diff options
| author | leot <leot@pkgsrc.org> | 2018-10-18 19:42:49 +0000 |
|---|---|---|
| committer | leot <leot@pkgsrc.org> | 2018-10-18 19:42:49 +0000 |
| commit | c8a7efc4081dc6d8da0b0a4a97b4a01f109ca2e7 (patch) | |
| tree | 924ab5819094963d97e633d29fe5d16e1c699621 | |
| parent | 7745d54fc2f5bc88bfa2be5418a2220d91bf1a78 (diff) | |
| download | pkgsrc-c8a7efc4081dc6d8da0b0a4a97b4a01f109ca2e7.tar.gz | |
ncurses{,w}: Backport patch for CVE-2018-10754
Patch provided by Attila Fülöp via NetBSD/pkgsrc#34, thanks!
Bump PKGREVISION
| -rw-r--r-- | devel/ncurses/Makefile | 4 | ||||
| -rw-r--r-- | devel/ncurses/distinfo | 3 | ||||
| -rw-r--r-- | devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c | 23 | ||||
| -rw-r--r-- | devel/ncursesw/Makefile | 3 |
4 files changed, 29 insertions, 4 deletions
diff --git a/devel/ncurses/Makefile b/devel/ncurses/Makefile index dc9127d5619..bcbc628b1cc 100644 --- a/devel/ncurses/Makefile +++ b/devel/ncurses/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.99 2018/09/15 22:47:41 wiz Exp $ +# $NetBSD: Makefile,v 1.100 2018/10/18 19:42:49 leot Exp $ .include "Makefile.common" -PKGREVISION= 2 +PKGREVISION= 3 COMMENT= CRT screen handling and optimization package INSTALLATION_DIRS+= share/examples diff --git a/devel/ncurses/distinfo b/devel/ncurses/distinfo index 8328cfbcb18..67386e1b0b7 100644 --- a/devel/ncurses/distinfo +++ b/devel/ncurses/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2018/04/02 16:26:03 spz Exp $ +$NetBSD: distinfo,v 1.35 2018/10/18 19:42:49 leot Exp $ SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17 @@ -12,3 +12,4 @@ SHA1 (patch-c++_Makefile.in) = 68ff81c719ec4aa13beb962cb66d7cd6749d7af5 SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527 +SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a diff --git a/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c b/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c new file mode 100644 index 00000000000..c23c693d6de --- /dev/null +++ b/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c @@ -0,0 +1,23 @@ +$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.3 2018/10/18 19:42:49 leot Exp $ + + - Fixes CVE-2018-10754 + +--- ncurses/tinfo/parse_entry.c.orig 2018-10-09 21:41:29.020445746 +0000 ++++ ncurses/tinfo/parse_entry.c +@@ -543,11 +543,12 @@ _nc_parse_entry(ENTRY * entryp, int lite + * Otherwise, look for a base entry that will already + * have picked up defaults via translation. + */ +- for (i = 0; i < entryp->nuses; i++) +- if (!strchr((char *) entryp->uses[i].name, '+')) +- has_base_entry = TRUE; ++ for (i = 0; i < entryp->nuses; i++) { ++ if (entryp->uses[i].name != 0 ++ && !strchr(entryp->uses[i].name, '+')) ++ has_base_entry = TRUE; ++ } + } +- + postprocess_termcap(&entryp->tterm, has_base_entry); + } else + postprocess_terminfo(&entryp->tterm); diff --git a/devel/ncursesw/Makefile b/devel/ncursesw/Makefile index d93afc4b04f..e93399d07c4 100644 --- a/devel/ncursesw/Makefile +++ b/devel/ncursesw/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.16 2018/04/02 16:26:04 spz Exp $ +# $NetBSD: Makefile,v 1.17 2018/10/18 19:42:49 leot Exp $ .include "../../devel/ncurses/Makefile.common" PKGNAME= ${DISTNAME:S/ncurses/ncursesw/} COMMENT= Wide character CRT screen handling and optimization package +PKGREVISION= 1 PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo |