Thu Oct 18 19:42:50 2018 UTC ()
ncurses{,w}: Backport patch for CVE-2018-10754

Patch provided by Attila F端l旦p via NetBSD/pkgsrc#34, thanks!

Bump PKGREVISION


(leot)
diff -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile
diff -r1.34 -r1.35 pkgsrc/devel/ncurses/distinfo
diff -r0 -r1.3 pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
diff -r1.16 -r1.17 pkgsrc/devel/ncursesw/Makefile
cvs diff -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/ncurses/Makefile 2018/09/15 22:47:41 1.99
+++ pkgsrc/devel/ncurses/Makefile 2018/10/18 19:42:49 1.100
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.99 2018/09/15 22:47:41 wiz Exp $ 1# $NetBSD: Makefile,v 1.100 2018/10/18 19:42:49 leot Exp $
2 2
3.include "Makefile.common" 3.include "Makefile.common"
4PKGREVISION= 2 4PKGREVISION= 3
5COMMENT= CRT screen handling and optimization package 5COMMENT= CRT screen handling and optimization package
6 6
7INSTALLATION_DIRS+= share/examples 7INSTALLATION_DIRS+= share/examples
8 8
9PLIST_SRC= ${PKGDIR}/PLIST ${WRKDIR}/PLIST.terminfo 9PLIST_SRC= ${PKGDIR}/PLIST ${WRKDIR}/PLIST.terminfo
10 10
11post-configure: 11post-configure:
12 cd ${WRKSRC}/man; \ 12 cd ${WRKSRC}/man; \
13 for f in *.1m; do \ 13 for f in *.1m; do \
14 mv -f $${f} `${BASENAME} $${f} .1m`.1; \ 14 mv -f $${f} `${BASENAME} $${f} .1m`.1; \
15 done; \ 15 done; \
16 for f in *.3x; do \ 16 for f in *.3x; do \
17 mv -f $${f} `${BASENAME} $${f} .3x`.3; \ 17 mv -f $${f} `${BASENAME} $${f} .3x`.3; \
cvs diff -r1.34 -r1.35 pkgsrc/devel/ncurses/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/ncurses/distinfo 2018/04/02 16:26:03 1.34
+++ pkgsrc/devel/ncurses/distinfo 2018/10/18 19:42:49 1.35
@@ -1,14 +1,15 @@ @@ -1,14 +1,15 @@
1$NetBSD: distinfo,v 1.34 2018/04/02 16:26:03 spz Exp $ 1$NetBSD: distinfo,v 1.35 2018/10/18 19:42:49 leot Exp $
2 2
3SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc 3SHA1 (ncurses-6.1.tar.gz) = 57acf6bc24cacd651d82541929f726f4def780cc
4RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17 4RMD160 (ncurses-6.1.tar.gz) = 938235f3922f9c6ef0f1081d643ecb2da1347a17
5SHA512 (ncurses-6.1.tar.gz) = e308af43f8b7e01e98a55f4f6c4ee4d1c39ce09d95399fa555b3f0cdf5fd0db0f4c4d820b4af78a63f6cf6d8627587114a40af48cfc066134b600520808a77ee 5SHA512 (ncurses-6.1.tar.gz) = e308af43f8b7e01e98a55f4f6c4ee4d1c39ce09d95399fa555b3f0cdf5fd0db0f4c4d820b4af78a63f6cf6d8627587114a40af48cfc066134b600520808a77ee
6Size (ncurses-6.1.tar.gz) = 3365395 bytes 6Size (ncurses-6.1.tar.gz) = 3365395 bytes
7SHA1 (patch-aa) = 4523f87f39d2aa3eea07a0e55595eb9e50b74a6c 7SHA1 (patch-aa) = 4523f87f39d2aa3eea07a0e55595eb9e50b74a6c
8SHA1 (patch-ab) = f4573e7a161c2f59d9828d163abe2a5ba2e4d56f 8SHA1 (patch-ab) = f4573e7a161c2f59d9828d163abe2a5ba2e4d56f
9SHA1 (patch-ac) = 08e5fa8179c7f5c65c617a55c9693745b89b42de 9SHA1 (patch-ac) = 08e5fa8179c7f5c65c617a55c9693745b89b42de
10SHA1 (patch-aclocal.m4) = efb1a966687d2c35fc3e3e1d5345e80aaf2822f6 10SHA1 (patch-aclocal.m4) = efb1a966687d2c35fc3e3e1d5345e80aaf2822f6
11SHA1 (patch-c++_Makefile.in) = 68ff81c719ec4aa13beb962cb66d7cd6749d7af5 11SHA1 (patch-c++_Makefile.in) = 68ff81c719ec4aa13beb962cb66d7cd6749d7af5
12SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa 12SHA1 (patch-configure.in) = 48a705b3f4de3a65c0c1c3648f5a24c5310ed3fa
13SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca 13SHA1 (patch-misc_ncurses-config.in) = 43e4dc8abe85804513da1189aeffa5c7746ffcca
14SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527 14SHA1 (patch-ncurses_base_MKlib__gen.sh) = f8ce67fbd273529e4161a2820677d05a623fd527
 15SHA1 (patch-ncurses_tinfo_parse__entry.c) = 06d2b52e84595f8acd47ad36ded7b7d5bec95b8a
File Added: pkgsrc/devel/ncurses/patches/Attic/patch-ncurses_tinfo_parse__entry.c
$NetBSD: patch-ncurses_tinfo_parse__entry.c,v 1.3 2018/10/18 19:42:49 leot Exp $

 - Fixes CVE-2018-10754

--- ncurses/tinfo/parse_entry.c.orig	2018-10-09 21:41:29.020445746 +0000
+++ ncurses/tinfo/parse_entry.c
@@ -543,11 +543,12 @@ _nc_parse_entry(ENTRY * entryp, int lite
		 * Otherwise, look for a base entry that will already
		 * have picked up defaults via translation.
		 */
-		for (i = 0; i < entryp->nuses; i++)
-		    if (!strchr((char *) entryp->uses[i].name, '+'))
-			has_base_entry = TRUE;
+		for (i = 0; i < entryp->nuses; i++) {
+		  if (entryp->uses[i].name != 0
+		      && !strchr(entryp->uses[i].name, '+'))
+		    has_base_entry = TRUE;
+		}
	    }
-
	    postprocess_termcap(&entryp->tterm, has_base_entry);
	} else
	    postprocess_terminfo(&entryp->tterm);
cvs diff -r1.16 -r1.17 pkgsrc/devel/ncursesw/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/ncursesw/Makefile 2018/04/02 16:26:04 1.16
+++ pkgsrc/devel/ncursesw/Makefile 2018/10/18 19:42:49 1.17
@@ -1,19 +1,20 @@ @@ -1,19 +1,20 @@
1# $NetBSD: Makefile,v 1.16 2018/04/02 16:26:04 spz Exp $ 1# $NetBSD: Makefile,v 1.17 2018/10/18 19:42:49 leot Exp $
2 2
3.include "../../devel/ncurses/Makefile.common" 3.include "../../devel/ncurses/Makefile.common"
4 4
5PKGNAME= ${DISTNAME:S/ncurses/ncursesw/} 5PKGNAME= ${DISTNAME:S/ncurses/ncursesw/}
6COMMENT= Wide character CRT screen handling and optimization package 6COMMENT= Wide character CRT screen handling and optimization package
 7PKGREVISION= 1
7 8
8PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches 9PATCHDIR= ${.CURDIR}/../../devel/ncurses/patches
9DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo 10DISTINFO_FILE= ${.CURDIR}/../../devel/ncurses/distinfo
10 11
11CONFIGURE_ARGS+= --enable-widec 12CONFIGURE_ARGS+= --enable-widec
12CONFIGURE_ARGS+= --includedir=${PREFIX}/include/ncursesw 13CONFIGURE_ARGS+= --includedir=${PREFIX}/include/ncursesw
13 14
14INSTALLATION_DIRS+= include/ncursesw 15INSTALLATION_DIRS+= include/ncursesw
15INSTALLATION_DIRS+= bin 16INSTALLATION_DIRS+= bin
16INSTALLATION_DIRS+= lib 17INSTALLATION_DIRS+= lib
17 18
18BUILD_TARGET= libs 19BUILD_TARGET= libs
19 20