LAKITU: Backport fix for CVE-2021-39537 from ncurses 6.2
Backport fix for heap-based stack overflow in _nc_captoinfo
from the upstream commit 790a85db ("ncurses 6.2 - patch 20200531")
BUG=b/202124389
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2021-39537 in ncurses package
Change-Id: Id1f905f7d9291d8fc16461fd3be62900c3f4e799
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/23414
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/sys-libs/ncurses/files/ncurses-6.2-fix-cve-2021-39537.patch b/sys-libs/ncurses/files/ncurses-6.2-fix-cve-2021-39537.patch
new file mode 100644
index 0000000..5a313fc
--- /dev/null
+++ b/sys-libs/ncurses/files/ncurses-6.2-fix-cve-2021-39537.patch
@@ -0,0 +1,23 @@
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ }
+ break;
+ case '^':
++ len = 2;
+ c = UChar(*++sp);
+- if (c == '?')
++ if (c == '?') {
+ c = 127;
+- else
++ } else if (c == '\0') {
++ len = 1;
++ } else {
+ c &= 0x1f;
+- len = 2;
++ }
+ break;
+ default:
+ c = UChar(*sp);
diff --git a/sys-libs/ncurses/ncurses-6.2-r1.ebuild b/sys-libs/ncurses/ncurses-6.2-r2.ebuild
similarity index 97%
rename from sys-libs/ncurses/ncurses-6.2-r1.ebuild
rename to sys-libs/ncurses/ncurses-6.2-r2.ebuild
index 43df9d4..ffb44f0 100644
--- a/sys-libs/ncurses/ncurses-6.2-r1.ebuild
+++ b/sys-libs/ncurses/ncurses-6.2-r2.ebuild
@@ -34,6 +34,8 @@
S="${WORKDIR}/${MY_P}"
+# CVE-2021-39537 fix was adopted from the upstream patch 20200531
+# https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
PATCHES=(
"${FILESDIR}/${PN}-5.7-nongnu.patch"
"${FILESDIR}/${PN}-6.0-rxvt-unicode-9.15.patch" #192083 #383871
@@ -44,6 +46,7 @@
"${FILESDIR}/${PN}-6.2-no_user_ldflags_in_libs.patch"
"${FILESDIR}/${PN}-6.2-prefix-ld.patch"
"${FILESDIR}/${PN}-6.2-pkgconfig-prefix.patch"
+ "${FILESDIR}/${PN}-6.2-fix-cve-2021-39537.patch"
)
src_prepare() {