From 59db41e1b7363180210957a0930f5dcfd3d07ef1 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 14 Aug 2023 16:11:18 +0200
Subject: [PATCH] fix buffer overflow on terminfo with too many capabilities
 (CVE-2023-29491)

Resolves: CVE-2023-29491
---
 ncurses-cve-2023-29491.patch | 13 +++++++++++++
 ncurses.spec                 |  2 ++
 2 files changed, 15 insertions(+)
 create mode 100644 ncurses-cve-2023-29491.patch

diff --git a/ncurses-cve-2023-29491.patch b/ncurses-cve-2023-29491.patch
new file mode 100644
index 0000000..a859f0e
--- /dev/null
+++ b/ncurses-cve-2023-29491.patch
@@ -0,0 +1,13 @@
+diff -up ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491 ncurses-6.2-20210508/ncurses/tinfo/read_entry.c
+--- ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491	2023-08-14 15:52:46.536461992 +0200
++++ ncurses-6.2-20210508/ncurses/tinfo/read_entry.c	2023-08-14 15:55:04.384426095 +0200
+@@ -308,6 +308,9 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *
+ 	|| bool_count < 0
+ 	|| num_count < 0
+ 	|| str_count < 0
++	|| bool_count > BOOLCOUNT
++	|| num_count > NUMCOUNT
++	|| str_count > STRCOUNT
+ 	|| str_size < 0) {
+ 	returnDB(TGETENT_NO);
+     }
diff --git a/ncurses.spec b/ncurses.spec
index ea8c22f..a2a74df 100644
--- a/ncurses.spec
+++ b/ncurses.spec
@@ -16,6 +16,7 @@ Patch12: ncurses-kbs.patch
 Patch13: ncurses-cve-2019-17594.patch
 Patch14: ncurses-cve-2019-17595.patch
 Patch15: ncurses-tputx.patch
+Patch16: ncurses-cve-2023-29491.patch
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@@ -133,6 +134,7 @@ The ncurses-static package includes static libraries of the ncurses library.
 %patch13 -p1 -b .cve-2019-17594
 %patch14 -p1 -b .cve-2019-17595
 %patch15 -p1 -b .tputx
+%patch16 -p1 -b .cve-2023-29491
 
 for f in ANNOUNCE; do
     iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&