diff options
| author | psykose <alice@ayaya.dev> | 2022-07-16 00:27:58 +0000 |
|---|---|---|
| committer | psykose <alice@ayaya.dev> | 2022-07-16 02:27:58 +0200 |
| commit | f3d3e2a3aae649a21fe45f2471e6509e14e3a54a (patch) | |
| tree | 5dcc5fe297ac67a99bb46ff14a24a56f3ff9f63c | |
| parent | af6f1ed7ff47689806e98e09f24899bb29fe2948 (diff) | |
main/ncurses: fix CVE-2022-29458
ncurses does not keep old tarballs.. the github mirror ones are
file-identical (only file access time differs, actual file contents are
bit identical)
| -rw-r--r-- | main/ncurses/APKBUILD | 14 | ||||
| -rw-r--r-- | main/ncurses/CVE-2022-29458.patch | 33 |
2 files changed, 43 insertions, 4 deletions
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD index b699ef7cb41..7bb1a5691e0 100644 --- a/main/ncurses/APKBUILD +++ b/main/ncurses/APKBUILD @@ -2,7 +2,8 @@ pkgname=ncurses pkgver=6.3_p20211120 _ver=${pkgver/_p/-} -pkgrel=0 +_mirror_commit=461e72d1826483cb2c2cb243412f2dc5b00b2b1a +pkgrel=1 pkgdesc="Console display library" url="https://invisible-island.net/ncurses/" arch="all" @@ -11,10 +12,14 @@ license="MIT" makedepends_build="ncurses" subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs $pkgname-terminfo-base:base:noarch $pkgname-terminfo:terminfo:noarch" -source="https://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz" -builddir="$srcdir"/ncurses-$_ver +source="$pkgname-$pkgver.tar.gz::https://github.com/mirror/ncurses/archive/$_mirror_commit.tar.gz + CVE-2022-29458.patch + " +builddir="$srcdir"/ncurses-$_mirror_commit # secfixes: +# 6.2_p20211120-r1: +# - CVE-2022-29458 # 6.2_p20200530-r0: # - CVE-2021-39537 # 6.1_p20180414-r0: @@ -114,5 +119,6 @@ static() { } sha512sums=" -35c8338b2196f49eb7de2c3193213e7ce2aaf6535547438f8b1774708ac66ac089128a7f732c61080a48d39f228dabbbe475814ecbe5b635595387e214f439cc ncurses-6.3-20211120.tgz +0592d85520ecee36b148db40baff4060742c81ca77bbd79af6ce892dbff1a6a7fa6308ea1d55dc3356b06978e34b646c94f3b0bd60e36c17c522b8ca90b282d2 ncurses-6.3_p20211120.tar.gz +b7904866af8afc7a163151a803ca506981d87f58ce9a720a28c27aa6fa1ac1cf43dad8916a8265779ff2253d2dbacb2793733cadf44dbe10f6cf894944042708 CVE-2022-29458.patch " diff --git a/main/ncurses/CVE-2022-29458.patch b/main/ncurses/CVE-2022-29458.patch new file mode 100644 index 00000000000..9481a99a310 --- /dev/null +++ b/main/ncurses/CVE-2022-29458.patch @@ -0,0 +1,33 @@ +--- a/ncurses/tinfo/read_entry.c ++++ b/ncurses/tinfo/read_entry.c +@@ -145,6 +145,7 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) + { + int i; + char *p; ++ bool corrupt = FALSE; + + for (i = 0; i < count; i++) { + if (IS_NEG1(buf + 2 * i)) { +@@ -154,8 +155,20 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) + } else if (MyNumber(buf + 2 * i) > size) { + Strings[i] = ABSENT_STRING; + } else { +- Strings[i] = (MyNumber(buf + 2 * i) + table); +- TR(TRACE_DATABASE, ("Strings[%d] = %s", i, _nc_visbuf(Strings[i]))); ++ int nn = MyNumber(buf + 2 * i); ++ if (nn >= 0 && nn < size) { ++ Strings[i] = (nn + table); ++ TR(TRACE_DATABASE, ("Strings[%d] = %s", i, ++ _nc_visbuf(Strings[i]))); ++ } else { ++ if (!corrupt) { ++ corrupt = TRUE; ++ TR(TRACE_DATABASE, ++ ("ignore out-of-range index %d to Strings[]", nn)); ++ _nc_warning("corrupt data found in convert_strings"); ++ } ++ Strings[i] = ABSENT_STRING; ++ } + } + + /* make sure all strings are NUL terminated */ |