[honister,01/17] ncurses: fix CVE-2021-39537

Message ID	c6422335f653c44efc651e8785821282d3d4f789.1639444641.git.anuj.mittal@intel.com
State	Accepted, archived
Commit	c6422335f653c44efc651e8785821282d3d4f789
Headers	show Return-Path: <anuj.mittal@intel.com> ip: 134.134.136.24, mailfrom: anuj.mittal@intel.com) From: Anuj Mittal <anuj.mittal@intel.com> To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 01/17] ncurses: fix CVE-2021-39537 Date: Tue, 14 Dec 2021 09:20:36 +0800 Message-Id: <c6422335f653c44efc651e8785821282d3d4f789.1639444641.git.anuj.mittal@intel.com> In-Reply-To: <cover.1639444641.git.anuj.mittal@intel.com> References: <cover.1639444641.git.anuj.mittal@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[honister,01/17] ncurses: fix CVE-2021-39537 \| expand [honister,01/17] ncurses: fix CVE-2021-39537 [honister,02/17] openssh: fix CVE-2021-41617 [honister,03/17] bind: fix CVE-2021-25219 [honister,04/17] python3: upgrade 3.9.7 -> 3.9.9 [honister,05/17] linux-yocto/5.14: update to v5.14.21 [honister,06/17] linux-yocto/5.10: update to v5.10.82 [honister,07/17] linux-yocto-rt/5.10: update to -rt56 [honister,08/17] gcc: Add CVE-2021-37322 to the list of CVEs to ignore [honister,09/17] kern-tools: bug fixes and kgit-gconfig [honister,10/17] recipetool: Set master branch only as fallback [honister,11/17] selftest/devtool: Check branch in git fetch [honister,12/17] runqemu: check the qemu PID has been set before kill()ing it [honister,13/17] cve-extra-exclusions: add db CVEs to exclusion list [honister,14/17] uboot-sign: fix the concatenation when multiple U-BOOT configurations are specified [honister,15/17] packagedata.py: silence a DeprecationWarning [honister,16/17] oe/license: implement ast.NodeVisitor.visit_Constant [honister,17/17] license.bbclass: implement ast.NodeVisitor.visit_Constant

Message ID

c6422335f653c44efc651e8785821282d3d4f789.1639444641.git.anuj.mittal@intel.com

State

Accepted, archived

Commit

c6422335f653c44efc651e8785821282d3d4f789

Headers

From: Anuj Mittal <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [honister][PATCH 01/17] ncurses: fix CVE-2021-39537
Date: Tue, 14 Dec 2021 09:20:36 +0800
Message-Id: 
 <c6422335f653c44efc651e8785821282d3d4f789.1639444641.git.anuj.mittal@intel.com>
In-Reply-To: <cover.1639444641.git.anuj.mittal@intel.com>
References: <cover.1639444641.git.anuj.mittal@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[honister,01/17] ncurses: fix CVE-2021-39537 | expand

Commit Message

Mittal, Anuj Dec. 14, 2021, 1:20 a.m. UTC

From: Mingli Yu <mingli.yu@windriver.com>

Backport patch [1] to fix CVE-2021-39537 [2].

[1] https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
[2] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 8fceb122a1c0240106342738de7d2484b48d9a6a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../ncurses/files/CVE-2021-39537.patch        | 65 +++++++++++++++++++
 meta/recipes-core/ncurses/ncurses_6.2.bb      |  1 +
 2 files changed, 66 insertions(+)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2021-39537.patch

diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000000..d63bf57e8d
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@ 
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+	+ correct configure version-check/warnng for g++ to allow for 10.x
+	+ re-enable "bel" in konsole-base (report by Nia Huang)
+	+ add linux-s entry (patch by Alexandre Montaron).
+	+ drop long-obsolete convert_configure.pl
+	+ add test/test_parm.c, for checking tparm changes.
+	+ improve parameter-checking for tparm, adding function _nc_tiparm() to
+	  handle the most-used case, which accepts only numeric parameters
+	  (report/testcase by "puppet-meteor").
+	+ use a more conservative estimate of the buffer-size in lib_tparm.c's
+	  save_text() and save_number(), in case the sprintf() function
+	  passes-through unexpected characters from a format specifier
+	  (report/testcase by "puppet-meteor").
+	+ add a check for end-of-string in cvtchar to handle a malformed
+	  string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c        |   11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+ 
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ 	}
+ 	break;
+     case '^':
++	len = 2;
+ 	c = UChar(*++sp);
+-	if (c == '?')
++	if (c == '?') {
+ 	    c = 127;
+-	else
++	} else if (c == '\0') {
++	    len = 1;
++	} else {
+ 	    c &= 0x1f;
+-	len = 2;
++	}
+ 	break;
+     default:
+ 	c = UChar(*sp);
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a20..598c51b00b 100644
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@  require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
            file://0002-configure-reproducible.patch \
            file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+           file://CVE-2021-39537.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"

[honister,01/17] ncurses: fix CVE-2021-39537

Commit Message

Patch