Package init

CVE-2019-17594.patch

@@ -0,0 +1,39 @@
+From e414438ddee26bcb081881d035dc9e247ddba0c3 Mon Sep 17 00:00:00 2001
+Date: Wed, 16 Oct 2019 11:01:37 +0800
+Subject: [PATCH] ncurses: fix CVE-2019-17594
+
+reason:fix CVE-2019-17594
+check for invalid hashcode in _nc_find_entry
+
+CVE-2019-17594 reference:
+http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.gz
+---
+ ncurses/tinfo/comp_hash.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
+index 959c6e1..4183f68 100644
+--- a/ncurses/tinfo/comp_hash.c
++++ b/ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+ 
+     hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 
+ 	real_table = _nc_get_table(termcap);
+ 	ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+     const HashData *data = _nc_get_hash_info(termcap);
+     int hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 	const struct name_table_entry *const table = _nc_get_table(termcap);
+ 
+ 	ptr = table + data->table_data[hashvalue];

CVE-2019-17595.patch

@@ -0,0 +1,37 @@
+From 07d64f8350b0c0f04ef7f3a43349c188acb4ddd8 Mon Sep 17 00:00:00 2001
+Date: Wed, 16 Oct 2019 11:20:17 +0800
+Subject: [PATCH] ncurses: fix CVE-2019-17595
+
+reason: fix CVE-2019-17595
+check for missing character after backslash in fmt_entry
+
+CVE-2019-17595 reference:
+http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.g
+z
+---
+ progs/dump_entry.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/progs/dump_entry.c b/progs/dump_entry.c
+index 3b1fcb1..67ff5f4 100644
+--- a/progs/dump_entry.c
++++ b/progs/dump_entry.c
+@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm,
+ 				*d++ = '\\';
+ 				*d = ':';
+ 			    } else if (*d == '\\') {
+-				*++d = *s++;
++				if ((*++d = *s++) == '\0')
++				    break;
+ 			    }
+ 			    d++;
+ 			    *d = '\0';
+@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping)
+ 
+     if (VALID_STRING(mapping)) {
+ 	int n = 0;
+-	while (mapping[n] != '\0') {
++	while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
+ 	    if (isLine(mapping[n]) &&
+ 		mapping[n] != mapping[n + 1]) {
+ 		result = FALSE;

ncurses.spec

@@ -1,7 +1,7 @@
 %global revision 20180923
 Name:          ncurses
 Version:       6.1
-Release:       11
+Release:       12
 Summary:       Terminal control library
 License:       MIT
 URL:           https://invisible-island.net/ncurses/ncurses.html
@@ -11,6 +11,10 @@ Patch8:        ncurses-config.patch
 Patch9:        ncurses-libs.patch
 Patch11:       ncurses-urxvt.patch
 Patch12:       ncurses-kbs.patch
+
+Patch6000:     CVE-2019-17594.patch
+Patch6001:     CVE-2019-17595.patch
+
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 
 Obsoletes:     ncurses < 5.6-13
@@ -201,6 +205,12 @@ bzip2 NEWS
 
 
 %changelog
+* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 6.1-12
+- Type:cves
+- ID:CVE-2019-17594  CVE-2019-17595
+- SUG:NA
+- DESC:fix CVE-2019-17594 and CVE-2019-17595
+
 * Wed Oct 30 2019 shenyangyang <shenyangyang4@huawei.com> - 6.1-11
 - Type:enhancement
 - ID:NA
@@ -211,7 +221,6 @@ bzip2 NEWS
 - Type:enhancement
 - ID:NA
 - SUG:NA
-- DESC:add ncurses-compat-libs%{?isa} that required by redhat-lsb-core
+- DESC:add ncurses-compat-libs%{?isa}
-
 * Wed Sep 18 2019 openEuler Buildteam <buildteam@openeuler.org> - 6.1-9
 - Package init