ncurses{,w}: Backport patch for CVE-2018-10754 Patch provided by Attila F端l旦p via NetBSD/pkgsrc#34, thanks! Bump PKGREVISIONdiff -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile
(leot)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.99 2018/09/15 22:47:41 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.100 2018/10/18 19:42:49 leot Exp $ | |
2 | 2 | |||
3 | .include "Makefile.common" | 3 | .include "Makefile.common" | |
4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
5 | COMMENT= CRT screen handling and optimization package | 5 | COMMENT= CRT screen handling and optimization package | |
6 | 6 | |||
7 | INSTALLATION_DIRS+= share/examples | 7 | INSTALLATION_DIRS+= share/examples | |
8 | 8 | |||
9 | PLIST_SRC= ${PKGDIR}/PLIST ${WRKDIR}/PLIST.terminfo | 9 | PLIST_SRC= ${PKGDIR}/PLIST ${WRKDIR}/PLIST.terminfo | |
10 | 10 | |||
11 | post-configure: | 11 | post-configure: | |
12 | cd ${WRKSRC}/man; \ | 12 | cd ${WRKSRC}/man; \ | |
13 | for f in *.1m; do \ | 13 | for f in *.1m; do \ | |
14 | mv -f $${f} `${BASENAME} $${f} .1m`.1; \ | 14 | mv -f $${f} `${BASENAME} $${f} .1m`.1; \ | |
15 | done; \ | 15 | done; \ | |
16 | for f in *.3x; do \ | 16 | for f in *.3x; do \ | |
17 | mv -f $${f} `${BASENAME} $${f} .3x`.3; \ | 17 | mv -f $${f} `${BASENAME} $${f} .3x`.3; \ |
@@ -1,14 +1,15 @@ | @@ -1,14 +1,15 @@ | |||
1 | $NetBSD: distinfo,v 1.34 2018/04/02 16:26:03 spz Exp $ | 1 | $NetBSD: distinfo,v 1.35 2018/10/18 19:42:49 leot Exp $ | |
2 | 2 | |||
3 | SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc | 3 | SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc | |
4 | RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17 | 4 | RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17 | |
5 | SHA512 (ncurses-6.1.tar.gz) = e308af43f8b7e01e98a55f4f6c4ee4d1c39ce09d95399fa555b3f0cdf5fd0db0f4c4d820b4af78a63f6cf6d8627587114a40af48cfc066134b600520808a77ee | 5 | SHA512 (ncurses-6.1.tar.gz) = e308af43f8b7e01e98a55f4f6c4ee4d1c39ce09d95399fa555b3f0cdf5fd0db0f4c4d820b4af78a63f6cf6d8627587114a40af48cfc066134b600520808a77ee | |
6 | Size (ncurses-6.1.tar.gz) = 3365395 bytes | 6 | Size (ncurses-6.1.tar.gz) = 3365395 bytes | |
7 | SHA1 (patch-aa) = 4523f87f39d2aa3eea07a0e55595eb9e50b74a6c | 7 | SHA1 (patch-aa) = 4523f87f39d2aa3eea07a0e55595eb9e50b74a6c | |
8 | SHA1 (patch-ab) = f4573e7a161c2f59d9828d163abe2a5ba2e4d56f | 8 | SHA1 (patch-ab) = f4573e7a161c2f59d9828d163abe2a5ba2e4d56f | |
9 | SHA1 (patch-ac) = 08e5fa8179c7f5c65c617a55c9693745b89b42de | 9 | SHA1 (patch-ac) = 08e5fa8179c7f5c65c617a55c9693745b89b42de | |
10 | SHA1 (patch-aclocal.m4) = efb1a966687d2c35fc3e3e1d5345e80aaf2822f6 | 10 | SHA1 (patch-aclocal.m4) = efb1a966687d2c35fc3e3e1d5345e80aaf2822f6 | |
11 | SHA1 (patch-c++_Makefile.in) = 68ff81c719ec4aa13beb962cb66d7cd6749d7af5 | 11 | SHA1 (patch-c++_Makefile.in) = 68ff81c719ec4aa13beb962cb66d7cd6749d7af5 | |
12 | SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa | 12 | SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa | |
13 | SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca | 13 | SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca | |
14 | SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527 | 14 | SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527 | |
15 | SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a |
$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.3 2018/10/18 19:42:49 leot Exp $
- Fixes CVE-2018-10754
--- ncurses/tinfo/parse_entry.c.orig 2018-10-09 21:41:29.020445746 +0000
+++ ncurses/tinfo/parse_entry.c
@@ -543,11 +543,12 @@ _nc_parse_entry(ENTRY * entryp, int lite
* Otherwise, look for a base entry that will already
* have picked up defaults via translation.
*/
- for (i = 0; i < entryp->nuses; i++)
- if (!strchr((char *) entryp->uses[i].name, '+'))
- has_base_entry = TRUE;
+ for (i = 0; i < entryp->nuses; i++) {
+ if (entryp->uses[i].name != 0
+ && !strchr(entryp->uses[i].name, '+'))
+ has_base_entry = TRUE;
+ }
}
-
postprocess_termcap(&entryp->tterm, has_base_entry);
} else
postprocess_terminfo(&entryp->tterm);
@@ -1,19 +1,20 @@ | @@ -1,19 +1,20 @@ | |||
1 | # $NetBSD: Makefile,v 1.16 2018/04/02 16:26:04 spz Exp $ | 1 | # $NetBSD: Makefile,v 1.17 2018/10/18 19:42:49 leot Exp $ | |
2 | 2 | |||
3 | .include "../../devel/ncurses/Makefile.common" | 3 | .include "../../devel/ncurses/Makefile.common" | |
4 | 4 | |||
5 | PKGNAME= ${DISTNAME:S/ncurses/ncursesw/} | 5 | PKGNAME= ${DISTNAME:S/ncurses/ncursesw/} | |
6 | COMMENT= Wide character CRT screen handling and optimization package | 6 | COMMENT= Wide character CRT screen handling and optimization package | |
7 | PKGREVISION= 1 | |||
7 | 8 | |||
8 | PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches | 9 | PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches | |
9 | DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo | 10 | DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo | |
10 | 11 | |||
11 | CONFIGURE_ARGS+= --enable-widec | 12 | CONFIGURE_ARGS+= --enable-widec | |
12 | CONFIGURE_ARGS+= --includedir=${PREFIX}/include/ncursesw | 13 | CONFIGURE_ARGS+= --includedir=${PREFIX}/include/ncursesw | |
13 | 14 | |||
14 | INSTALLATION_DIRS+= include/ncursesw | 15 | INSTALLATION_DIRS+= include/ncursesw | |
15 | INSTALLATION_DIRS+= bin | 16 | INSTALLATION_DIRS+= bin | |
16 | INSTALLATION_DIRS+= lib | 17 | INSTALLATION_DIRS+= lib | |
17 | 18 | |||
18 | BUILD_TARGET= libs | 19 | BUILD_TARGET= libs | |
19 | 20 |