diff options
-rw-r--r-- | main/screen/APKBUILD | 14 | ||||
-rw-r--r-- | main/screen/CVE-2015-6806.patch | 52 |
2 files changed, 61 insertions, 5 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD index 7c69169d49..4ea63f503a 100644 --- a/main/screen/APKBUILD +++ b/main/screen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=screen pkgver=4.3.1 -pkgrel=0 +pkgrel=1 pkgdesc="A window manager that multiplexes a physical terminal" url="http://ftp.gnu.org/gnu/screen/" arch="all" @@ -11,7 +11,8 @@ depends="" makedepends="ncurses-dev ncurses" install="" subpackages="$pkgname-doc" -source="http://ftp.gnu.org/gnu/screen/$pkgname-$pkgver.tar.gz" +source="http://ftp.gnu.org/gnu/screen/$pkgname-$pkgver.tar.gz + CVE-2015-6806.patch" _builddir="$srcdir"/screen-$pkgver prepare() { @@ -47,6 +48,9 @@ package() { install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc || return 1 } -md5sums="5bb3b0ff2674e29378c31ad3411170ad screen-4.3.1.tar.gz" -sha256sums="fa4049f8aee283de62e283d427f2cfd35d6c369b40f7f45f947dbfd915699d63 screen-4.3.1.tar.gz" -sha512sums="8e8a25b23330a7d8e00fc9e6cc430f0eb3937ccf4183efbd6fd24e4dc04cc09b3acae45bfc24892faee433b18fa79b1cfe0211fd75c0d74ecf908f916bf774aa screen-4.3.1.tar.gz" +md5sums="5bb3b0ff2674e29378c31ad3411170ad screen-4.3.1.tar.gz +5fb8b0a58ef4a2a75d7dddb453994cce CVE-2015-6806.patch" +sha256sums="fa4049f8aee283de62e283d427f2cfd35d6c369b40f7f45f947dbfd915699d63 screen-4.3.1.tar.gz +9383316bce6ce479dfd3eca238956e321b80885bd0e720d47f1f37693334b9cd CVE-2015-6806.patch" +sha512sums="8e8a25b23330a7d8e00fc9e6cc430f0eb3937ccf4183efbd6fd24e4dc04cc09b3acae45bfc24892faee433b18fa79b1cfe0211fd75c0d74ecf908f916bf774aa screen-4.3.1.tar.gz +7ee87aaf5e10a60b37558f5bea85718703b2b95a4a3c43c0cd4c6f48ddd7bf1c5c582017a41681d8f9243049009c9f43678f37b826c188add501168e289ce2f1 CVE-2015-6806.patch" diff --git a/main/screen/CVE-2015-6806.patch b/main/screen/CVE-2015-6806.patch new file mode 100644 index 0000000000..24a013b8eb --- /dev/null +++ b/main/screen/CVE-2015-6806.patch @@ -0,0 +1,52 @@ +Origin: commit b7484c224738247b510ed0d268cd577076958f1b +Author: Kuang-che Wu <kcwu@csie.org> +Bug: https://savannah.gnu.org/bugs/?45713 +Bug-Debian: http://bugs.debian.org/797624 +Description: Fix stack overflow due to too deep recursion + How to reproduce: + Run this command inside screen + $ printf '\x1b[10000000T' + . + screen will recursively call MScrollV to depth n/256. + This is time consuming and will overflow stack if n is huge. + +diff --git a/ansi.c b/ansi.c +index a342fb1..152d2ef 100644 +--- a/ansi.c ++++ b/ansi.c +@@ -2502,13 +2502,13 @@ int n, ys, ye, bce; + return; + if (n > 0) + { ++ if (ye - ys + 1 < n) ++ n = ye - ys + 1; + if (n > 256) + { + MScrollV(p, n - 256, ys, ye, bce); + n = 256; + } +- if (ye - ys + 1 < n) +- n = ye - ys + 1; + #ifdef COPY_PASTE + if (compacthist) + { +@@ -2562,14 +2562,14 @@ int n, ys, ye, bce; + } + else + { +- if (n < -256) +- { +- MScrollV(p, n + 256, ys, ye, bce); +- n = -256; +- } + n = -n; + if (ye - ys + 1 < n) + n = ye - ys + 1; ++ if (n > 256) ++ { ++ MScrollV(p, - (n - 256), ys, ye, bce); ++ n = 256; ++ } + + ml = p->w_mlines + ye; + /* Clear lines */ |