LAKITU: Backport fix for CVE-2021-39537 from ncurses 6.2 Backport fix for heap-based stack overflow in _nc_captoinfo from the upstream commit 790a85db ("ncurses 6.2 - patch 20200531") BUG=b/202124389 TEST=presubmit RELEASE_NOTE=Fixed CVE-2021-39537 in ncurses package Change-Id: Id1f905f7d9291d8fc16461fd3be62900c3f4e799 Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/23414 Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com> Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>

commit: f9f70ac04311c92ebf7187945f28a0c5df2d0326 [log] [tgz]
author: Oleksandr Tymoshenko <ovt@google.com> Tue Oct 05 23:16:44 2021 +0000
committer: Oleksandr Tymoshenko <ovt@google.com> Tue Oct 12 04:29:25 2021 +0000
tree: 61777a8a0755f6ac5b9e88f680c309e944e458bb
parent: a946cb34ac329f1e21b15711eb22faa95b8d4120 [diff]
diff --git a/sys-libs/ncurses/files/ncurses-6.2-fix-cve-2021-39537.patch b/sys-libs/ncurses/files/ncurses-6.2-fix-cve-2021-39537.patch
new file mode 100644
index 0000000..5a313fc
--- /dev/null
+++ b/sys-libs/ncurses/files/ncurses-6.2-fix-cve-2021-39537.patch

@@ -0,0 +1,23 @@
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ 	}
+ 	break;
+     case '^':
++	len = 2;
+ 	c = UChar(*++sp);
+-	if (c == '?')
++	if (c == '?') {
+ 	    c = 127;
+-	else
++	} else if (c == '\0') {
++	    len = 1;
++	} else {
+ 	    c &= 0x1f;
+-	len = 2;
++	}
+ 	break;
+     default:
+ 	c = UChar(*sp);

diff --git a/sys-libs/ncurses/ncurses-6.2-r1.ebuild b/sys-libs/ncurses/ncurses-6.2-r2.ebuild
similarity index 97%
rename from sys-libs/ncurses/ncurses-6.2-r1.ebuild
rename to sys-libs/ncurses/ncurses-6.2-r2.ebuild
index 43df9d4..ffb44f0 100644
--- a/sys-libs/ncurses/ncurses-6.2-r1.ebuild
+++ b/sys-libs/ncurses/ncurses-6.2-r2.ebuild

@@ -34,6 +34,8 @@
 
 S="${WORKDIR}/${MY_P}"
 
+# CVE-2021-39537 fix was adopted from the upstream patch 20200531
+# https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
 PATCHES=(
 	"${FILESDIR}/${PN}-5.7-nongnu.patch"
 	"${FILESDIR}/${PN}-6.0-rxvt-unicode-9.15.patch" #192083 #383871
@@ -44,6 +46,7 @@
 	"${FILESDIR}/${PN}-6.2-no_user_ldflags_in_libs.patch"
 	"${FILESDIR}/${PN}-6.2-prefix-ld.patch"
 	"${FILESDIR}/${PN}-6.2-pkgconfig-prefix.patch"
+	"${FILESDIR}/${PN}-6.2-fix-cve-2021-39537.patch"
 )
 
 src_prepare() {
commit	f9f70ac04311c92ebf7187945f28a0c5df2d0326	[log] [tgz]
author	Oleksandr Tymoshenko <ovt@google.com>	Tue Oct 05 23:16:44 2021 +0000
committer	Oleksandr Tymoshenko <ovt@google.com>	Tue Oct 12 04:29:25 2021 +0000
tree	61777a8a0755f6ac5b9e88f680c309e944e458bb
parent	a946cb34ac329f1e21b15711eb22faa95b8d4120 [diff]