rpms/ncurses
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI ncurses-6.4-15.20240127.el10_1

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-03-26 07:00:17 -04:00
parent 9359f8bf56
commit d24d412d64
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ncurses-cve-2025-69720.patch Normal file
View File

@ -0,0 +1,21 @@
--- a/progs/infocmp.c
+++ b/progs/infocmp.c
@@ -847,7 +847,7 @@ lookup_params(const assoc * table, char *dst, char *src)
static void
analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
{
- char buf2[MAX_TERMINFO_LENGTH];
+ char buf2[MAX_TERMINFO_LENGTH + 1];
const char *sp;
const assoc *ap;
int tp_lines = tp->Numbers[2];
@@ -877,7 +877,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
if (VALID_STRING(cp) &&
cp[0] != '\0' &&
cp != cap) {
- len = strlen(cp);
+ if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH)
+ len = MAX_TERMINFO_LENGTH;
_nc_STRNCPY(buf2, sp, len);
buf2[len] = '\0';

7
ncurses.spec
View File

@ -9,13 +9,14 @@
Summary: Ncurses support utilities
Name: ncurses
Version: 6.4
Release: 14.%{revision}%{?dist}
Release: 15.%{revision}%{?dist}
License: MIT-open-group
URL: https://invisible-island.net/ncurses/ncurses.html
Source0: https://invisible-mirror.net/archives/ncurses/current/ncurses-%{version}-%{revision}.tgz
Source1: https://invisible-mirror.net/archives/ncurses/current/ncurses-%{version}-%{revision}.tgz.asc
Source2: https://invisible-island.net/public/dickey@invisible-island.net-rsa3072.asc
Patch1: ncurses-cve-2025-69720.patch
Patch8: ncurses-config.patch
Patch9: ncurses-libs.patch
Patch11: ncurses-urxvt.patch
@ -119,6 +120,7 @@ The ncurses-static package includes static libraries of the ncurses library.
%setup -q -n %{name}-%{version}-%{revision}
%patch -P1 -p1 -b .cve-2025-69720
%patch -P8 -p1 -b .config
%patch -P9 -p1 -b .libs
%patch -P11 -p1 -b .urxvt
@ -298,6 +300,9 @@ xz NEWS
%{_libdir}/lib*.a
%changelog
* Tue Mar 24 2026 Miroslav Lichvar <mlichvar@redhat.com> 6.4-15.20240127
- fix buffer overflow in infocmp -i (CVE-2025-69720)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 6.4-14.20240127
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018