LAKITU: Backport fix for CVE-2021-39537 from ncurses 6.2
Backport fix for heap-based stack overflow in _nc_captoinfo
from the upstream commit 790a85db ("ncurses 6.2 - patch 20200531")
BUG=b/202124389
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2021-39537 in ncurses package
cos-patch: security-moderate
Change-Id: I8801b549fc78bf03937d0f525ef70393b2cd4dbd
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/23411
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/sys-libs/ncurses/files/ncurses-5.9-fix-cve-2021-39537.patch b/sys-libs/ncurses/files/ncurses-5.9-fix-cve-2021-39537.patch
new file mode 100644
index 0000000..a932e66
--- /dev/null
+++ b/sys-libs/ncurses/files/ncurses-5.9-fix-cve-2021-39537.patch
@@ -0,0 +1,19 @@
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index a0da44d..83c5216 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -207,8 +207,13 @@ cvtchar(register const char *sp)
+ }
+ break;
+ case '^':
+- c = (unsigned char) (*++sp & 0x1f);
+ len = 2;
++ c = (unsigned char) (*++sp);
++ if (c == '\0') {
++ len = 1;
++ } else {
++ c &= 0x1f;
++ }
+ break;
+ default:
+ c = (unsigned char) (*sp);
diff --git a/sys-libs/ncurses/ncurses-5.9-r8.ebuild b/sys-libs/ncurses/ncurses-5.9-r9.ebuild
similarity index 96%
rename from sys-libs/ncurses/ncurses-5.9-r8.ebuild
rename to sys-libs/ncurses/ncurses-5.9-r9.ebuild
index f387160..1768380 100644
--- a/sys-libs/ncurses/ncurses-5.9-r8.ebuild
+++ b/sys-libs/ncurses/ncurses-5.9-r9.ebuild
@@ -37,6 +37,8 @@
S=${WORKDIR}/${MY_P}
HOSTTIC_DIR=${WORKDIR}/${P}-host
+# CVE-2021-39537 fix was adopted from the upstream patch 20200531
+# https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
src_prepare() {
[[ -n ${PV_SNAP} ]] && epatch "${WORKDIR}"/${MY_P}-${PV_SNAP}-patch.sh
epatch "${FILESDIR}"/${PN}-5.8-gfbsd.patch
@@ -46,6 +48,7 @@
epatch "${FILESDIR}"/${PN}-5.9-pkg-config.patch
# Fixes CVE-2019-17594 and CVE-2019-17595
epatch "${FILESDIR}/${PN}"-6.1-fix-heap-based-over-read.patch
+ epatch "${FILESDIR}/${PN}"-5.9-fix-cve-2021-39537.patch
epatch "${FILESDIR}"/${P}-no-I-usr-include.patch #522586
epatch "${FILESDIR}"/${P}-gcc-5.patch #545114
}