packages/ncurses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!16 fix CVE-2021-39537

Browse Source 
From: @haochenstar
Reviewed-by: @yanan-rock
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2021-10-12 03:56:22 +00:00 committed by Gitee
commit 645e9f1206
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
backport-CVE-2021-39537-add-check-for-end-of-string-in-cvtchar-to-handle-a-malformed.patch Normal file
View File

@ -0,0 +1,46 @@
From 790a85dbd4a81d5f5d8dd02a44d84f01512ef443 Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Mon, 1 Jun 2020 00:02:30 +0000
Subject: [PATCH] ncurses 6.2 - patch 20200531
+ correct configure version-check/warnng for g++ to allow for 10.x
+ re-enable "bel" in konsole-base (report by Nia Huang)
+ add linux-s entry (patch by Alexandre Montaron).
+ drop long-obsolete convert_configure.pl
+ add test/test_parm.c, for checking tparm changes.
+ improve parameter-checking for tparm, adding function _nc_tiparm() to
handle the most-used case, which accepts only numeric parameters
(report/testcase by "puppet-meteor").
+ use a more conservative estimate of the buffer-size in lib_tparm.c's
save_text() and save_number(), in case the sprintf() function
passes-through unexpected characters from a format specifier
(report/testcase by "puppet-meteor").
+ add a check for end-of-string in cvtchar to handle a malformed
string in infotocap (report/testcase by "puppet-meteor").
---
ncurses/tinfo/captoinfo.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
index 8b3b83d..f0b8c31 100644
--- a/ncurses/tinfo/captoinfo.c
+++ b/ncurses/tinfo/captoinfo.c
@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
}
break;
case '^':
+ len = 2;
c = UChar(*++sp);
- if (c == '?')
+ if (c == '?') {
c = 127;
- else
+ } else if (c == '\0') {
+ len = 1;
+ } else {
c &= 0x1f;
- len = 2;
+ }
break;
default:
c = UChar(*sp);

10
ncurses.spec
View File

@ -1,7 +1,7 @@
%global revision 20200411
Name: ncurses
Version: 6.2
Release: 1
Release: 2
Summary: Terminal control library
License: MIT
URL: https://invisible-island.net/ncurses/ncurses.html
@ -12,6 +12,8 @@ Patch9: ncurses-libs.patch
Patch11: ncurses-urxvt.patch
Patch12: ncurses-kbs.patch
Patch6000: backport-CVE-2021-39537-add-check-for-end-of-string-in-cvtchar-to-handle-a-malformed.patch
BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
Requires: %{name}-base = %{version}-%{release}
@ -221,6 +223,12 @@ xz NEWS
%{_mandir}/man7/*
%changelog
* Tue Oct 12 2021 xihaochen<xihaochen@huawei.com> - 6.2-2
- Type:CVE
- CVE:CVE-2021-39537
- SUG:NA
- DESC:fix CVE-2021-39537
* Thu Apr 16 2020 huzunhao <huzunhao2@huawei.com> - 6.2-1
- Type:bugfix
- Id:NA