aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Daudt <kdaudt@alpinelinux.org>2021-02-13 21:02:10 +0000
committerLeo <thinkabit.ukim@gmail.com>2021-02-14 15:28:17 -0300
commit51f550109d5ae745ff7efcc87405bc7e08097ead (patch)
tree12a5b5a0b6230d2261bab68988ad14a3e55bee8e
parent4cb95b138acbf891f431fa29776c51e007e7dc9c (diff)
downloadaports-51f550109d5ae745ff7efcc87405bc7e08097ead.tar.gz
aports-51f550109d5ae745ff7efcc87405bc7e08097ead.tar.bz2
aports-51f550109d5ae745ff7efcc87405bc7e08097ead.tar.xz
main/screen: use better patch for CVE-2021-26937
The patch from Debian will result in screen stop propertly processing combining characters after all slots have been exhausted.
-rw-r--r--main/screen/APKBUILD4
-rw-r--r--main/screen/CVE-2021-26937.patch96
2 files changed, 55 insertions, 45 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD
index 48c48c2ded..c7b87bec62 100644
--- a/main/screen/APKBUILD
+++ b/main/screen/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=screen
pkgver=4.8.0
-pkgrel=4
+pkgrel=5
pkgdesc="Window manager that multiplexes a physical terminal"
url="https://www.gnu.org/software/screen/"
arch="all"
@@ -50,4 +50,4 @@ package() {
sha512sums="770ebaf6ee9be711bcb8a6104b3294f2bf4523dae6683fdc5eac4b3aff7e511be2d922b6b2ad28ec241113c2e4fe0d80f9a482ae1658adc19c8c3a3680caa25c screen-4.8.0.tar.gz
82aca3e16c8cd7a3029d3b589ff2dd3471708d6287979ebb5cfdaedbd1f3012c0cd660b131e0cbe142b99786e49ef8b24c63159523d870e95ccf71ec94b82634 utmpx.patch
-1c9fec7b971d1674c8be9b0b540d33bb977d63b1bffe3d38fb0d23a75dd5137eac482b9388f4a0affe15717a7814c3913f0c2290876e50ac20bc5cff82c0606d CVE-2021-26937.patch"
+21f296fa558ef5cdde378fcd8d47cf780f99702c3f798387f611260f29700397591f1757d1d3197a12650a4042af74176753e69bc19997c2bbfbb02b413a50a5 CVE-2021-26937.patch"
diff --git a/main/screen/CVE-2021-26937.patch b/main/screen/CVE-2021-26937.patch
index f1bb41b266..bfd188a95b 100644
--- a/main/screen/CVE-2021-26937.patch
+++ b/main/screen/CVE-2021-26937.patch
@@ -1,49 +1,59 @@
-Description: [CVE-2021-26937] Fix out of bounds array access
-Author: Axel Beckert <abe@debian.org>
-Bug-Debian: https://bugs.debian.org/982435
-Bug: https://savannah.gnu.org/bugs/?60030
-Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
-Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3
-Forwarded: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00004.html
-
+Source: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html
+diff --git a/encoding.c b/encoding.c
+index e5db3e7..79f5d14 100644
--- a/encoding.c
+++ b/encoding.c
-@@ -1408,21 +1408,23 @@
- }
- /* FIXME: delete old char from all buffers */
- }
-- else if (!combchars[i])
-- {
-- combchars[i] = (struct combchar *)malloc(sizeof(struct combchar));
-- if (!combchars[i])
-- return;
-- combchars[i]->prev = i;
-- combchars[i]->next = i;
-- }
-- combchars[i]->c1 = c1;
-- combchars[i]->c2 = c;
-- mc->image = i & 0xff;
-- mc->font = (i >> 8) + 0xd8;
-- mc->fontx = 0;
-- debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+@@ -43,7 +43,7 @@ static int encmatch __P((char *, char *));
+ # ifdef UTF8
+ static int recode_char __P((int, int, int));
+ static int recode_char_to_encoding __P((int, int));
+-static void comb_tofront __P((int, int));
++static void comb_tofront __P((int));
+ # ifdef DW_CHARS
+ static int recode_char_dw __P((int, int *, int, int));
+ static int recode_char_dw_to_encoding __P((int, int *, int));
+@@ -1263,6 +1263,8 @@ int c;
+ {0x30000, 0x3FFFD},
+ };
+
++ if (c >= 0xdf00 && c <= 0xdfff)
++ return 1; /* dw combining sequence */
+ return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
+ (cjkwidth &&
+ bisearch(c, ambiguous,
+@@ -1330,11 +1332,12 @@ int c;
+ }
+
+ static void
+-comb_tofront(root, i)
+-int root, i;
++comb_tofront(i)
++int i;
+ {
+ for (;;)
+ {
++ int root = i >= 0x700 ? 0x801 : 0x800;
+ debug1("bring to front: %x\n", i);
+ combchars[combchars[i]->prev]->next = combchars[i]->next;
+ combchars[combchars[i]->next]->prev = combchars[i]->prev;
+@@ -1396,9 +1399,9 @@ struct mchar *mc;
+ {
+ /* full, recycle old entry */
+ if (c1 >= 0xd800 && c1 < 0xe000)
+- comb_tofront(root, c1 - 0xd800);
++ comb_tofront(c1 - 0xd800);
+ i = combchars[root]->prev;
+- if (c1 == i + 0xd800)
++ if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
+ {
+ /* completely full, can't recycle */
+ debug("utf8_handle_comp: completely full!\n");
+@@ -1422,7 +1425,7 @@ struct mchar *mc;
+ mc->font = (i >> 8) + 0xd8;
+ mc->fontx = 0;
+ debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
- comb_tofront(root, i);
-+ else if (i < sizeof combchars / sizeof *combchars) {
-+ if (!combchars[i])
-+ {
-+ combchars[i] = (struct combchar *)malloc(sizeof(struct combchar));
-+ if (!combchars[i])
-+ return;
-+ combchars[i]->prev = i;
-+ combchars[i]->next = i;
-+ }
-+ combchars[i]->c1 = c1;
-+ combchars[i]->c2 = c;
-+ mc->image = i & 0xff;
-+ mc->font = (i >> 8) + 0xd8;
-+ mc->fontx = 0;
-+ debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
-+ comb_tofront(root, i);
-+ }
++ comb_tofront(i);
}
#else /* !UTF8 */