aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2017-03-01 18:52:30 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2017-03-01 18:56:01 +0100
commit62ff75ac828e5f41d65a7b1b4785771a46f6107d (patch)
treef08db0af7ba88e4709f0af3b51fa0046491f1bb1
parent6a8ae35248067718f72e40545298011348efe8f3 (diff)
downloadaports-62ff75ac828e5f41d65a7b1b4785771a46f6107d.tar.gz
aports-62ff75ac828e5f41d65a7b1b4785771a46f6107d.tar.bz2
aports-62ff75ac828e5f41d65a7b1b4785771a46f6107d.tar.xz
main/screen: security upgrade to 4.5.1 (CVE-2017-5618)
fixes #6730
-rw-r--r--main/screen/APKBUILD12
-rw-r--r--main/screen/CVE-2015-6806.patch52
2 files changed, 8 insertions, 56 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD
index 8bb5ef53b7..0b998f1a0f 100644
--- a/main/screen/APKBUILD
+++ b/main/screen/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=screen
-pkgver=4.4.0
+pkgver=4.5.1
pkgrel=0
pkgdesc="A window manager that multiplexes a physical terminal"
url="http://ftp.gnu.org/gnu/screen/"
@@ -13,6 +13,10 @@ install=""
subpackages="$pkgname-doc"
source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+# secfixes:
+# 4.5.1:
+# - CVE-2017-5618
+
builddir="$srcdir"/$pkgname-$pkgver
build() {
cd "$builddir"
@@ -39,6 +43,6 @@ package() {
install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc || return 1
}
-md5sums="d26e11a3648c2b11aaefa215a55dfd39 screen-4.4.0.tar.gz"
-sha256sums="ef722a54759a3bf23aad272bbf33c414c1078cad6bcd982fada93c0d7917218b screen-4.4.0.tar.gz"
-sha512sums="6e43f85c419f778822ec85e4340c95769e981a3d51abdeb5f26c6ebb840da9ab11b351ecc7f380ceea39bcfaa87f1124cfebd6af4ecb62b886eb189e7b79981b screen-4.4.0.tar.gz"
+md5sums="a8c5da2f42f8a18fa4dada2419d1549b screen-4.5.1.tar.gz"
+sha256sums="97db2114dd963b016cd4ded34831955dcbe3251e5eee45ac2606e67e9f097b2d screen-4.5.1.tar.gz"
+sha512sums="ca53477ad38264be38efb1d10a1337b647dd061127162c77533b17a30d046cd0caabe38e4a9e5389aac30d5dc62eb53e7877411e69adae36d0ca869bd0a82804 screen-4.5.1.tar.gz"
diff --git a/main/screen/CVE-2015-6806.patch b/main/screen/CVE-2015-6806.patch
deleted file mode 100644
index 24a013b8eb..0000000000
--- a/main/screen/CVE-2015-6806.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-Origin: commit b7484c224738247b510ed0d268cd577076958f1b
-Author: Kuang-che Wu <kcwu@csie.org>
-Bug: https://savannah.gnu.org/bugs/?45713
-Bug-Debian: http://bugs.debian.org/797624
-Description: Fix stack overflow due to too deep recursion
- How to reproduce:
- Run this command inside screen
- $ printf '\x1b[10000000T'
- .
- screen will recursively call MScrollV to depth n/256.
- This is time consuming and will overflow stack if n is huge.
-
-diff --git a/ansi.c b/ansi.c
-index a342fb1..152d2ef 100644
---- a/ansi.c
-+++ b/ansi.c
-@@ -2502,13 +2502,13 @@ int n, ys, ye, bce;
- return;
- if (n > 0)
- {
-+ if (ye - ys + 1 < n)
-+ n = ye - ys + 1;
- if (n > 256)
- {
- MScrollV(p, n - 256, ys, ye, bce);
- n = 256;
- }
-- if (ye - ys + 1 < n)
-- n = ye - ys + 1;
- #ifdef COPY_PASTE
- if (compacthist)
- {
-@@ -2562,14 +2562,14 @@ int n, ys, ye, bce;
- }
- else
- {
-- if (n < -256)
-- {
-- MScrollV(p, n + 256, ys, ye, bce);
-- n = -256;
-- }
- n = -n;
- if (ye - ys + 1 < n)
- n = ye - ys + 1;
-+ if (n > 256)
-+ {
-+ MScrollV(p, - (n - 256), ys, ye, bce);
-+ n = 256;
-+ }
-
- ml = p->w_mlines + ye;
- /* Clear lines */