diff options
Diffstat (limited to 'main')
| -rw-r--r-- | main/screen/APKBUILD | 13 | ||||
| -rw-r--r-- | main/screen/CVE-2020-9366.patch | 42 |
2 files changed, 52 insertions, 3 deletions
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD index 89718aa3d3..35fe650db2 100644 --- a/main/screen/APKBUILD +++ b/main/screen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=screen pkgver=4.6.2 -pkgrel=0 +pkgrel=1 pkgdesc="A window manager that multiplexes a physical terminal" url="http://ftp.gnu.org/gnu/screen/" arch="all" @@ -10,9 +10,15 @@ license="GPL-3.0-or-later" options="!check" # No test suite. makedepends="ncurses-dev ncurses" subpackages="$pkgname-doc" -source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" +source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2020-9366.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 4.6.2-r1: +# - CVE-2020-9366 + build() { cd "$builddir" ./configure \ @@ -38,4 +44,5 @@ package() { install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc } -sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz" +sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz +7cf69866a2c6e18a72b8df90550d12294c95245a39b1c16a5de9eb1dbaf732d1474af7e0f9d42941286911e136e437f8029cd134858c456eaabee6ef6cfce111 CVE-2020-9366.patch" diff --git a/main/screen/CVE-2020-9366.patch b/main/screen/CVE-2020-9366.patch new file mode 100644 index 0000000000..81b56b4bc5 --- /dev/null +++ b/main/screen/CVE-2020-9366.patch @@ -0,0 +1,42 @@ +From 68386dfb1fa33471372a8cd2e74686758a2f527b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net> +Date: Thu, 30 Jan 2020 17:56:27 +0100 +Subject: Fix out of bounds access when setting w_xtermosc after OSC 49 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +echo -e "\e]49\e; \n\ec" +crashes screen. + +This happens because 49 is divided by 10 and used as table index +resulting in access to w_xtermosc[4], which is out of bounds with table +itself being size 4. Increase size of table by 1 to 5, which is enough +for all current uses. + +As this overwrites memory based on user input it is potential security +issue. + +Reported-by: pippin@gimp.org +Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> +--- + src/window.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/window.h b/src/window.h +index fbe98dc..11d2a9e 100644 +--- a/window.h ++++ b/window.h +@@ -237,7 +237,7 @@ struct win + char w_vbwait; + char w_norefresh; /* dont redisplay when switching to that win */ + #ifdef RXVT_OSC +- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */ ++ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */ + #endif + int w_mouse; /* mouse mode 0,9,1000 */ + int w_extmouse; /* extended mouse mode 0,1006 */ +-- +cgit v1.2.1 + + |