fix crash in parsing of terminfo use capability (CVE-2018-10754)

ncurses-usecap.patch

@@ -0,0 +1,22 @@
+20180414
+	+ add a null-pointer check in _nc_parse_entry to handle an error when
+	  a use-name is invalid syntax (report by Chung-Yi Lin).
+
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index 2b54f45d..437f1223 100644
+--- a/ncurses/tinfo/parse_entry.c
++++ b/ncurses/tinfo/parse_entry.c
+@@ -543,9 +543,11 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ 		 * Otherwise, look for a base entry that will already
+ 		 * have picked up defaults via translation.
+ 		 */
+-		for (i = 0; i < entryp->nuses; i++)
+-		    if (!strchr((char *) entryp->uses[i].name, '+'))
++		for (i = 0; i < entryp->nuses; i++) {
++		    if (entryp->uses[i].name != 0
++			&& !strchr(entryp->uses[i].name, '+'))
+ 			has_base_entry = TRUE;
++		}
+ 	    }
+ 
+ 	    postprocess_termcap(&entryp->tterm, has_base_entry);

ncurses.spec

@@ -8,6 +8,7 @@ Group: System Environment/Base
 URL: https://invisible-island.net/ncurses/ncurses.html
 Source0: https://invisible-mirror.net/archives/ncurses/current/ncurses-%{version}-%{revision}.tgz
 
+Patch1: ncurses-usecap.patch
 Patch8: ncurses-config.patch
 Patch9: ncurses-libs.patch
 Patch11: ncurses-urxvt.patch
@@ -121,6 +122,7 @@ The ncurses-static package includes static libraries of the ncurses library.
 %prep
 %setup -q -n %{name}-%{version}-%{revision}
 
+%patch1 -p1 -b .usecap
 %patch8 -p1 -b .config
 %patch9 -p1 -b .libs
 %patch11 -p1 -b .urxvt