[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: http://x69.deja.com/=dnc/[ST_rn=ps,ST_m=ps]/getdoc.xp?AN=693368635&C
From: |
Thomas Dickey |
Subject: |
Re: http://x69.deja.com/=dnc/[ST_rn=ps,ST_m=ps]/getdoc.xp?AN=693368635&CO |
Date: |
Sat, 18 Nov 2000 19:33:53 -0500 |
User-agent: |
Mutt/1.2.5i |
On Tue, Nov 14, 2000 at 11:01:39AM -0800, Kris Kennaway wrote:
> On Tue, Nov 14, 2000 at 06:58:09AM -0500, Thomas Dickey wrote:
>
> > > Fixing it is going to be annoying, though :-( It would help if I had a
> > > patch containing only the security fix that was applied to the
> > > snapshot (I should have asked you for this before now). I'm not even
> > > sure where the vulnerable code was, which makes it hard to fix in
> > > 3.x. :-)
> >
> > I could unravel it, since I do keep both patches and rcs archives
> > (but it's sort of late for that).
>
> Well, that would make my job much easier. 3.x curses cannot be
> upgraded because it would break compatability but we have to support
> it, at least for now. :-(
>
> Kris
I put a patch (and related files) in
ftp://dickey.his.com/ncurses/5.0/ncurses-5.0-19991023a.zip
That covers these items (except that 20001007 patches only the C code - you
would have to modify your port to implement the '**' items):
20001104
+ add/use CharOf() macro to suppress sign-extension of char type on
platforms where this is a problem in ctype macros, e.g., Solaris.
+ add a check in relative_move() to guard against buffer overflow in
the overwrite logic.
20001021 5.2 release for upload to ftp.gnu.org
+ fix an uninitialized pointer in read_termcap.c (report by Todd C
Miller, from report/patch by Philip Guenther <address@hidden>).
20001014
+ modify lib_tparm.c to use get_space() before writing terminating
null character, both for consistency as well as to ensure that if
save_char() was called immediately before, that the allocated memory
is enough (patch by Sergei Ivanov).
20001009
> patch by Todd Miller:
+ add a few missing use_terminfo_vars() and fixes up _nc_tgetent().
Previously, _nc_cgetset() would still get called on cp so the
simplest thing is to set cp to NULL if !use_terminfo_vars().
+ added checks for an empty $HOME environment variable.
20001007
*** + add configure option --disable-root-environ, which tells ncurses to
disregard $TERMINFO and similar environment variables if the current
user is root, or running setuid/setgid (based on discussion with
several people).
*** + modified misc/run_tic.in to use tic -o, to eliminate dependency on
$TERMINFO variable for installs.
+ modify parse_format() in lib_tparm.c to ignore precision if it is
longer than 10000 (report by Jouko Pynnonen).
+ rewrote limit checks in lib_mvcur.c using new functions
_nc_safe_strcat(), etc. Made other related changes to check lengths
used for strcat/strcpy (report by Jouko Pynnonen <address@hidden>).
20000923
+ add a check for empty buffers returned by fgets() in comp_scan.c
next_char() function, in case tic is run on a non-text file (fixes
a core dump reported by Aaron Campbell <address@hidden>).
20000909
+ modify tparm to disallow arithmetic on strings, analyze the varargs
list to read strings as strings and numbers as numbers.
+ modify tparm's internal function spop() to treat a null pointer as
an empty string.
+ add private entrypoint _nc_basename(), use to consolidate related
code in progs, as well as accommodating OS/2 EMX pathnames.
20000902
+ change functions _nc_parse_entry() and postprocess_termcap() to avoid
using strtok(), because it is non-reentrant (reported by Andrey A
Chernov <address@hidden>).
--
Thomas E. Dickey <address@hidden>
http://dickey.his.com
ftp://dickey.his.com
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: http://x69.deja.com/=dnc/[ST_rn=ps,ST_m=ps]/getdoc.xp?AN=693368635&CO,
Thomas Dickey <=