diff options
Diffstat (limited to 'meta/recipes-core/ncurses/files/CVE-2021-39537.patch')
| -rw-r--r-- | meta/recipes-core/ncurses/files/CVE-2021-39537.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch new file mode 100644 index 0000000000..7655200350 --- /dev/null +++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | $NetBSD: patch-ncurses_tinfo_captoinfo.c,v 1.1 2021/10/09 07:52:36 wiz Exp $ | ||
| 2 | |||
| 3 | Fix for CVE-2021-39537 from upstream: | ||
| 4 | https://github.com/ThomasDickey/ncurses-snapshots/commit/63ca9e061f4644795d6f3f559557f3e1ed8c738b#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340 | ||
| 5 | |||
| 6 | CVE: CVE-2021-39537 | ||
| 7 | Upstream-Status: Backport [http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup] | ||
| 8 | Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> | ||
| 9 | |||
| 10 | --- a/ncurses/tinfo/captoinfo.c 2020-02-02 23:34:34.000000000 +0000 | ||
| 11 | +++ b/ncurses/tinfo/captoinfo.c | ||
| 12 | @@ -216,12 +216,15 @@ cvtchar(register const char *sp) | ||
| 13 | } | ||
| 14 | break; | ||
| 15 | case '^': | ||
| 16 | + len = 2; | ||
| 17 | c = UChar(*++sp); | ||
| 18 | - if (c == '?') | ||
| 19 | + if (c == '?') { | ||
| 20 | c = 127; | ||
| 21 | - else | ||
| 22 | + } else if (c == '\0') { | ||
| 23 | + len = 1; | ||
| 24 | + } else { | ||
| 25 | c &= 0x1f; | ||
| 26 | - len = 2; | ||
| 27 | + } | ||
| 28 | break; | ||
| 29 | default: | ||
| 30 | c = UChar(*sp); | ||