rpms/ncurses
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import ncurses-6.1-9.20180224.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-10-06 07:06:15 -04:00 committed by Stepan Oksanichenko
parent dac65a2c7d
commit fc7dbe6f61
4 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
SOURCES/ncurses-cve-2019-17594.patch Normal file
View File

@ -0,0 +1,28 @@
From snapshot 6.1-20191012
diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
index 21f165ca..a62d38f9 100644
--- a/ncurses/tinfo/comp_hash.c
+++ b/ncurses/tinfo/comp_hash.c
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
hashvalue = data->hash_of(string);
- if (data->table_data[hashvalue] >= 0) {
+ if (hashvalue >= 0
+ && (unsigned) hashvalue < data->table_size
+ && data->table_data[hashvalue] >= 0) {
real_table = _nc_get_table(termcap);
ptr = real_table + data->table_data[hashvalue];
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
const HashData *data = _nc_get_hash_info(termcap);
int hashvalue = data->hash_of(string);
- if (data->table_data[hashvalue] >= 0) {
+ if (hashvalue >= 0
+ && (unsigned) hashvalue < data->table_size
+ && data->table_data[hashvalue] >= 0) {
const struct name_table_entry *const table = _nc_get_table(termcap);
ptr = table + data->table_data[hashvalue];

16
SOURCES/ncurses-cve-2019-17595.patch Normal file
View File

@ -0,0 +1,16 @@
From snapshot 6.1-20191012
diff --git a/progs/dump_entry.c b/progs/dump_entry.c
index d0e420ec..8a47084a 100644
--- a/progs/dump_entry.c
+++ b/progs/dump_entry.c
@@ -1136,7 +1136,8 @@ fmt_entry(TERMTYPE2 *tterm,
*d++ = '\\';
*d = ':';
} else if (*d == '\\') {
- *++d = *s++;
+ if ((*++d = *s++) == '\0')
+ break;
}
d++;
*d = '\0';

15
SOURCES/ncurses-tputx.patch Normal file
View File

@ -0,0 +1,15 @@
From snapshot 6.1-20180630
diff --git a/progs/tput.c b/progs/tput.c
index fd051eb4..88e75799 100644
--- a/progs/tput.c
+++ b/progs/tput.c
@@ -293,7 +293,7 @@ main(int argc, char **argv)
term = getenv("TERM");
- while ((c = getopt(argc, argv, "ST:V")) != -1) {
+ while ((c = getopt(argc, argv, "ST:Vx")) != -1) {
switch (c) {
case 'S':
cmdline = FALSE;

15
SPECS/ncurses.spec
View File

@ -2,7 +2,7 @@
Summary: Ncurses support utilities
Name: ncurses
Version: 6.1
Release: 7.%{revision}%{?dist}
Release: 9.%{revision}%{?dist}
License: MIT
Group: System Environment/Base
URL: https://invisible-island.net/ncurses/ncurses.html
@ -13,6 +13,9 @@ Patch8: ncurses-config.patch
Patch9: ncurses-libs.patch
Patch11: ncurses-urxvt.patch
Patch12: ncurses-kbs.patch
Patch13: ncurses-cve-2019-17594.patch
Patch14: ncurses-cve-2019-17595.patch
Patch15: ncurses-tputx.patch
BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -127,6 +130,9 @@ The ncurses-static package includes static libraries of the ncurses library.
%patch9 -p1 -b .libs
%patch11 -p1 -b .urxvt
%patch12 -p1 -b .kbs
%patch13 -p1 -b .cve-2019-17594
%patch14 -p1 -b .cve-2019-17595
%patch15 -p1 -b .tputx
for f in ANNOUNCE; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@ -293,6 +299,13 @@ bzip2 NEWS
%{_libdir}/lib*.a
%changelog
* Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-9.20180224
- fix tput to accept -x option (#1916340)
* Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-8.20180224
- fix buffer overflow in terminfo entry hashtable (CVE-2019-17594)
- handle missing character after backslash in terminfo entry (CVE-2019-17595)
* Wed Jan 16 2019 Miroslav Lichvar <mlichvar@redhat.com> 6.1-7.20180224
- disable stripping on program installation (#1665177)