diff options
| author | Eivind Uggedal <eivind@uggedal.com> | 2015-09-30 20:50:28 +0000 |
|---|---|---|
| committer | Eivind Uggedal <eivind@uggedal.com> | 2015-10-01 14:01:32 +0000 |
| commit | 3d8174d3ef837848a2de5f0a2e8be9add7bb0acc (patch) | |
| tree | 929e468cc28f49e1b813168c11b0e9a0a7693733 | |
| parent | dc8c84b12bbcb39866abb39dae0ddd35d837c5e5 (diff) | |
| download | aports-3d8174d3ef837848a2de5f0a2e8be9add7bb0acc.tar.bz2 aports-3d8174d3ef837848a2de5f0a2e8be9add7bb0acc.tar.xz | |
main/screen: security fix for CVE-2015-6806
| -rw-r--r-- | main/screen/APKBUILD | 14 | ||||
| -rw-r--r-- | main/screen/CVE-2015-6806.patch | 52 |
2 files changed, 61 insertions, 5 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD index 4d9c07c346..9074913107 100644 --- a/main/screen/APKBUILD +++ b/main/screen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=screen pkgver=4.0.3 -pkgrel=5 +pkgrel=6 pkgdesc="A window manager that multiplexes a physical terminal" url="http://ftp.gnu.org/gnu/screen/" arch="all" @@ -12,7 +12,8 @@ makedepends="ncurses-dev" install= subpackages="$pkgname-doc" source="http://ftp.gnu.org/gnu/screen/$pkgname-$pkgver.tar.gz - $pkgname-$pkgver.patch + $pkgname-$pkgver.patch + CVE-2015-6806.patch " _builddir="$srcdir"/screen-$pkgver @@ -50,8 +51,11 @@ package() { } md5sums="8506fd205028a96c741e4037de6e3c42 screen-4.0.3.tar.gz -243e18daf4b2bbff898fdf0d772fad52 screen-4.0.3.patch" +243e18daf4b2bbff898fdf0d772fad52 screen-4.0.3.patch +fb34aa6d46530ce47815cd44c6360d2a CVE-2015-6806.patch" sha256sums="78f0d5b1496084a5902586304d4a73954b2bfe33ea13edceecf21615c39e6c77 screen-4.0.3.tar.gz -1b7a44da467b97da942404856a01b67ab10dff96509973abe1355623d572f659 screen-4.0.3.patch" +1b7a44da467b97da942404856a01b67ab10dff96509973abe1355623d572f659 screen-4.0.3.patch +96b11e6a8da0a879a568b1f34f28489ec49bd66c3361856b87bf316f06c5b56a CVE-2015-6806.patch" sha512sums="24c1f598972f3dc9ed49cd2c05852190a0190d22fa01401eee8484627c8dd2815f0a422d9b2697faa8aaa0b3efc6730a94e2d5aa787dbe5e9ec719143176c338 screen-4.0.3.tar.gz -d63ee59b8e61c059486ff54aace5e02003ca0fc55803b49135006089f7cb4af6de52b99e56a2a1b74acb0f5bb127b705ca25fadf7f8475fe4a0ba9ba67bbe0cd screen-4.0.3.patch" +d63ee59b8e61c059486ff54aace5e02003ca0fc55803b49135006089f7cb4af6de52b99e56a2a1b74acb0f5bb127b705ca25fadf7f8475fe4a0ba9ba67bbe0cd screen-4.0.3.patch +4e1cbb62d94ae6e28053595351d05dcff765e8ac25ede5ae7cfa87e25751d71de1f7c8d548dd320e820d1a35435d3e5f98788ecd83a1d0a5e05ece1a965356ab CVE-2015-6806.patch" diff --git a/main/screen/CVE-2015-6806.patch b/main/screen/CVE-2015-6806.patch new file mode 100644 index 0000000000..f10aacf0ad --- /dev/null +++ b/main/screen/CVE-2015-6806.patch @@ -0,0 +1,52 @@ +Origin: commit b7484c224738247b510ed0d268cd577076958f1b +Author: Kuang-che Wu <kcwu@csie.org> +Bug: https://savannah.gnu.org/bugs/?45713 +Bug-Debian: http://bugs.debian.org/797624 +Description: Fix stack overflow due to too deep recursion + How to reproduce: + Run this command inside screen + $ printf '\x1b[10000000T' + . + screen will recursively call MScrollV to depth n/256. + This is time consuming and will overflow stack if n is huge. + +diff --git a/ansi.c b/ansi.c +index a342fb1..152d2ef 100644 +--- a/ansi.c ++++ b/ansi.c +@@ -2449,13 +2449,13 @@ int n, ys, ye, bce; + return; + if (n > 0) + { ++ if (ye - ys + 1 < n) ++ n = ye - ys + 1; + if (n > 256) + { + MScrollV(p, n - 256, ys, ye, bce); + n = 256; + } +- if (ye - ys + 1 < n) +- n = ye - ys + 1; + #ifdef COPY_PASTE + if (compacthist) + { +@@ -2506,14 +2506,14 @@ int n, ys, ye, bce; + } + else + { +- if (n < -256) +- { +- MScrollV(p, n + 256, ys, ye, bce); +- n = -256; +- } + n = -n; + if (ye - ys + 1 < n) + n = ye - ys + 1; ++ if (n > 256) ++ { ++ MScrollV(p, - (n - 256), ys, ye, bce); ++ n = 256; ++ } + + ml = p->w_mlines + ye; + /* Clear lines */ |