diff options
| -rw-r--r-- | main/screen/APKBUILD | 12 | ||||
| -rw-r--r-- | main/screen/CVE-2015-6806.patch | 52 |
2 files changed, 8 insertions, 56 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD index 8bb5ef53b72..0b998f1a0ff 100644 --- a/main/screen/APKBUILD +++ b/main/screen/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=screen -pkgver=4.4.0 +pkgver=4.5.1 pkgrel=0 pkgdesc="A window manager that multiplexes a physical terminal" url="http://ftp.gnu.org/gnu/screen/" @@ -13,6 +13,10 @@ install="" subpackages="$pkgname-doc" source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" +# secfixes: +# 4.5.1: +# - CVE-2017-5618 + builddir="$srcdir"/$pkgname-$pkgver build() { cd "$builddir" @@ -39,6 +43,6 @@ package() { install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc || return 1 } -md5sums="d26e11a3648c2b11aaefa215a55dfd39 screen-4.4.0.tar.gz" -sha256sums="ef722a54759a3bf23aad272bbf33c414c1078cad6bcd982fada93c0d7917218b screen-4.4.0.tar.gz" -sha512sums="6e43f85c419f778822ec85e4340c95769e981a3d51abdeb5f26c6ebb840da9ab11b351ecc7f380ceea39bcfaa87f1124cfebd6af4ecb62b886eb189e7b79981b screen-4.4.0.tar.gz" +md5sums="a8c5da2f42f8a18fa4dada2419d1549b screen-4.5.1.tar.gz" +sha256sums="97db2114dd963b016cd4ded34831955dcbe3251e5eee45ac2606e67e9f097b2d screen-4.5.1.tar.gz" +sha512sums="ca53477ad38264be38efb1d10a1337b647dd061127162c77533b17a30d046cd0caabe38e4a9e5389aac30d5dc62eb53e7877411e69adae36d0ca869bd0a82804 screen-4.5.1.tar.gz" diff --git a/main/screen/CVE-2015-6806.patch b/main/screen/CVE-2015-6806.patch deleted file mode 100644 index 24a013b8eb3..00000000000 --- a/main/screen/CVE-2015-6806.patch +++ /dev/null @@ -1,52 +0,0 @@ -Origin: commit b7484c224738247b510ed0d268cd577076958f1b -Author: Kuang-che Wu <kcwu@csie.org> -Bug: https://savannah.gnu.org/bugs/?45713 -Bug-Debian: http://bugs.debian.org/797624 -Description: Fix stack overflow due to too deep recursion - How to reproduce: - Run this command inside screen - $ printf '\x1b[10000000T' - . - screen will recursively call MScrollV to depth n/256. - This is time consuming and will overflow stack if n is huge. - -diff --git a/ansi.c b/ansi.c -index a342fb1..152d2ef 100644 ---- a/ansi.c -+++ b/ansi.c -@@ -2502,13 +2502,13 @@ int n, ys, ye, bce; - return; - if (n > 0) - { -+ if (ye - ys + 1 < n) -+ n = ye - ys + 1; - if (n > 256) - { - MScrollV(p, n - 256, ys, ye, bce); - n = 256; - } -- if (ye - ys + 1 < n) -- n = ye - ys + 1; - #ifdef COPY_PASTE - if (compacthist) - { -@@ -2562,14 +2562,14 @@ int n, ys, ye, bce; - } - else - { -- if (n < -256) -- { -- MScrollV(p, n + 256, ys, ye, bce); -- n = -256; -- } - n = -n; - if (ye - ys + 1 < n) - n = ye - ys + 1; -+ if (n > 256) -+ { -+ MScrollV(p, - (n - 256), ys, ye, bce); -+ n = 256; -+ } - - ml = p->w_mlines + ye; - /* Clear lines */ |