pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel Add patches to address CVE-2018-19211, CVE-2019-...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4a3eb012fb42
branches: trunk
changeset: 407868:4a3eb012fb42
user: kim <kim%pkgsrc.org@localhost>
date: Sat Jan 11 01:39:19 2020 +0000
description:
Add patches to address CVE-2018-19211, CVE-2019-17594, and CVE-2019-17595.
diffstat:
devel/ncurses/Makefile | 4 +-
devel/ncurses/distinfo | 8 +++-
devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c | 20 ++++++++++
devel/ncurses/patches/patch-ncurses_tinfo_alloc__ttype.c | 31 ++++++++++++++++
devel/ncurses/patches/patch-ncurses_tinfo_comp__hash.c | 31 ++++++++++++++++
devel/ncurses/patches/patch-ncurses_tinfo_comp__parse.c | 30 +++++++++++++++
devel/ncurses/patches/patch-ncurses_tinfo_read__entry.c | 20 ++++++++++
devel/ncurses/patches/patch-progs_dump__entry.c | 29 ++++++++++++++
devel/ncursesw/Makefile | 4 +-
9 files changed, 172 insertions(+), 5 deletions(-)
diffs (234 lines):
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/Makefile
--- a/devel/ncurses/Makefile Sat Jan 11 01:34:26 2020 +0000
+++ b/devel/ncurses/Makefile Sat Jan 11 01:39:19 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.103 2019/10/10 12:29:11 triaxx Exp $
+# $NetBSD: Makefile,v 1.104 2020/01/11 01:39:19 kim Exp $
.include "Makefile.common"
-PKGREVISION= 6
+PKGREVISION= 7
COMMENT= CRT screen handling and optimization package
INSTALLATION_DIRS+= share/examples
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/distinfo
--- a/devel/ncurses/distinfo Sat Jan 11 01:34:26 2020 +0000
+++ b/devel/ncurses/distinfo Sat Jan 11 01:39:19 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36 2019/02/25 11:54:05 jperkin Exp $
+$NetBSD: distinfo,v 1.37 2020/01/11 01:39:19 kim Exp $
SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc
RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17
@@ -13,4 +13,10 @@
SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca
SHA1 (patch-misc_terminfo.src) = 3423a09b0b6aac1139ab21f514c631ee8c36c2f7
SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527
+SHA1 (patch-ncurses_tinfo_alloc__entry.c) = a1fc6ce016f33aea422f82d4df2cd60ef352760e
+SHA1 (patch-ncurses_tinfo_alloc__ttype.c) = 6cec181b4dd24008ed62b90e6d6c508a7caccc0a
+SHA1 (patch-ncurses_tinfo_comp__hash.c) = 44c646f9fc5e6f7b3e4e4de5df0506b7bc8f8a25
+SHA1 (patch-ncurses_tinfo_comp__parse.c) = 98f9e7bbaf3aa7883a8bb2ec359fae3647e0989f
SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a
+SHA1 (patch-ncurses_tinfo_read__entry.c) = 251878d3625df25bdbb8c16f9ef619e50d786dae
+SHA1 (patch-progs_dump__entry.c) = 5cade588859c3e91287ef933253b792728df5a44
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ncurses_tinfo_alloc__entry.c,v 1.3 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+ a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/alloc_entry.c
++++ ncurses/tinfo/alloc_entry.c
+@@ -229,6 +229,9 @@ _nc_merge_entry(ENTRY * const target, ENTRY * const source)
+ TERMTYPE2 *from = &(source->tterm);
+ unsigned i;
+
++ if (source == 0 || from == 0 || target == 0 || to == 0)
++ return;
++
+ #if NCURSES_XNAMES
+ _nc_align_termtype(to, from);
+ #endif
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/patches/patch-ncurses_tinfo_alloc__ttype.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_alloc__ttype.c Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ncurses_tinfo_alloc__ttype.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+ a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/alloc_ttype.c
++++ ncurses/tinfo/alloc_ttype.c
+@@ -388,12 +388,16 @@ adjust_cancels(TERMTYPE2 *to, TERMTYPE2 *from)
+ NCURSES_EXPORT(void)
+ _nc_align_termtype(TERMTYPE2 *to, TERMTYPE2 *from)
+ {
+- int na = (int) NUM_EXT_NAMES(to);
+- int nb = (int) NUM_EXT_NAMES(from);
++ int na;
++ int nb;
+ char **ext_Names;
+
+- DEBUG(2, ("align_termtype to(%d:%s), from(%d:%s)", na, to->term_names,
+- nb, from->term_names));
++ na = to ? ((int) NUM_EXT_NAMES(to)) : 0;
++ nb = from ? ((int) NUM_EXT_NAMES(from)) : 0;
++
++ DEBUG(2, ("align_termtype to(%d:%s), from(%d:%s)",
++ na, to ? NonNull(to->term_names) : "?",
++ nb, from ? NonNull(from->term_names) : "?"));
+
+ if (na != 0 || nb != 0) {
+ int ext_Booleans, ext_Numbers, ext_Strings;
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/patches/patch-ncurses_tinfo_comp__hash.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_comp__hash.c Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-ncurses_tinfo_comp__hash.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2019-17594 cherry-picked from upstream patchlevel 20191012.
+Check for invalid hashcode in _nc_find_type_entry and nc_find_entry.
+
+https://bugs.debian.org/942401
+
+--- ncurses/tinfo/comp_hash.c
++++ ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+
+ hashvalue = data->hash_of(string);
+
+- if (data->table_data[hashvalue] >= 0) {
++ if (hashvalue >= 0
++ && (unsigned) hashvalue < data->table_size
++ && data->table_data[hashvalue] >= 0) {
+
+ real_table = _nc_get_table(termcap);
+ ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+ const HashData *data = _nc_get_hash_info(termcap);
+ int hashvalue = data->hash_of(string);
+
+- if (data->table_data[hashvalue] >= 0) {
++ if (hashvalue >= 0
++ && (unsigned) hashvalue < data->table_size
++ && data->table_data[hashvalue] >= 0) {
+ const struct name_table_entry *const table = _nc_get_table(termcap);
+
+ ptr = table + data->table_data[hashvalue];
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/patches/patch-ncurses_tinfo_comp__parse.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_comp__parse.c Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-ncurses_tinfo_comp__parse.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+ a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/comp_parse.c
++++ ncurses/tinfo/comp_parse.c
+@@ -317,6 +437,9 @@ _nc_resolve_uses2(bool fullresolve, bool literal)
+ char *lookfor = qp->uses[i].name;
+ long lookline = qp->uses[i].line;
+
++ if (lookfor == 0)
++ continue;
++
+ foundit = FALSE;
+
+ _nc_set_type(child);
+@@ -394,7 +517,8 @@ _nc_resolve_uses2(bool fullresolve, bool literal)
+ * subsequent pass.
+ */
+ for (i = 0; i < qp->nuses; i++)
+- if (qp->uses[i].link->nuses) {
++ if (qp->uses[i].link
++ && qp->uses[i].link->nuses) {
+ DEBUG(2, ("%s: use entry %d unresolved",
+ _nc_first_name(qp->tterm.term_names), i));
+ goto incomplete;
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/patches/patch-ncurses_tinfo_read__entry.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-ncurses_tinfo_read__entry.c Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-ncurses_tinfo_read__entry.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2018-19211 cherry-picked from upstream patchlevel 20180414.
+
++ add a null-pointer check in _nc_parse_entry to handle an error when
+ a use-name is invalid syntax (report by Chung-Yi Lin).
++ also add/improve null-pointer checks in other places
+
+--- ncurses/tinfo/read_entry.c
++++ ncurses/tinfo/read_entry.c
+@@ -837,6 +837,9 @@ _nc_read_entry2(const char *const name, char *const filename, TERMTYPE2 *const t
+ {
+ int code = TGETENT_NO;
+
++ if (name == 0)
++ return _nc_read_entry2("", filename, tp);
++
+ _nc_SPRINTF(filename, _nc_SLIMIT(PATH_MAX)
+ "%.*s", PATH_MAX - 1, name);
+
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncurses/patches/patch-progs_dump__entry.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/ncurses/patches/patch-progs_dump__entry.c Sat Jan 11 01:39:19 2020 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-progs_dump__entry.c,v 1.1 2020/01/11 01:39:19 kim Exp $
+
+Fix for CVE-2019-17595 cherry-picked from upstream patchlevel 20191012.
+Additionally to the CVE fix, this contains a check for acsc with odd
+length in dump_entry in check for one-one mapping.
+
+https://bugs.debian.org/942401
+
+--- progs/dump_entry.c
++++ progs/dump_entry.c
+@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
+ *d++ = '\\';
+ *d = ':';
+ } else if (*d == '\\') {
+- *++d = *s++;
++ if ((*++d = *s++) == '\0')
++ break;
+ }
+ d++;
+ *d = '\0';
+@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping)
+
+ if (VALID_STRING(mapping)) {
+ int n = 0;
+- while (mapping[n] != '\0') {
++ while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
+ if (isLine(mapping[n]) &&
+ mapping[n] != mapping[n + 1]) {
+ result = FALSE;
diff -r 8ac3f57f8a4b -r 4a3eb012fb42 devel/ncursesw/Makefile
--- a/devel/ncursesw/Makefile Sat Jan 11 01:34:26 2020 +0000
+++ b/devel/ncursesw/Makefile Sat Jan 11 01:39:19 2020 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.19 2019/02/25 11:54:05 jperkin Exp $
+# $NetBSD: Makefile,v 1.20 2020/01/11 01:39:19 kim Exp $
.include "../../devel/ncurses/Makefile.common"
PKGNAME= ${DISTNAME:S/ncurses/ncursesw/}
COMMENT= Wide character CRT screen handling and optimization package
-PKGREVISION= 3
+PKGREVISION= 7
PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches
DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo
Home |
Main Index |
Thread Index |
Old Index