 -r c4e87dceb8d0 devel/ncursesw/Makefile
--- a/devel/ncursesw/Makefile   Sat Jan 11 01:34:26 2020 +0000
+++ b/devel/ncursesw/Makefile   Sat Jan 11 01:39:19 2020 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.19 2019/02/25 11:54:05 jperkin Exp $
+# $NetBSD: Makefile,v 1.20 2020/01/11 01:39:19 kim Exp $
 
 .include "../../devel/ncurses/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/ncurses/ncursesw/}
 COMMENT=       Wide character CRT screen handling and optimization package
-PKGREVISION=   3
+PKGREVISION=   7
 
 PATCHDIR=      ${.CURDIR}/../../devel/ncurses/patches
 DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo
Prev by Date: [pkgsrc/trunk]: pkgsrc/comms/deforaos-phone deforaos-phone: update to 0.6.0
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated www/firefox68-l10n to 68.4.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/comms/deforaos-phone deforaos-phone: update to 0.6.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated www/firefox68-l10n to 68.4.1
Indexes:
Home | Main Index | Thread Index | Old Index