Fix CVE-2021-26937 bz#1927066

4 years ago · 3c99c3c628
parent ff6899e3e0
commit 3c99c3c628
2 changed files with 87 additions and 1 deletions
--- a/screen-4.8.0-CVE-2021-26937.patch
+++ b/screen-4.8.0-CVE-2021-26937.patch
@ -0,0 +1,82 @@
+diff -urNp a/ansi.c b/ansi.c
+--- a/ansi.c	2021-02-18 07:56:55.954674224 +0100
+++ b/ansi.c	2021-02-18 08:04:25.005929307 +0100
+@@ -692,10 +692,6 @@ register int len;
+ 		    }
+ 		  curr->w_rend.font = 0;
+ 		}
+-#  ifdef DW_CHARS
+-	      if (curr->w_encoding == UTF8 && utf8_isdouble(c))
+-		curr->w_mbcs = 0xff;
+-#  endif
+ 	      if (curr->w_encoding == UTF8 && c >= 0x0300 && utf8_iscomb(c))
+ 		{
+ 		  int ox, oy;
+@@ -730,6 +726,10 @@ register int len;
+ 		    }
+ 		  break;
+ 		}
+#  ifdef DW_CHARS
+      if (curr->w_encoding == UTF8 && utf8_isdouble(c))
+        curr->w_mbcs = 0xff;
+#  endif
+ 	      font = curr->w_rend.font;
+ # endif
+ # ifdef DW_CHARS
+diff -urNp a/encoding.c b/encoding.c
+--- a/encoding.c	2021-02-18 07:56:55.949674177 +0100
+++ b/encoding.c	2021-02-18 08:02:21.187750152 +0100
+@@ -43,7 +43,7 @@ static int  encmatch __P((char *, char *
+ # ifdef UTF8
+ static int   recode_char __P((int, int, int));
+ static int   recode_char_to_encoding __P((int, int));
+-static void  comb_tofront __P((int, int));
+static void  comb_tofront __P((int));
+ #  ifdef DW_CHARS
+ static int   recode_char_dw __P((int, int *, int, int));
+ static int   recode_char_dw_to_encoding __P((int, int *, int));
+@@ -1263,6 +1263,8 @@ int c;
+     {0x30000, 0x3FFFD},
+   };
+ 
+  if (c >= 0xdf00 && c <= 0xdfff)
+    return 1;          /* dw combining sequence */
+   return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
+           (cjkwidth &&
+            bisearch(c, ambiguous,
+@@ -1330,11 +1332,12 @@ int c;
+ }
+ 
+ static void
+-comb_tofront(root, i)
+-int root, i;
+comb_tofront(i)
+int i;
+ {
+   for (;;)
+     {
+      int root = i >= 0x700 ? 0x801 : 0x800;
+       debug1("bring to front: %x\n", i);
+       combchars[combchars[i]->prev]->next = combchars[i]->next;
+       combchars[combchars[i]->next]->prev = combchars[i]->prev;
+@@ -1396,9 +1399,9 @@ struct mchar *mc;
+     {
+       /* full, recycle old entry */
+       if (c1 >= 0xd800 && c1 < 0xe000)
+-        comb_tofront(root, c1 - 0xd800);
+        comb_tofront(c1 - 0xd800);
+       i = combchars[root]->prev;
+-      if (c1 == i + 0xd800)
+      if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
+ 	{
+ 	  /* completely full, can't recycle */
+ 	  debug("utf8_handle_comp: completely full!\n");
+@@ -1422,7 +1425,7 @@ struct mchar *mc;
+   mc->font  = (i >> 8) + 0xd8;
+   mc->fontx = 0;
+   debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+-  comb_tofront(root, i);
+  comb_tofront(i);
+ }
+ 
+ #else /* !UTF8 */
--- a/screen.spec
+++ b/screen.spec
@ -4,7 +4,7 @@
 Summary:        A screen manager that supports multiple logins on one terminal
 Name:           screen
 Version:        4.8.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv3+
 URL:            http://www.gnu.org/software/screen
 Requires(pre):  /usr/sbin/groupadd
@ -23,6 +23,7 @@ Patch3:         screen-E3.patch
 Patch4:         screen-4.3.1-suppress_remap.patch
 Patch5:         screen-4.3.1-crypt.patch
 Patch6:         screen-4.8.0-expand-d_xtermosc.patch
+Patch7:         screen-4.8.0-CVE-2021-26937.patch

 %description
 The screen utility allows you to have multiple logins on just one
@ -116,6 +117,9 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %endif

 %changelog
+* Thu Feb 18 2021 Josef Ridky <jridky@redhat.com> - 4.8.0-5
+- fix CVE-2021-26937 (#1927066)
+
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.8.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild