summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMingli Yu <mingli.yu@windriver.com>2021-10-19 16:25:39 +0800
committerAnuj Mittal <anuj.mittal@intel.com>2021-12-09 14:32:53 +0800
commitc6422335f653c44efc651e8785821282d3d4f789 (patch)
tree1c1c8d344c26c719af04587a73aa9f6f70a8f911
parentb8fa0c446ecb3f65d7c134426a07c6244959cdf7 (diff)
downloadopenembedded-core-contrib-c6422335f653c44efc651e8785821282d3d4f789.tar.gz
ncurses: fix CVE-2021-39537
Backport patch [1] to fix CVE-2021-39537 [2]. [1] https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443 [2] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> (cherry picked from commit 8fceb122a1c0240106342738de7d2484b48d9a6a) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r--meta/recipes-core/ncurses/files/CVE-2021-39537.patch65
-rw-r--r--meta/recipes-core/ncurses/ncurses_6.2.bb1
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000000..d63bf57e8d
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+ + correct configure version-check/warnng for g++ to allow for 10.x
+ + re-enable "bel" in konsole-base (report by Nia Huang)
+ + add linux-s entry (patch by Alexandre Montaron).
+ + drop long-obsolete convert_configure.pl
+ + add test/test_parm.c, for checking tparm changes.
+ + improve parameter-checking for tparm, adding function _nc_tiparm() to
+ handle the most-used case, which accepts only numeric parameters
+ (report/testcase by "puppet-meteor").
+ + use a more conservative estimate of the buffer-size in lib_tparm.c's
+ save_text() and save_number(), in case the sprintf() function
+ passes-through unexpected characters from a format specifier
+ (report/testcase by "puppet-meteor").
+ + add a check for end-of-string in cvtchar to handle a malformed
+ string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c | 11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ }
+ break;
+ case '^':
++ len = 2;
+ c = UChar(*++sp);
+- if (c == '?')
++ if (c == '?') {
+ c = 127;
+- else
++ } else if (c == '\0') {
++ len = 1;
++ } else {
+ c &= 0x1f;
+- len = 2;
++ }
+ break;
+ default:
+ c = UChar(*sp);
+--
+2.17.1
+
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a20..598c51b00b 100644
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
SRC_URI += "file://0001-tic-hang.patch \
file://0002-configure-reproducible.patch \
file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+ file://CVE-2021-39537.patch \
"
# commit id corresponds to the revision in package version
SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"