From 92b59e8b47683a780091ef8e1f027759a62103ed Mon Sep 17 00:00:00 2001 From: WB02254423 Date: Wed, 13 Aug 2025 01:19:22 -0400 Subject: [PATCH] Add patch to fix CVE-2025-6141 --- 1001-fix-CVE-2025-6141.patch | 34 ++++++++++++++++++++++++++++++++++ ncurses.spec | 9 +++++++-- 2 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 1001-fix-CVE-2025-6141.patch diff --git a/1001-fix-CVE-2025-6141.patch b/1001-fix-CVE-2025-6141.patch new file mode 100644 index 0000000..9613e4f --- /dev/null +++ b/1001-fix-CVE-2025-6141.patch @@ -0,0 +1,34 @@ +From 03d2fb8ab61e34daf0590c2c5adf758b952767a4 Mon Sep 17 00:00:00 2001 +From: WB02254423 +Date: Wed, 13 Aug 2025 01:16:20 -0400 +Subject: [PATCH 1/1] fix CVE-2025-6141 + +--- + ncurses/tinfo/parse_entry.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c +index 13fef49..481260d 100644 +--- a/ncurses/tinfo/parse_entry.c ++++ b/ncurses/tinfo/parse_entry.c +@@ -48,7 +48,7 @@ + #include + #include + +-MODULE_ID("$Id: parse_entry.c,v 1.108 2023/04/24 22:32:33 tom Exp $") ++MODULE_ID("$Id: parse_entry.c,v 1.116 2025/03/24 22:27:29 tom Exp $") + + #ifdef LINT + static short const parametrized[] = +@@ -985,6 +985,8 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base) + bp = tp->Strings[from_ptr->nte_index]; + if (VALID_STRING(bp)) { + for (dp = buf2; *bp; bp++) { ++ if ((size_t) (dp - buf2) >= (sizeof(buf2) - sizeof(TERMTYPE2))) ++ break; + if (bp[0] == '$' && bp[1] == '<') { + while (*bp && *bp != '>') { + ++bp; +-- +2.47.3 + diff --git a/ncurses.spec b/ncurses.spec index 4c24013..8750e07 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -1,4 +1,4 @@ -%define anolis_release 4 +%define anolis_release 5 %define ver 6.4 %define patchdate 20240127 @@ -11,7 +11,9 @@ Summary: Ncurses support utilities License: MIT URL: https://invisible-island.net/ncurses/ncurses.html Source0: https://invisible-mirror.net/archives/ncurses/current/ncurses-%{ver}-%{patchdate}.tgz -Patch0: 0001-add-sw_64-arch-support.patch +Patch0: 0001-add-sw_64-arch-support.patch +# https://github.com/ThomasDickey/ncurses-snapshots/commit/27d1493340d714e7be6e08c0a8f43e48276149c4 +Patch1: 1001-fix-CVE-2025-6141.patch BuildRequires: gcc gcc-c++ gpm-devel gnupg2 make Requires: %{name}-libs = %{epoch}:%{version}-%{release} @@ -304,6 +306,9 @@ xz NEWS %changelog +* Wed Aug 13 2025 mgb01105731 - 6.4-5 +- Add patch to fix CVE-2025-6141 + * Wed Apr 23 2025 Dong Chuanjian - 6.4-4 - Add sw_64 support -- Gitee