diff --git a/SOURCES/ncurses-cve-2023-29491.patch b/SOURCES/ncurses-cve-2023-29491.patch new file mode 100644 index 0000000..a859f0e --- /dev/null +++ b/SOURCES/ncurses-cve-2023-29491.patch @@ -0,0 +1,13 @@ +diff -up ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491 ncurses-6.2-20210508/ncurses/tinfo/read_entry.c +--- ncurses-6.2-20210508/ncurses/tinfo/read_entry.c.cve-2023-29491 2023-08-14 15:52:46.536461992 +0200 ++++ ncurses-6.2-20210508/ncurses/tinfo/read_entry.c 2023-08-14 15:55:04.384426095 +0200 +@@ -308,6 +308,9 @@ _nc_read_termtype(TERMTYPE2 *ptr, char * + || bool_count < 0 + || num_count < 0 + || str_count < 0 ++ || bool_count > BOOLCOUNT ++ || num_count > NUMCOUNT ++ || str_count > STRCOUNT + || str_size < 0) { + returnDB(TGETENT_NO); + } diff --git a/SPECS/ncurses.spec b/SPECS/ncurses.spec index ea8c22f..e878abc 100644 --- a/SPECS/ncurses.spec +++ b/SPECS/ncurses.spec @@ -2,7 +2,7 @@ Summary: Ncurses support utilities Name: ncurses Version: 6.1 -Release: 9.%{revision}%{?dist} +Release: 10.%{revision}%{?dist} License: MIT Group: System Environment/Base URL: https://invisible-island.net/ncurses/ncurses.html @@ -16,6 +16,7 @@ Patch12: ncurses-kbs.patch Patch13: ncurses-cve-2019-17594.patch Patch14: ncurses-cve-2019-17595.patch Patch15: ncurses-tputx.patch +Patch16: ncurses-cve-2023-29491.patch BuildRequires: gcc gcc-c++ gpm-devel pkgconfig Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -133,6 +134,7 @@ The ncurses-static package includes static libraries of the ncurses library. %patch13 -p1 -b .cve-2019-17594 %patch14 -p1 -b .cve-2019-17595 %patch15 -p1 -b .tputx +%patch16 -p1 -b .cve-2023-29491 for f in ANNOUNCE; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -299,6 +301,9 @@ bzip2 NEWS %{_libdir}/lib*.a %changelog +* Tue Aug 15 2023 Miroslav Lichvar 6.1-10.20180224 +- fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) + * Tue May 18 2021 Miroslav Lichvar 6.1-9.20180224 - fix tput to accept -x option (#1916340)