diff options
author | kim <kim@pkgsrc.org> | 2021-03-13 07:24:04 +0000 |
---|---|---|
committer | kim <kim@pkgsrc.org> | 2021-03-13 07:24:04 +0000 |
commit | 88d70cddf13c0f3afe4db0dba0d7405b38867ffa (patch) | |
tree | 62116944a33805bad33427607014bb3f96e2a158 /misc/screen | |
parent | 14ffc3d30a50c6080e70dedb4830931abc5b7a2a (diff) | |
download | pkgsrc-88d70cddf13c0f3afe4db0dba0d7405b38867ffa.tar.gz |
misc/screen: Fix CVE-2021-26937 and another UTF-8 bug
Diffstat (limited to 'misc/screen')
-rw-r--r-- | misc/screen/Makefile | 4 | ||||
-rw-r--r-- | misc/screen/distinfo | 4 | ||||
-rw-r--r-- | misc/screen/patches/patch-ansi.c | 43 | ||||
-rw-r--r-- | misc/screen/patches/patch-encoding.c | 68 |
4 files changed, 116 insertions, 3 deletions
diff --git a/misc/screen/Makefile b/misc/screen/Makefile index b72c7359c83..467f413c42a 100644 --- a/misc/screen/Makefile +++ b/misc/screen/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.118 2021/02/12 22:53:14 cjep Exp $ +# $NetBSD: Makefile,v 1.119 2021/03/13 07:24:04 kim Exp $ DISTNAME= screen-4.8.0 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= misc shells MASTER_SITES= ${MASTER_SITE_GNU:=screen/} diff --git a/misc/screen/distinfo b/misc/screen/distinfo index 3b52c2ac737..10d12f24917 100644 --- a/misc/screen/distinfo +++ b/misc/screen/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.58 2021/02/12 22:53:14 cjep Exp $ +$NetBSD: distinfo,v 1.59 2021/03/13 07:24:04 kim Exp $ SHA1 (screen-4.8.0.tar.gz) = 2328927e10e68d357bdfec7bd740726011e834e9 RMD160 (screen-4.8.0.tar.gz) = 43888fa00f708a8a9aa226e0df39abd7181b15ae @@ -13,9 +13,11 @@ SHA1 (patch-ak) = 1aaf82f7fe666d86a9f4ab7d6f7222e895a17bba SHA1 (patch-al) = 74634eadfd53e217032e735adf09295868f11bd8 SHA1 (patch-am) = a721e311e7dde7938de0e9546a7892bfd104ebd1 SHA1 (patch-an) = bda6c65148410a6c9a13afd8ad34f93e33731552 +SHA1 (patch-ansi.c) = 741b1c789f8e30fb27c81413b317c27a7235a861 SHA1 (patch-ao) = a45ae3186cd9bddeb915bad890f1be5abc315dd3 SHA1 (patch-ap) = 4aab542045a0abe55e82d91851b94c3cb569139f SHA1 (patch-display.h) = 922ebe152d8c09fc016b983d8fe9c1c64ef74578 +SHA1 (patch-encoding.c) = f426f0118a76106f8063c8d0c0f36b4e4ad7ae0b SHA1 (patch-screen.c) = de5d8468100ab88cbdb842e21b04b00221e798b8 SHA1 (patch-socket.c) = ef7d3cb14f0199383c0e750af48f19537eb0b36d SHA1 (patch-tty.sh) = 711e10879250de4b0e04bc2ec00472edeaf6aada diff --git a/misc/screen/patches/patch-ansi.c b/misc/screen/patches/patch-ansi.c new file mode 100644 index 00000000000..06e17fb8daa --- /dev/null +++ b/misc/screen/patches/patch-ansi.c @@ -0,0 +1,43 @@ +$NetBSD: patch-ansi.c,v 1.3 2021/03/13 07:24:04 kim Exp $ + +https://salsa.debian.org/debian/screen/-/raw/master/debian/patches/52fix_screen_utf8_nfd.patch + +Author: Michael Schröder <mls@suse.de> +Reviewed-By: Axel Beckert <abe@debian.org> +Description: screen outputs screen "ÿ" after a connected character. + This is a character without the need. + This happens in UTF-8 environment. + Before : screen$ ruby1.9.1 -e 'puts "\u304b\u3099.."' + がÿ... + patch applied : screen $ ruby1.9.1 -e 'puts "\u304b\u3099.."' + が.. +Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00012.html +Bugs-Debian: https://bugs.debian.org/600246 +Bugs-Debian: https://bugs.debian.org/677512 + +diff --git a/ansi.c b/ansi.c +index 2a52edd..83b266d 100644 +--- ansi.c.orig ++++ ansi.c +@@ -692,10 +692,6 @@ register int len; + } + curr->w_rend.font = 0; + } +-# ifdef DW_CHARS +- if (curr->w_encoding == UTF8 && utf8_isdouble(c)) +- curr->w_mbcs = 0xff; +-# endif + if (curr->w_encoding == UTF8 && c >= 0x0300 && utf8_iscomb(c)) + { + int ox, oy; +@@ -730,6 +726,10 @@ register int len; + } + break; + } ++# ifdef DW_CHARS ++ if (curr->w_encoding == UTF8 && utf8_isdouble(c)) ++ curr->w_mbcs = 0xff; ++# endif + font = curr->w_rend.font; + # endif + # ifdef DW_CHARS diff --git a/misc/screen/patches/patch-encoding.c b/misc/screen/patches/patch-encoding.c new file mode 100644 index 00000000000..4c7ab553a61 --- /dev/null +++ b/misc/screen/patches/patch-encoding.c @@ -0,0 +1,68 @@ +$NetBSD: patch-encoding.c,v 1.1 2021/03/13 07:24:04 kim Exp $ + +https://salsa.debian.org/debian/screen/-/raw/master/debian/patches/99_CVE-2021-26937.patch + +Description: [CVE-2021-26937] Fix out of bounds array access +Author: Michael Schröder <mls@suse.de> +Bug-Debian: https://bugs.debian.org/982435 +Bug: https://savannah.gnu.org/bugs/?60030 +Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html +Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3 +Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html + +--- encoding.c.orig ++++ encoding.c +@@ -43,7 +43,7 @@ + # ifdef UTF8 + static int recode_char __P((int, int, int)); + static int recode_char_to_encoding __P((int, int)); +-static void comb_tofront __P((int, int)); ++static void comb_tofront __P((int)); + # ifdef DW_CHARS + static int recode_char_dw __P((int, int *, int, int)); + static int recode_char_dw_to_encoding __P((int, int *, int)); +@@ -1263,6 +1263,8 @@ + {0x30000, 0x3FFFD}, + }; + ++ if (c >= 0xdf00 && c <= 0xdfff) ++ return 1; /* dw combining sequence */ + return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) || + (cjkwidth && + bisearch(c, ambiguous, +@@ -1330,11 +1332,12 @@ + } + + static void +-comb_tofront(root, i) +-int root, i; ++comb_tofront(i) ++int i; + { + for (;;) + { ++ int root = i >= 0x700 ? 0x801 : 0x800; + debug1("bring to front: %x\n", i); + combchars[combchars[i]->prev]->next = combchars[i]->next; + combchars[combchars[i]->next]->prev = combchars[i]->prev; +@@ -1396,9 +1399,9 @@ + { + /* full, recycle old entry */ + if (c1 >= 0xd800 && c1 < 0xe000) +- comb_tofront(root, c1 - 0xd800); ++ comb_tofront(c1 - 0xd800); + i = combchars[root]->prev; +- if (c1 == i + 0xd800) ++ if (i == 0x800 || i == 0x801 || c1 == i + 0xd800) + { + /* completely full, can't recycle */ + debug("utf8_handle_comp: completely full!\n"); +@@ -1422,7 +1425,7 @@ + mc->font = (i >> 8) + 0xd8; + mc->fontx = 0; + debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); +- comb_tofront(root, i); ++ comb_tofront(i); + } + + #else /* !UTF8 */ |