[pkgsrc/trunk]: pkgsrc/devel patches from

[spz <spz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/549366db7528
branches:  trunk
changeset: 366273:549366db7528
user:      spz <spz%pkgsrc.org@localhost>
date:      Tue Aug 08 18:38:21 2017 +0000

description:
patches from
ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
+ add/improve checks in tic's parser to address invalid input
 (Redhat #1464684, #1464685, #1464686, #1464691).
 + alloc_entry.c, add a check for a null-pointer.
 + parse_entry.c, add several checks for valid pointers as well as
   one check to ensure that a single character on a line is not
   treated as the 2-character termcap short-name.

that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113

diffstat:

 devel/ncurses/Makefile                                   |   4 +-
 devel/ncurses/distinfo                                   |   4 +-
 devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c |  28 ++++++
 devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c |  74 ++++++++++++++++
 devel/ncursesw/Makefile                                  |   4 +-
 5 files changed, 109 insertions(+), 5 deletions(-)

diffs (150 lines):

diff -r 828e62187f0b -r 549366db7528 devel/ncurses/Makefile
--- a/devel/ncurses/Makefile    Tue Aug 08 18:16:35 2017 +0000
+++ b/devel/ncurses/Makefile    Tue Aug 08 18:38:21 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.94 2016/12/18 23:30:34 joerg Exp $
+# $NetBSD: Makefile,v 1.95 2017/08/08 18:38:21 spz Exp $
 
-PKGREVISION= 3
+PKGREVISION= 4
 .include "Makefile.common"
 
 COMMENT=       CRT screen handling and optimization package
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/distinfo
--- a/devel/ncurses/distinfo    Tue Aug 08 18:16:35 2017 +0000
+++ b/devel/ncurses/distinfo    Tue Aug 08 18:38:21 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2016/12/30 11:28:19 wiz Exp $
+$NetBSD: distinfo,v 1.32 2017/08/08 18:38:21 spz Exp $
 
 SHA1 (ncurses-6.0.tar.gz) = acd606135a5124905da770803c05f1f20dd3b21c
 RMD160 (ncurses-6.0.tar.gz) = 4d9e5938f00b400bfb0d37f3c54f2f36c4157d48
@@ -11,4 +11,6 @@
 SHA1 (patch-c++_Makefile.in) = 974f89c75737a8079977fc35a924b54d32e98df2
 SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa
 SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527
+SHA1 (patch-ncurses_tinfo_alloc__entry.c) = b9f3ab1ba347f9725a97874b0020e14b56341195
 SHA1 (patch-ncurses_tinfo_lib__baudrate.c) = e383a11530a3045e729ab8c738e57a9e217a994f
+SHA1 (patch-ncurses_tinfo_parse__entry.c) = c99eb89dcdbf0ad4e05eea9b7f9820a0d4328173
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c  Tue Aug 08 18:38:21 2017 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-ncurses_tinfo_alloc__entry.c,v 1.1 2017/08/08 18:38:21 spz Exp $
+
+from ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
++ add/improve checks in tic's parser to address invalid input
+ (Redhat #1464684, #1464685, #1464686, #1464691).
+ + alloc_entry.c, add a check for a null-pointer.
+ + parse_entry.c, add several checks for valid pointers as well as
+   one check to ensure that a single character on a line is not
+   treated as the 2-character termcap short-name.
+
+that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113
+
+
+--- ncurses/tinfo/alloc_entry.c.orig   2013-08-17 19:20:38.000000000 +0000
++++ ncurses/tinfo/alloc_entry.c
+@@ -96,7 +96,11 @@ _nc_save_str(const char *const string)
+ {
+     char *result = 0;
+     size_t old_next_free = next_free;
+-    size_t len = strlen(string) + 1;
++    size_t len;
++
++    if (string == 0)
++      return _nc_save_str("");
++    len = strlen(string) + 1;
+ 
+     if (len == 1 && next_free != 0) {
+       /*
diff -r 828e62187f0b -r 549366db7528 devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c  Tue Aug 08 18:38:21 2017 +0000
@@ -0,0 +1,74 @@
+$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.1 2017/08/08 18:38:21 spz Exp $
+
+from ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
++ add/improve checks in tic's parser to address invalid input
+ (Redhat #1464684, #1464685, #1464686, #1464691).
+ + alloc_entry.c, add a check for a null-pointer.
+ + parse_entry.c, add several checks for valid pointers as well as
+   one check to ensure that a single character on a line is not 
+   treated as the 2-character termcap short-name.
+
+that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113
+
+--- ncurses/tinfo/parse_entry.c.orig   2015-04-04 14:18:38.000000000 +0000
++++ ncurses/tinfo/parse_entry.c
+@@ -236,13 +236,14 @@ _nc_parse_entry(struct entry *entryp, in
+      * implemented it.  Note that the resulting terminal type was never the
+      * 2-character name, but was instead the first alias after that.
+      */
++#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|')
+     ptr = _nc_curr_token.tk_name;
+     if (_nc_syntax == SYN_TERMCAP
+ #if NCURSES_XNAMES
+       && !_nc_user_definable
+ #endif
+       ) {
+-      if (ptr[2] == '|') {
++      if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && (ptr[2] == '|')) {
+           ptr += 3;
+           _nc_curr_token.tk_name[2] = '\0';
+       }
+@@ -284,9 +285,11 @@ _nc_parse_entry(struct entry *entryp, in
+       if (is_use || is_tc) {
+           entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+           entryp->uses[entryp->nuses].line = _nc_curr_line;
+-          entryp->nuses++;
+-          if (entryp->nuses > 1 && is_tc) {
+-              BAD_TC_USAGE
++          if (VALID_STRING(entryp->uses[entryp->nuses].name)) {
++              entryp->nuses++;
++              if (entryp->nuses > 1 && is_tc) {
++                  BAD_TC_USAGE
++              }
+           }
+       } else {
+           /* normal token lookup */
+@@ -571,7 +574,7 @@ append_acs0(string_desc * dst, int code,
+ static void
+ append_acs(string_desc * dst, int code, char *src)
+ {
+-    if (src != 0 && strlen(src) == 1) {
++    if (VALID_STRING(src) && strlen(src) == 1) {
+       append_acs0(dst, code, *src);
+     }
+ }
+@@ -832,15 +835,14 @@ postprocess_termcap(TERMTYPE *tp, bool h
+           }
+ 
+           if (tp->Strings[to_ptr->nte_index]) {
++              const char *s = tp->Strings[from_ptr->nte_index];
++              const char *t = tp->Strings[to_ptr->nte_index];
+               /* There's no point in warning about it if it's the same
+                * string; that's just an inefficiency.
+                */
+-              if (strcmp(
+-                            tp->Strings[from_ptr->nte_index],
+-                            tp->Strings[to_ptr->nte_index]) != 0)
++              if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0)
+                   _nc_warning("%s (%s) already has an explicit value %s, ignoring ko",
+-                              ap->to, ap->from,
+-                              _nc_visbuf(tp->Strings[to_ptr->nte_index]));
++                              ap->to, ap->from, t);
+               continue;
+           }
+ 
diff -r 828e62187f0b -r 549366db7528 devel/ncursesw/Makefile
--- a/devel/ncursesw/Makefile   Tue Aug 08 18:16:35 2017 +0000
+++ b/devel/ncursesw/Makefile   Tue Aug 08 18:38:21 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2016/12/18 23:30:34 joerg Exp $
+# $NetBSD: Makefile,v 1.14 2017/08/08 18:38:21 spz Exp $
 
-PKGREVISION= 2
+PKGREVISION= 3
 .include "../../devel/ncurses/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/ncurses/ncursesw/}