Received: by mail.netbsd.org (Postfix, from userid 605) id 344B084DB1; Thu, 18 Oct 2018 19:42:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 3FFCC84D71 for ; Thu, 18 Oct 2018 19:42:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id KpoyIrCa56GN for ; Thu, 18 Oct 2018 19:42:50 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 61F3A84D2A for ; Thu, 18 Oct 2018 19:42:50 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 282AAFBEE; Thu, 18 Oct 2018 19:42:50 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_153989177063250" MIME-Version: 1.0 Date: Thu, 18 Oct 2018 19:42:50 +0000 From: "Leonardo Taccari" Subject: CVS commit: pkgsrc/devel To: pkgsrc-changes@NetBSD.org Reply-To: leot@netbsd.org X-Mailer: log_accum Message-Id: <20181018194250.282AAFBEE@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_153989177063250 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Module Name: pkgsrc Committed By: leot Date: Thu Oct 18 19:42:50 UTC 2018 Modified Files: pkgsrc/devel/ncurses: Makefile distinfo pkgsrc/devel/ncursesw: Makefile Added Files: pkgsrc/devel/ncurses/patches: patch-ncurses_tinfo_parse__entry.c Log Message: ncurses{,w}: Backport patch for CVE-2018-10754 Patch provided by Attila Fülöp via NetBSD/pkgsrc#34, thanks! Bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile cvs rdiff -u -r1.34 -r1.35 pkgsrc/devel/ncurses/distinfo cvs rdiff -u -r0 -r1.3 \ pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ncursesw/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_153989177063250 Content-Disposition: inline Content-Length: 3229 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/devel/ncurses/Makefile diff -u pkgsrc/devel/ncurses/Makefile:1.99 pkgsrc/devel/ncurses/Makefile:1.100 --- pkgsrc/devel/ncurses/Makefile:1.99 Sat Sep 15 22:47:41 2018 +++ pkgsrc/devel/ncurses/Makefile Thu Oct 18 19:42:49 2018 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.99 2018/09/15 22:47:41 wiz Exp $ +# $NetBSD: Makefile,v 1.100 2018/10/18 19:42:49 leot Exp $ .include "Makefile.common" -PKGREVISION= 2 +PKGREVISION= 3 COMMENT= CRT screen handling and optimization package INSTALLATION_DIRS+= share/examples Index: pkgsrc/devel/ncurses/distinfo diff -u pkgsrc/devel/ncurses/distinfo:1.34 pkgsrc/devel/ncurses/distinfo:1.35 --- pkgsrc/devel/ncurses/distinfo:1.34 Mon Apr 2 16:26:03 2018 +++ pkgsrc/devel/ncurses/distinfo Thu Oct 18 19:42:49 2018 @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.34 2018/04/02 16:26:03 spz Exp $ +$NetBSD: distinfo,v 1.35 2018/10/18 19:42:49 leot Exp $ SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17 @@ -12,3 +12,4 @@ SHA1 (patch-c++_Makefile.in) = 68ff81c71 SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527 +SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a Index: pkgsrc/devel/ncursesw/Makefile diff -u pkgsrc/devel/ncursesw/Makefile:1.16 pkgsrc/devel/ncursesw/Makefile:1.17 --- pkgsrc/devel/ncursesw/Makefile:1.16 Mon Apr 2 16:26:04 2018 +++ pkgsrc/devel/ncursesw/Makefile Thu Oct 18 19:42:49 2018 @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.16 2018/04/02 16:26:04 spz Exp $ +# $NetBSD: Makefile,v 1.17 2018/10/18 19:42:49 leot Exp $ .include "../../devel/ncurses/Makefile.common" PKGNAME= ${DISTNAME:S/ncurses/ncursesw/} COMMENT= Wide character CRT screen handling and optimization package +PKGREVISION= 1 PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo Added files: Index: pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c diff -u /dev/null pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c:1.3 --- /dev/null Thu Oct 18 19:42:50 2018 +++ pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c Thu Oct 18 19:42:49 2018 @@ -0,0 +1,23 @@ +$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.3 2018/10/18 19:42:49 leot Exp $ + + - Fixes CVE-2018-10754 + +--- ncurses/tinfo/parse_entry.c.orig 2018-10-09 21:41:29.020445746 +0000 ++++ ncurses/tinfo/parse_entry.c +@@ -543,11 +543,12 @@ _nc_parse_entry(ENTRY * entryp, int lite + * Otherwise, look for a base entry that will already + * have picked up defaults via translation. + */ +- for (i = 0; i < entryp->nuses; i++) +- if (!strchr((char *) entryp->uses[i].name, '+')) +- has_base_entry = TRUE; ++ for (i = 0; i < entryp->nuses; i++) { ++ if (entryp->uses[i].name != 0 ++ && !strchr(entryp->uses[i].name, '+')) ++ has_base_entry = TRUE; ++ } + } +- + postprocess_termcap(&entryp->tterm, has_base_entry); + } else + postprocess_terminfo(&entryp->tterm); --_----------=_153989177063250--