ncurses: fix CVE-2021-39537

Backport patch [1] to fix CVE-2021-39537 [2].

[1] https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
[2] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 8fceb122a1c0240106342738de7d2484b48d9a6a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644 (file)
index 0000000..d63bf57
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+       + correct configure version-check/warnng for g++ to allow for 10.x
+       + re-enable "bel" in konsole-base (report by Nia Huang)
+       + add linux-s entry (patch by Alexandre Montaron).
+       + drop long-obsolete convert_configure.pl
+       + add test/test_parm.c, for checking tparm changes.
+       + improve parameter-checking for tparm, adding function _nc_tiparm() to
+         handle the most-used case, which accepts only numeric parameters
+         (report/testcase by "puppet-meteor").
+       + use a more conservative estimate of the buffer-size in lib_tparm.c's
+         save_text() and save_number(), in case the sprintf() function
+         passes-through unexpected characters from a format specifier
+         (report/testcase by "puppet-meteor").
+       + add a check for end-of-string in cvtchar to handle a malformed
+         string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c        |   11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+ 
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+       }
+       break;
+     case '^':
++      len = 2;
+       c = UChar(*++sp);
+-      if (c == '?')
++      if (c == '?') {
+           c = 127;
+-      else
++      } else if (c == '\0') {
++          len = 1;
++      } else {
+           c &= 0x1f;
+-      len = 2;
++      }
+       break;
+     default:
+       c = UChar(*sp);
+-- 
+2.17.1
+

diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a2057d2ae0937ab6dc32797115463c22a..598c51b00b7573e8f28a752fb9d45f1925c5903a 100644 (file)
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
            file://0002-configure-reproducible.patch \
            file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+           file://CVE-2021-39537.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"