diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2021-10-19 16:25:39 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-10-29 11:17:20 +0100 |
commit | a85f3639c48ffee7c93f7e5ced5127f51c59d3ca (patch) | |
tree | 4716a09642a8eb29becc999bd18da4be7944aab5 /meta/recipes-core | |
parent | f302dd1994e2a93c93b67dd88550383f35a4317e (diff) | |
download | poky-a85f3639c48ffee7c93f7e5ced5127f51c59d3ca.tar.gz |
ncurses: fix CVE-2021-39537
Backport patch [1] to fix CVE-2021-39537 [2].
[1] https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
[2] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
(From OE-Core rev: 8fceb122a1c0240106342738de7d2484b48d9a6a)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/ncurses/files/CVE-2021-39537.patch | 65 | ||||
-rw-r--r-- | meta/recipes-core/ncurses/ncurses_6.2.bb | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch new file mode 100644 index 0000000000..d63bf57e8d --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001 | ||
2 | From: Sven Joachim <svenjoac@gmx.de> | ||
3 | Date: Mon, 1 Jun 2020 08:03:52 +0200 | ||
4 | Subject: [PATCH] Import upstream patch 20200531 | ||
5 | |||
6 | 20200531 | ||
7 | + correct configure version-check/warnng for g++ to allow for 10.x | ||
8 | + re-enable "bel" in konsole-base (report by Nia Huang) | ||
9 | + add linux-s entry (patch by Alexandre Montaron). | ||
10 | + drop long-obsolete convert_configure.pl | ||
11 | + add test/test_parm.c, for checking tparm changes. | ||
12 | + improve parameter-checking for tparm, adding function _nc_tiparm() to | ||
13 | handle the most-used case, which accepts only numeric parameters | ||
14 | (report/testcase by "puppet-meteor"). | ||
15 | + use a more conservative estimate of the buffer-size in lib_tparm.c's | ||
16 | save_text() and save_number(), in case the sprintf() function | ||
17 | passes-through unexpected characters from a format specifier | ||
18 | (report/testcase by "puppet-meteor"). | ||
19 | + add a check for end-of-string in cvtchar to handle a malformed | ||
20 | string in infotocap (report/testcase by "puppet-meteor"). | ||
21 | |||
22 | CVE: CVE-2021-39537 | ||
23 | |||
24 | Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443] | ||
25 | |||
26 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
27 | --- | ||
28 | ncurses/tinfo/captoinfo.c | 11 +- | ||
29 | 1 file changed, 6 insertions(+), 2 deletions(-) | ||
30 | |||
31 | diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c | ||
32 | index 8b3b83d1..9362105a 100644 | ||
33 | --- a/ncurses/tinfo/captoinfo.c | ||
34 | +++ b/ncurses/tinfo/captoinfo.c | ||
35 | @@ -98,7 +98,7 @@ | ||
36 | #include <ctype.h> | ||
37 | #include <tic.h> | ||
38 | |||
39 | -MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $") | ||
40 | +MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $") | ||
41 | |||
42 | #if 0 | ||
43 | #define DEBUG_THIS(p) DEBUG(9, p) | ||
44 | @@ -216,12 +216,15 @@ cvtchar(register const char *sp) | ||
45 | } | ||
46 | break; | ||
47 | case '^': | ||
48 | + len = 2; | ||
49 | c = UChar(*++sp); | ||
50 | - if (c == '?') | ||
51 | + if (c == '?') { | ||
52 | c = 127; | ||
53 | - else | ||
54 | + } else if (c == '\0') { | ||
55 | + len = 1; | ||
56 | + } else { | ||
57 | c &= 0x1f; | ||
58 | - len = 2; | ||
59 | + } | ||
60 | break; | ||
61 | default: | ||
62 | c = UChar(*sp); | ||
63 | -- | ||
64 | 2.17.1 | ||
65 | |||
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb index e7d7396a20..598c51b00b 100644 --- a/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/meta/recipes-core/ncurses/ncurses_6.2.bb | |||
@@ -3,6 +3,7 @@ require ncurses.inc | |||
3 | SRC_URI += "file://0001-tic-hang.patch \ | 3 | SRC_URI += "file://0001-tic-hang.patch \ |
4 | file://0002-configure-reproducible.patch \ | 4 | file://0002-configure-reproducible.patch \ |
5 | file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ | 5 | file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \ |
6 | file://CVE-2021-39537.patch \ | ||
6 | " | 7 | " |
7 | # commit id corresponds to the revision in package version | 8 | # commit id corresponds to the revision in package version |
8 | SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" | 9 | SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4" |