ncurses: fix CVE-2021-39537

Backport patch [1] to fix CVE-2021-39537 [2]. [1] https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443 [2] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup (From OE-Core rev: 8fceb122a1c0240106342738de7d2484b48d9a6a) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Mingli Yu <mingli.yu@windriver.com> 2021-10-19 16:25:39 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-10-29 11:17:20 +0100
commit: a85f3639c48ffee7c93f7e5ced5127f51c59d3ca (patch)
tree: 4716a09642a8eb29becc999bd18da4be7944aab5 /meta/recipes-core
parent: f302dd1994e2a93c93b67dd88550383f35a4317e (diff)
download: poky-a85f3639c48ffee7c93f7e5ced5127f51c59d3ca.tar.gz
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000000..d63bf57e8d
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+20200531
+        + correct configure version-check/warnng for g++ to allow for 10.x
+        + re-enable "bel" in konsole-base (report by Nia Huang)
+        + add linux-s entry (patch by Alexandre Montaron).
+        + drop long-obsolete convert_configure.pl
+        + add test/test_parm.c, for checking tparm changes.
+        + improve parameter-checking for tparm, adding function _nc_tiparm() to
+          handle the most-used case, which accepts only numeric parameters
+          (report/testcase by "puppet-meteor").
+        + use a more conservative estimate of the buffer-size in lib_tparm.c's
+          save_text() and save_number(), in case the sprintf() function
+          passes-through unexpected characters from a format specifier
+          (report/testcase by "puppet-meteor").
+        + add a check for end-of-string in cvtchar to handle a malformed
+          string in infotocap (report/testcase by "puppet-meteor").
+CVE: CVE-2021-39537
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c        |   11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
+++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
+MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+ 
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+        }
+        break;
+     case '^':
+       len = 2;
+        c = UChar(*++sp);
+-       if (c == '?')
+       if (c == '?') {
+            c = 127;
+-       else
+       } else if (c == '\0') {
+           len = 1;
+       } else {
+            c &= 0x1f;
+-       len = 2;
+       }
+        break;
+     default:
+        c = UChar(*sp);
+-- 
+2.17.1
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a20..598c51b00b 100644
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
           file://0002-configure-reproducible.patch \
           file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+           file://CVE-2021-39537.patch \
           "
 # commit id corresponds to the revision in package version
 SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"
author	Mingli Yu <mingli.yu@windriver.com>	2021-10-19 16:25:39 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-29 11:17:20 +0100
commit	a85f3639c48ffee7c93f7e5ced5127f51c59d3ca (patch)
tree	4716a09642a8eb29becc999bd18da4be7944aab5 /meta/recipes-core
parent	f302dd1994e2a93c93b67dd88550383f35a4317e (diff)
download	poky-a85f3639c48ffee7c93f7e5ced5127f51c59d3ca.tar.gz

diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch new file mode 100644 index 0000000000..d63bf57e8d --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
		1	From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
		2	From: Sven Joachim <svenjoac@gmx.de>
		3	Date: Mon, 1 Jun 2020 08:03:52 +0200
		4	Subject: [PATCH] Import upstream patch 20200531
		5
		6	20200531
		7	+ correct configure version-check/warnng for g++ to allow for 10.x
		8	+ re-enable "bel" in konsole-base (report by Nia Huang)
		9	+ add linux-s entry (patch by Alexandre Montaron).
		10	+ drop long-obsolete convert_configure.pl
		11	+ add test/test_parm.c, for checking tparm changes.
		12	+ improve parameter-checking for tparm, adding function _nc_tiparm() to
		13	handle the most-used case, which accepts only numeric parameters
		14	(report/testcase by "puppet-meteor").
		15	+ use a more conservative estimate of the buffer-size in lib_tparm.c's
		16	save_text() and save_number(), in case the sprintf() function
		17	passes-through unexpected characters from a format specifier
		18	(report/testcase by "puppet-meteor").
		19	+ add a check for end-of-string in cvtchar to handle a malformed
		20	string in infotocap (report/testcase by "puppet-meteor").
		21
		22	CVE: CVE-2021-39537
		23
		24	Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
		25
		26	Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
		27	---
		28	ncurses/tinfo/captoinfo.c \| 11 +-
		29	1 file changed, 6 insertions(+), 2 deletions(-)
		30
		31	diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
		32	index 8b3b83d1..9362105a 100644
		33	--- a/ncurses/tinfo/captoinfo.c
		34	+++ b/ncurses/tinfo/captoinfo.c
		35	@@ -98,7 +98,7 @@
		36	#include <ctype.h>
		37	#include <tic.h>
		38
		39	-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
		40	+MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
		41
		42	#if 0
		43	#define DEBUG_THIS(p) DEBUG(9, p)
		44	@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
		45	}
		46	break;
		47	case '^':
		48	+ len = 2;
		49	c = UChar(*++sp);
		50	- if (c == '?')
		51	+ if (c == '?') {
		52	c = 127;
		53	- else
		54	+ } else if (c == '\0') {
		55	+ len = 1;
		56	+ } else {
		57	c &= 0x1f;
		58	- len = 2;
		59	+ }
		60	break;
		61	default:
		62	c = UChar(*sp);
		63	--
		64	2.17.1
		65


diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb index e7d7396a20..598c51b00b 100644 --- a/meta/recipes-core/ncurses/ncurses_6.2.bb +++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
3	SRC_URI += "file://0001-tic-hang.patch \	3	SRC_URI += "file://0001-tic-hang.patch \
4	file://0002-configure-reproducible.patch \	4	file://0002-configure-reproducible.patch \
5	file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \	5	file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
		6	file://CVE-2021-39537.patch \
6	"	7	"
7	# commit id corresponds to the revision in package version	8	# commit id corresponds to the revision in package version
8	SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"	9	SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"