diff options
| author | wiz <wiz@pkgsrc.org> | 2021-10-09 07:52:36 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2021-10-09 07:52:36 +0000 |
| commit | a0c3dc1b1e8e162a975fac5c6e23207ce167815c (patch) | |
| tree | 686fd3cbb4802356b51fa1bd7ad70d78a7d6ebc9 /devel/ncurses | |
| parent | 087a74adf30a39be60d2a81d22ffc7579899c223 (diff) | |
| download | pkgsrc-a0c3dc1b1e8e162a975fac5c6e23207ce167815c.tar.gz | |
ncurses: fix for CVE-2021-39537 from upstream
Many thanks to Thomas Dickey for help in tracking down the bugfix patch!
PKGREVISION++
Diffstat (limited to 'devel/ncurses')
| -rw-r--r-- | devel/ncurses/Makefile | 4 | ||||
| -rw-r--r-- | devel/ncurses/distinfo | 3 | ||||
| -rw-r--r-- | devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c | 26 |
3 files changed, 30 insertions, 3 deletions
diff --git a/devel/ncurses/Makefile b/devel/ncurses/Makefile index 2077c04785c..5a66785c1ba 100644 --- a/devel/ncurses/Makefile +++ b/devel/ncurses/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.110 2021/05/24 19:50:02 wiz Exp $ +# $NetBSD: Makefile,v 1.111 2021/10/09 07:52:36 wiz Exp $ .include "Makefile.common" -PKGREVISION= 3 +PKGREVISION= 4 COMMENT= CRT screen handling and optimization package diff --git a/devel/ncurses/distinfo b/devel/ncurses/distinfo index 1d870e86bf7..8fff8a96e2b 100644 --- a/devel/ncurses/distinfo +++ b/devel/ncurses/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.47 2021/10/07 13:40:36 nia Exp $ +$NetBSD: distinfo,v 1.48 2021/10/09 07:52:36 wiz Exp $ RMD160 (ncurses-6.2.tar.gz) = bedfe81f33b3e55e44d14126c9c2821d7f222701 SHA512 (ncurses-6.2.tar.gz) = 4c1333dcc30e858e8a9525d4b9aefb60000cfc727bc4a1062bace06ffc4639ad9f6e54f6bdda0e3a0e5ea14de995f96b52b3327d9ec633608792c99a1e8d840d @@ -9,4 +9,5 @@ SHA1 (patch-misc_run__tic.in) = a6a8dd89da1a2fbbc5fcabfa6d41ce3a41b75722 SHA1 (patch-misc_terminfo.src) = d9eede4b159358f396693141ed9d9c2a76647917 SHA1 (patch-mk-1st.awk) = adf9d68ee565da80078cfcfa8969a4ef806d65de SHA1 (patch-ncurses_base_lib_initscr.c) = e514e2bb4862a2617b30c6ad715bc1c50cb76f0e +SHA1 (patch-ncurses_tinfo_captoinfo.c) = d0c39b510b44088d5ea26be10711fc21de1d2ecd SHA1 (patch-ncurses_tinfo_lib_raw.c) = 5aa2d439b8f5c3ce87863095396848c923c864d0 diff --git a/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c b/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c new file mode 100644 index 00000000000..2113181a2f1 --- /dev/null +++ b/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c @@ -0,0 +1,26 @@ +$NetBSD: patch-ncurses_tinfo_captoinfo.c,v 1.1 2021/10/09 07:52:36 wiz Exp $ + +Fix for CVE-2021-39537 from upstream: +https://github.com/ThomasDickey/ncurses-snapshots/commit/63ca9e061f4644795d6f3f559557f3e1ed8c738b#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340 + +--- ncurses/tinfo/captoinfo.c.orig 2020-02-02 23:34:34.000000000 +0000 ++++ ncurses/tinfo/captoinfo.c +@@ -216,12 +216,15 @@ cvtchar(register const char *sp) + } + break; + case '^': ++ len = 2; + c = UChar(*++sp); +- if (c == '?') ++ if (c == '?') { + c = 127; +- else ++ } else if (c == '\0') { ++ len = 1; ++ } else { + c &= 0x1f; +- len = 2; ++ } + break; + default: + c = UChar(*sp); |