openeuler-ci-bot
Gitee
commit
1f9906c721
@ -1,39 +0,0 @@
|
||||
From e414438ddee26bcb081881d035dc9e247ddba0c3 Mon Sep 17 00:00:00 2001
|
||||
Date: Wed, 16 Oct 2019 11:01:37 +0800
|
||||
Subject: [PATCH] ncurses: fix CVE-2019-17594
|
||||
|
||||
reason:fix CVE-2019-17594
|
||||
check for invalid hashcode in _nc_find_entry
|
||||
|
||||
CVE-2019-17594 reference:
|
||||
http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.gz
|
||||
---
|
||||
ncurses/tinfo/comp_hash.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
|
||||
index 959c6e1..4183f68 100644
|
||||
--- a/ncurses/tinfo/comp_hash.c
|
||||
+++ b/ncurses/tinfo/comp_hash.c
|
||||
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
|
||||
|
||||
hashvalue = data->hash_of(string);
|
||||
|
||||
- if (data->table_data[hashvalue] >= 0) {
|
||||
+ if (hashvalue >= 0
|
||||
+ && (unsigned) hashvalue < data->table_size
|
||||
+ && data->table_data[hashvalue] >= 0) {
|
||||
|
||||
real_table = _nc_get_table(termcap);
|
||||
ptr = real_table + data->table_data[hashvalue];
|
||||
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
|
||||
const HashData *data = _nc_get_hash_info(termcap);
|
||||
int hashvalue = data->hash_of(string);
|
||||
|
||||
- if (data->table_data[hashvalue] >= 0) {
|
||||
+ if (hashvalue >= 0
|
||||
+ && (unsigned) hashvalue < data->table_size
|
||||
+ && data->table_data[hashvalue] >= 0) {
|
||||
const struct name_table_entry *const table = _nc_get_table(termcap);
|
||||
|
||||
ptr = table + data->table_data[hashvalue];
|
||||
@ -1,37 +0,0 @@
|
||||
From 07d64f8350b0c0f04ef7f3a43349c188acb4ddd8 Mon Sep 17 00:00:00 2001
|
||||
Date: Wed, 16 Oct 2019 11:20:17 +0800
|
||||
Subject: [PATCH] ncurses: fix CVE-2019-17595
|
||||
|
||||
reason: fix CVE-2019-17595
|
||||
check for missing character after backslash in fmt_entry
|
||||
|
||||
CVE-2019-17595 reference:
|
||||
http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.g
|
||||
z
|
||||
---
|
||||
progs/dump_entry.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/progs/dump_entry.c b/progs/dump_entry.c
|
||||
index 3b1fcb1..67ff5f4 100644
|
||||
--- a/progs/dump_entry.c
|
||||
+++ b/progs/dump_entry.c
|
||||
@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
|
||||
*d++ = '\\';
|
||||
*d = ':';
|
||||
} else if (*d == '\\') {
|
||||
- *++d = *s++;
|
||||
+ if ((*++d = *s++) == '\0')
|
||||
+ break;
|
||||
}
|
||||
d++;
|
||||
*d = '\0';
|
||||
@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping)
|
||||
|
||||
if (VALID_STRING(mapping)) {
|
||||
int n = 0;
|
||||
- while (mapping[n] != '\0') {
|
||||
+ while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
|
||||
if (isLine(mapping[n]) &&
|
||||
mapping[n] != mapping[n + 1]) {
|
||||
result = FALSE;
|
||||
Binary file not shown.
BIN
ncurses-6.1-20191109.tgz
Normal file
BIN
ncurses-6.1-20191109.tgz
Normal file
Binary file not shown.
@ -1,6 +1,18 @@
|
||||
diff -up ncurses-6.1-20180714/misc/ncurses-config.in.config ncurses-6.1-20180714/misc/ncurses-config.in
|
||||
--- ncurses-6.1-20180714/misc/ncurses-config.in.config 2018-06-10 00:29:01.000000000 +0200
|
||||
+++ ncurses-6.1-20180714/misc/ncurses-config.in 2018-07-16 16:23:22.202581815 +0200
|
||||
diff -up ncurses-6.1-20191109/misc/gen-pkgconfig.in.config ncurses-6.1-20191109/misc/gen-pkgconfig.in
|
||||
--- ncurses-6.1-20191109/misc/gen-pkgconfig.in.config 2019-10-13 00:27:10.000000000 +0200
|
||||
+++ ncurses-6.1-20191109/misc/gen-pkgconfig.in 2019-11-12 09:52:09.693017663 +0100
|
||||
@@ -78,7 +78,7 @@ if [ "$includedir" != "/usr/include" ];
|
||||
fi
|
||||
|
||||
lib_flags=
|
||||
-for opt in -L$libdir @LDFLAGS@ @EXTRA_LDFLAGS@ @LIBS@
|
||||
+for opt in -L$libdir @LIBS@
|
||||
do
|
||||
case $opt in
|
||||
-l*) # LIBS is handled specially below
|
||||
diff -up ncurses-6.1-20191109/misc/ncurses-config.in.config ncurses-6.1-20191109/misc/ncurses-config.in
|
||||
--- ncurses-6.1-20191109/misc/ncurses-config.in.config 2019-10-12 23:25:17.000000000 +0200
|
||||
+++ ncurses-6.1-20191109/misc/ncurses-config.in 2019-11-12 09:54:42.069324995 +0100
|
||||
@@ -40,7 +40,6 @@ exec_prefix="@exec_prefix@"
|
||||
|
||||
bindir="@bindir@"
|
||||
@ -9,16 +21,26 @@ diff -up ncurses-6.1-20180714/misc/ncurses-config.in.config ncurses-6.1-20180714
|
||||
datarootdir="@datarootdir@"
|
||||
datadir="@datadir@"
|
||||
mandir="@mandir@"
|
||||
@@ -111,7 +110,7 @@ while test $# -gt 0; do
|
||||
ENDECHO
|
||||
;;
|
||||
--libs)
|
||||
- if test "$libdir" = /usr/lib
|
||||
+ if true
|
||||
then
|
||||
LIBDIR=
|
||||
else
|
||||
@@ -155,7 +154,6 @@ ENDECHO
|
||||
@@ -100,7 +99,7 @@ fi
|
||||
# There is no portable way to find the list of standard library directories.
|
||||
# Require a POSIX shell anyway, to keep this simple.
|
||||
lib_flags=
|
||||
-for opt in -L$libdir @LDFLAGS@ @EXTRA_LDFLAGS@ $LIBS
|
||||
+for opt in $LIBS
|
||||
do
|
||||
case $opt in
|
||||
-Wl,-z,*) # ignore flags used to manipulate shared image
|
||||
@@ -109,9 +108,6 @@ do
|
||||
-L*)
|
||||
[ -d ${opt##-L} ] || continue
|
||||
case ${opt##-L} in
|
||||
- @LD_SEARCHPATH@) # skip standard libdir
|
||||
- continue
|
||||
- ;;
|
||||
*)
|
||||
found=no
|
||||
for check in $lib_flags
|
||||
@@ -231,7 +227,6 @@ ENDECHO
|
||||
echo $INCS
|
||||
;;
|
||||
--libdir)
|
||||
|
||||
@ -1,16 +1,16 @@
|
||||
diff -up ncurses-6.1-20180127/misc/terminfo.src.kbs ncurses-6.1-20180127/misc/terminfo.src
|
||||
--- ncurses-6.1-20180127/misc/terminfo.src.kbs 2018-01-29 10:59:01.644758573 +0100
|
||||
+++ ncurses-6.1-20180127/misc/terminfo.src 2018-01-29 11:02:34.018246276 +0100
|
||||
@@ -5713,7 +5713,7 @@ rxvt-basic|rxvt terminal base (X Window
|
||||
diff -up ncurses-6.1-20191109/misc/terminfo.src.kbs ncurses-6.1-20191109/misc/terminfo.src
|
||||
--- ncurses-6.1-20191109/misc/terminfo.src.kbs 2019-11-12 09:23:27.079543254 +0100
|
||||
+++ ncurses-6.1-20191109/misc/terminfo.src 2019-11-12 09:24:58.622727887 +0100
|
||||
@@ -5952,7 +5952,7 @@ rxvt-basic|rxvt terminal base (X Window
|
||||
enacs=\E(B\E)0, flash=\E[?5h$<100/>\E[?5l, home=\E[H,
|
||||
ht=^I, hts=\EH, ich=\E[%p1%d@, ich1=\E[@, il=\E[%p1%dL,
|
||||
il1=\E[L, ind=\n, is1=\E[?47l\E=\E[?1l,
|
||||
ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L,
|
||||
ind=\n, is1=\E[?47l\E=\E[?1l,
|
||||
- is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kbs=^H,
|
||||
+ is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l,
|
||||
kcbt=\E[Z, kmous=\E[M, rc=\E8, rev=\E[7m, ri=\EM, rmacs=^O,
|
||||
rmcup=\E[2J\E[?47l\E8, rmir=\E[4l, rmkx=\E>, rmso=\E[27m,
|
||||
rmul=\E[24m,
|
||||
@@ -5725,7 +5725,7 @@ rxvt-basic|rxvt terminal base (X Window
|
||||
@@ -5964,7 +5964,7 @@ rxvt-basic|rxvt terminal base (X Window
|
||||
%p9%t\016%e\017%;,
|
||||
sgr0=\E[0m\017, smacs=^N, smcup=\E7\E[?47h, smir=\E[4h,
|
||||
smkx=\E=, smso=\E[7m, smul=\E[4m, tbc=\E[3g, use=vt100+enq,
|
||||
@ -19,7 +19,7 @@ diff -up ncurses-6.1-20180127/misc/terminfo.src.kbs ncurses-6.1-20180127/misc/te
|
||||
# Key Codes from rxvt reference:
|
||||
#
|
||||
# Note: Shift + F1-F10 generates F11-F20
|
||||
@@ -6897,7 +6897,7 @@ screen|VT 100/ANSI X3.64 virtual termina
|
||||
@@ -7467,7 +7467,7 @@ screen|VT 100/ANSI X3.64 virtual termina
|
||||
dl=\E[%p1%dM, dl1=\E[M, ed=\E[J, el=\E[K, el1=\E[1K,
|
||||
enacs=\E(B\E)0, flash=\Eg, home=\E[H, hpa=\E[%i%p1%dG,
|
||||
ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L,
|
||||
@ -28,15 +28,15 @@ diff -up ncurses-6.1-20180127/misc/terminfo.src.kbs ncurses-6.1-20180127/misc/te
|
||||
kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA,
|
||||
kdch1=\E[3~, kend=\E[4~, kf1=\EOP, kf10=\E[21~,
|
||||
kf11=\E[23~, kf12=\E[24~, kf2=\EOQ, kf3=\EOR, kf4=\EOS,
|
||||
@@ -6911,6 +6911,7 @@ screen|VT 100/ANSI X3.64 virtual termina
|
||||
sgr0=\E[m\017, smacs=^N, smcup=\E[?1049h, smir=\E[4h,
|
||||
smkx=\E[?1h\E=, smso=\E[3m, smul=\E[4m, tbc=\E[3g,
|
||||
vpa=\E[%i%p1%dd, E0=\E(B, S0=\E(%p1%c, use=ecma+color,
|
||||
@@ -7481,6 +7481,7 @@ screen|VT 100/ANSI X3.64 virtual termina
|
||||
sgr0=\E[m\017, smacs=^N, smir=\E[4h, smkx=\E[?1h\E=,
|
||||
smso=\E[3m, smul=\E[4m, tbc=\E[3g, vpa=\E[%i%p1%dd,
|
||||
E0=\E(B, S0=\E(%p1%c, use=xterm+alt1049, use=ecma+color,
|
||||
+ use=xterm+kbs,
|
||||
# The bce and status-line entries are from screen 3.9.13 (and require some
|
||||
# changes to .screenrc).
|
||||
screen-bce|VT 100/ANSI X3.64 virtual terminal with bce,
|
||||
@@ -7026,6 +7027,7 @@ screen.xterm-r6|screen customized for X1
|
||||
@@ -7596,6 +7597,7 @@ screen.xterm-r6|screen customized for X1
|
||||
# on Solaris because Sun's curses implementation gets confused.
|
||||
screen.teraterm|disable ncv in teraterm,
|
||||
ncv#127,
|
||||
|
||||
21
ncurses.spec
21
ncurses.spec
@ -1,7 +1,7 @@
|
||||
%global revision 20180923
|
||||
%global revision 20191109
|
||||
Name: ncurses
|
||||
Version: 6.1
|
||||
Release: 12
|
||||
Release: 13
|
||||
Summary: Terminal control library
|
||||
License: MIT
|
||||
URL: https://invisible-island.net/ncurses/ncurses.html
|
||||
@ -12,14 +12,9 @@ Patch9: ncurses-libs.patch
|
||||
Patch11: ncurses-urxvt.patch
|
||||
Patch12: ncurses-kbs.patch
|
||||
|
||||
Patch6000: CVE-2019-17594.patch
|
||||
Patch6001: CVE-2019-17595.patch
|
||||
|
||||
BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
|
||||
|
||||
Obsoletes: ncurses < 5.6-13
|
||||
Obsoletes: libtermcap < 2.0.8-48
|
||||
Obsoletes: termcap < 1:5.5-2
|
||||
Obsoletes: rxvt-unicode-terminfo < 9.22-18
|
||||
Provides: %{name}-base = %{version}-%{release}
|
||||
Obsoletes: %{name}-base < %{version}-%{release}
|
||||
Provides: %{name}-libs = %{version}-%{release}
|
||||
@ -43,8 +38,6 @@ enhancements over BSD curses. SVr4 curses became the basis of X/Open Curses.
|
||||
Summary: Development files for the ncurses library
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
Obsoletes: libtermcap-devel < 2.0.8-48
|
||||
Provides: libtermcap-devel = 2.0.8-48
|
||||
Provides: %{name}-static = %{version}-%{release}
|
||||
Obsoletes: %{name}-static = %{version}-%{release}
|
||||
|
||||
@ -61,6 +54,7 @@ Requires: %{name} = %{version}-%{release}
|
||||
This package contains development documentation, manuals
|
||||
for interface function, and related documents.
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-%{version}-%{revision} -p1
|
||||
|
||||
@ -167,7 +161,7 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/ncurses*5-config
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/terminfo
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*_g.pc
|
||||
|
||||
bzip2 NEWS
|
||||
xz NEWS
|
||||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
@ -193,7 +187,7 @@ bzip2 NEWS
|
||||
%{_includedir}/*.h
|
||||
|
||||
%files help
|
||||
%doc NEWS.bz2 README TO-DO
|
||||
%doc NEWS.xz README TO-DO
|
||||
%doc doc/html/hackguide.html
|
||||
%doc doc/html/ncurses-intro.html
|
||||
%doc misc/ncurses.supp
|
||||
@ -205,6 +199,9 @@ bzip2 NEWS
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.1-13
|
||||
- update to 20191102
|
||||
|
||||
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 6.1-12
|
||||
- Type:cves
|
||||
- ID:CVE-2019-17594 CVE-2019-17595
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user