diff options
author | Leo <thinkabit.ukim@gmail.com> | 2021-02-11 10:48:32 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2021-02-11 14:14:41 +0000 |
commit | 86a7c4a62fe8a597a9b606af75e6b5ca523744dc (patch) | |
tree | cf6545010de9318a89e42f47721aeef44e227173 /main | |
parent | c5866d69a5c18ca67a39af954af209589ed32a27 (diff) |
main/screen: fix CVE-2021-26937
See: #12424
Diffstat (limited to 'main')
-rw-r--r-- | main/screen/APKBUILD | 11 | ||||
-rw-r--r-- | main/screen/CVE-2021-26937.patch | 49 |
2 files changed, 57 insertions, 3 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD index 5415eb2808e..48c48c2ded5 100644 --- a/main/screen/APKBUILD +++ b/main/screen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=screen pkgver=4.8.0 -pkgrel=3 +pkgrel=4 pkgdesc="Window manager that multiplexes a physical terminal" url="https://www.gnu.org/software/screen/" arch="all" @@ -11,9 +11,13 @@ options="!check" # No test suite. makedepends="utmps-dev ncurses-dev libutempter-dev ncurses" subpackages="$pkgname-doc" source="https://ftp.gnu.org/gnu/screen/screen-$pkgver.tar.gz - utmpx.patch" + utmpx.patch + CVE-2021-26937.patch + " # secfixes: +# 4.8.0-r4: +# - CVE-2021-26937 # 4.8.0-r0: # - CVE-2020-9366 @@ -45,4 +49,5 @@ package() { } sha512sums="770ebaf6ee9be711bcb8a6104b3294f2bf4523dae6683fdc5eac4b3aff7e511be2d922b6b2ad28ec241113c2e4fe0d80f9a482ae1658adc19c8c3a3680caa25c screen-4.8.0.tar.gz -82aca3e16c8cd7a3029d3b589ff2dd3471708d6287979ebb5cfdaedbd1f3012c0cd660b131e0cbe142b99786e49ef8b24c63159523d870e95ccf71ec94b82634 utmpx.patch" +82aca3e16c8cd7a3029d3b589ff2dd3471708d6287979ebb5cfdaedbd1f3012c0cd660b131e0cbe142b99786e49ef8b24c63159523d870e95ccf71ec94b82634 utmpx.patch +1c9fec7b971d1674c8be9b0b540d33bb977d63b1bffe3d38fb0d23a75dd5137eac482b9388f4a0affe15717a7814c3913f0c2290876e50ac20bc5cff82c0606d CVE-2021-26937.patch" diff --git a/main/screen/CVE-2021-26937.patch b/main/screen/CVE-2021-26937.patch new file mode 100644 index 00000000000..f1bb41b266e --- /dev/null +++ b/main/screen/CVE-2021-26937.patch @@ -0,0 +1,49 @@ +Description: [CVE-2021-26937] Fix out of bounds array access +Author: Axel Beckert <abe@debian.org> +Bug-Debian: https://bugs.debian.org/982435 +Bug: https://savannah.gnu.org/bugs/?60030 +Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html +Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3 +Forwarded: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00004.html + +--- a/encoding.c ++++ b/encoding.c +@@ -1408,21 +1408,23 @@ + } + /* FIXME: delete old char from all buffers */ + } +- else if (!combchars[i]) +- { +- combchars[i] = (struct combchar *)malloc(sizeof(struct combchar)); +- if (!combchars[i]) +- return; +- combchars[i]->prev = i; +- combchars[i]->next = i; +- } +- combchars[i]->c1 = c1; +- combchars[i]->c2 = c; +- mc->image = i & 0xff; +- mc->font = (i >> 8) + 0xd8; +- mc->fontx = 0; +- debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); +- comb_tofront(root, i); ++ else if (i < sizeof combchars / sizeof *combchars) { ++ if (!combchars[i]) ++ { ++ combchars[i] = (struct combchar *)malloc(sizeof(struct combchar)); ++ if (!combchars[i]) ++ return; ++ combchars[i]->prev = i; ++ combchars[i]->next = i; ++ } ++ combchars[i]->c1 = c1; ++ combchars[i]->c2 = c; ++ mc->image = i & 0xff; ++ mc->font = (i >> 8) + 0xd8; ++ mc->fontx = 0; ++ debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); ++ comb_tofront(root, i); ++ } + } + + #else /* !UTF8 */ |