import ncurses-6.1-9.20180224.el8

2021-10-06 07:06:15 -04:00 · 2021-10-06 07:06:15 -04:00 · fc7dbe6f61
commit fc7dbe6f61
parent dac65a2c7d
4 changed files with 73 additions and 1 deletions
--- a/SOURCES/ncurses-cve-2019-17594.patch
+++ b/SOURCES/ncurses-cve-2019-17594.patch
@ -0,0 +1,28 @@
 From snapshot 6.1-20191012
 diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
 index 21f165ca..a62d38f9 100644
 --- a/ncurses/tinfo/comp_hash.c
 +++ b/ncurses/tinfo/comp_hash.c
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
     hashvalue = data->hash_of(string);
 -    if (data->table_data[hashvalue] >= 0) {
 +    if (hashvalue >= 0
 +	&& (unsigned) hashvalue < data->table_size
 +	&& data->table_data[hashvalue] >= 0) {
 	real_table = _nc_get_table(termcap);
 	ptr = real_table + data->table_data[hashvalue];
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
     const HashData *data = _nc_get_hash_info(termcap);
     int hashvalue = data->hash_of(string);
 -    if (data->table_data[hashvalue] >= 0) {
 +    if (hashvalue >= 0
 +	&& (unsigned) hashvalue < data->table_size
 +	&& data->table_data[hashvalue] >= 0) {
 	const struct name_table_entry *const table = _nc_get_table(termcap);
 	ptr = table + data->table_data[hashvalue];
--- a/SOURCES/ncurses-cve-2019-17595.patch
+++ b/SOURCES/ncurses-cve-2019-17595.patch
@ -0,0 +1,16 @@
 From snapshot 6.1-20191012
 diff --git a/progs/dump_entry.c b/progs/dump_entry.c
 index d0e420ec..8a47084a 100644
 --- a/progs/dump_entry.c
 +++ b/progs/dump_entry.c
@@ -1136,7 +1136,8 @@ fmt_entry(TERMTYPE2 *tterm,
 				*d++ = '\\';
 				*d = ':';
 			    } else if (*d == '\\') {
 -				*++d = *s++;
 +				if ((*++d = *s++) == '\0')
 +				    break;
 			    }
 			    d++;
 			    *d = '\0';
--- a/SOURCES/ncurses-tputx.patch
+++ b/SOURCES/ncurses-tputx.patch
@ -0,0 +1,15 @@
 From snapshot 6.1-20180630
 diff --git a/progs/tput.c b/progs/tput.c
 index fd051eb4..88e75799 100644
 --- a/progs/tput.c
 +++ b/progs/tput.c
@@ -293,7 +293,7 @@ main(int argc, char **argv)
     term = getenv("TERM");
 -    while ((c = getopt(argc, argv, "ST:V")) != -1) {
 +    while ((c = getopt(argc, argv, "ST:Vx")) != -1) {
 	switch (c) {
 	case 'S':
 	    cmdline = FALSE;
--- a/SPECS/ncurses.spec
+++ b/SPECS/ncurses.spec
@ -2,7 +2,7 @@
 Summary: Ncurses support utilities
 Name: ncurses
 Version: 6.1
-Release: 7.%{revision}%{?dist}
+Release: 9.%{revision}%{?dist}
 License: MIT
 Group: System Environment/Base
 URL: https://invisible-island.net/ncurses/ncurses.html
@ -13,6 +13,9 @@ Patch8: ncurses-config.patch
 Patch9: ncurses-libs.patch
 Patch11: ncurses-urxvt.patch
 Patch12: ncurses-kbs.patch
 Patch13: ncurses-cve-2019-17594.patch
 Patch14: ncurses-cve-2019-17595.patch
 Patch15: ncurses-tputx.patch
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@ -127,6 +130,9 @@ The ncurses-static package includes static libraries of the ncurses library.
 %patch9 -p1 -b .libs
 %patch11 -p1 -b .urxvt
 %patch12 -p1 -b .kbs
 %patch13 -p1 -b .cve-2019-17594
 %patch14 -p1 -b .cve-2019-17595
 %patch15 -p1 -b .tputx
 for f in ANNOUNCE; do
    iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@ -293,6 +299,13 @@ bzip2 NEWS
 %{_libdir}/lib*.a
 %changelog
 * Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-9.20180224
 - fix tput to accept -x option (#1916340)
 * Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-8.20180224
 - fix buffer overflow in terminfo entry hashtable (CVE-2019-17594)
 - handle missing character after backslash in terminfo entry (CVE-2019-17595)
 * Wed Jan 16 2019 Miroslav Lichvar <mlichvar@redhat.com> 6.1-7.20180224
 - disable stripping on program installation (#1665177)