Date: Mon, 19 Aug 2024 16:06:09 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 1c7e0fd32c4a - main - sysutils/screen*: Fix off-by-one buffer overflow Message-ID: <202408191606.47JG69dd048391@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=1c7e0fd32c4ac92369dbdc15fb5abf048524a9b2 commit 1c7e0fd32c4ac92369dbdc15fb5abf048524a9b2 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2024-08-19 15:49:48 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2024-08-19 16:05:38 +0000 sysutils/screen*: Fix off-by-one buffer overflow FreeBSD ncurses, as of c8b9c85ee5bb, does a strncpy() of 1024 bytes into a 1023 byte buffer supplied by screen. This section of code in ncurses was removed in 61f66a1f4403, and is not a problem since 14.0-RELEASE. But it is still a problem in 13-STABLE. Thank you to dim@ for detailed analysis and initial patch to sysutils/screen. The same patch is also applied to sysutils/screen-devel this commit. PR: 280868 MFH: 2024Q3 --- sysutils/screen-devel/Makefile | 7 +------ sysutils/screen-devel/files/patch-os.h | 13 +++++++++++-- sysutils/screen/Makefile | 7 +------ sysutils/screen/files/patch-os.h | 9 +++++++++ 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/sysutils/screen-devel/Makefile b/sysutils/screen-devel/Makefile index eba60db63e0c..74ddc9a27acf 100644 --- a/sysutils/screen-devel/Makefile +++ b/sysutils/screen-devel/Makefile @@ -1,6 +1,6 @@ PORTNAME= screen DISTVERSION= 5.0.0.${SCREEN_COMMIT_DATE} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= sysutils PKGNAMESUFFIX= -devel MASTER_SITES= # @@ -51,11 +51,6 @@ CPE_VENDOR= gnu .include <bsd.port.options.mk> -.if ${ARCH} == aarch64 || ${ARCH} == armv6 || ${ARCH} == armv7 || \ - ${ARCH} == i386 || ${ARCH:Mpowerpc*} -SSP_CFLAGS?= -fno-stack-protector -.endif - GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share CFLAGS+= -I${NCURSESINC} diff --git a/sysutils/screen-devel/files/patch-os.h b/sysutils/screen-devel/files/patch-os.h index bb7356858388..a03d22029f93 100644 --- a/sysutils/screen-devel/files/patch-os.h +++ b/sysutils/screen-devel/files/patch-os.h @@ -1,5 +1,14 @@ ---- os.h.orig 2024-03-26 16:41:57.000000000 -0700 -+++ os.h 2024-04-03 07:39:11.395526000 -0700 +--- os.h.orig 2024-07-27 07:09:11.000000000 -0700 ++++ os.h 2024-08-19 08:47:21.152670000 -0700 +@@ -148,7 +148,7 @@ + */ + + #ifndef TERMCAP_BUFSIZE +-# define TERMCAP_BUFSIZE 1023 ++# define TERMCAP_BUFSIZE 1024 + #endif + + /* @@ -161,6 +161,6 @@ /* Changing those you won't be able to attach to your old sessions * when changing those values in official tree don't forget to bump diff --git a/sysutils/screen/Makefile b/sysutils/screen/Makefile index a6958eede5f7..f963b853b839 100644 --- a/sysutils/screen/Makefile +++ b/sysutils/screen/Makefile @@ -1,6 +1,6 @@ PORTNAME= screen PORTVERSION= 4.9.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= sysutils MASTER_SITES= GNU \ ftp://ftp.gnu.org/gnu/screen/ \ @@ -52,11 +52,6 @@ CPE_VENDOR= gnu .include <bsd.port.options.mk> -.if ${ARCH} == aarch64 || ${ARCH} == armv6 || ${ARCH} == armv7 || \ - ${ARCH} == i386 || ${ARCH:Mpowerpc*} -SSP_CFLAGS?= -fno-stack-protector -.endif - GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share CFLAGS+= -I${NCURSESINC} diff --git a/sysutils/screen/files/patch-os.h b/sysutils/screen/files/patch-os.h index 8ba9963d0e49..80e7ec3c0bcb 100644 --- a/sysutils/screen/files/patch-os.h +++ b/sysutils/screen/files/patch-os.h @@ -14,6 +14,15 @@ # define utmp utmpx # define getutent getutxent # define getutid getutxid +@@ -507,7 +509,7 @@ typedef struct fd_set { int fds_bits[1]; } fd_set; + */ + + #ifndef TERMCAP_BUFSIZE +-# define TERMCAP_BUFSIZE 1023 ++# define TERMCAP_BUFSIZE 1024 + #endif + + #ifndef MAXPATHLEN @@ -524,6 +526,6 @@ /* Changing those you won't be able to attach to your old sessions * when changing those values in official tree don't forget to bump
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202408191606.47JG69dd048391>