diff --git a/CVE-2019-17594.patch b/CVE-2019-17594.patch deleted file mode 100644 index 8bc4175b570d47285697201333b49ecfa60e3957..0000000000000000000000000000000000000000 --- a/CVE-2019-17594.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e414438ddee26bcb081881d035dc9e247ddba0c3 Mon Sep 17 00:00:00 2001 -Date: Wed, 16 Oct 2019 11:01:37 +0800 -Subject: [PATCH] ncurses: fix CVE-2019-17594 - -reason:fix CVE-2019-17594 -check for invalid hashcode in _nc_find_entry - -CVE-2019-17594 reference: -http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.gz ---- - ncurses/tinfo/comp_hash.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c -index 959c6e1..4183f68 100644 ---- a/ncurses/tinfo/comp_hash.c -+++ b/ncurses/tinfo/comp_hash.c -@@ -63,7 +63,9 @@ _nc_find_entry(const char *string, - - hashvalue = data->hash_of(string); - -- if (data->table_data[hashvalue] >= 0) { -+ if (hashvalue >= 0 -+ && (unsigned) hashvalue < data->table_size -+ && data->table_data[hashvalue] >= 0) { - - real_table = _nc_get_table(termcap); - ptr = real_table + data->table_data[hashvalue]; -@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string, - const HashData *data = _nc_get_hash_info(termcap); - int hashvalue = data->hash_of(string); - -- if (data->table_data[hashvalue] >= 0) { -+ if (hashvalue >= 0 -+ && (unsigned) hashvalue < data->table_size -+ && data->table_data[hashvalue] >= 0) { - const struct name_table_entry *const table = _nc_get_table(termcap); - - ptr = table + data->table_data[hashvalue]; diff --git a/CVE-2019-17595.patch b/CVE-2019-17595.patch deleted file mode 100644 index e1951f113f465878c90c993a5a687f37497f38e0..0000000000000000000000000000000000000000 --- a/CVE-2019-17595.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 07d64f8350b0c0f04ef7f3a43349c188acb4ddd8 Mon Sep 17 00:00:00 2001 -Date: Wed, 16 Oct 2019 11:20:17 +0800 -Subject: [PATCH] ncurses: fix CVE-2019-17595 - -reason: fix CVE-2019-17595 -check for missing character after backslash in fmt_entry - -CVE-2019-17595 reference: -http://invisible-mirror.net/archives/ncurses/6.1/ncurses-6.1-20191012.patch.g -z ---- - progs/dump_entry.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/progs/dump_entry.c b/progs/dump_entry.c -index 3b1fcb1..67ff5f4 100644 ---- a/progs/dump_entry.c -+++ b/progs/dump_entry.c -@@ -1110,7 +1110,8 @@ fmt_entry(TERMTYPE2 *tterm, - *d++ = '\\'; - *d = ':'; - } else if (*d == '\\') { -- *++d = *s++; -+ if ((*++d = *s++) == '\0') -+ break; - } - d++; - *d = '\0'; -@@ -1370,7 +1371,7 @@ one_one_mapping(const char *mapping) - - if (VALID_STRING(mapping)) { - int n = 0; -- while (mapping[n] != '\0') { -+ while (mapping[n] != '\0' && mapping[n + 1] != '\0') { - if (isLine(mapping[n]) && - mapping[n] != mapping[n + 1]) { - result = FALSE; diff --git a/ncurses-6.1-20180923.tgz b/ncurses-6.1-20191109.tgz similarity index 31% rename from ncurses-6.1-20180923.tgz rename to ncurses-6.1-20191109.tgz index c7af878043568e765e29493873508af1e3041570..6349f25ff403f826934f6fbaefd65d9883edbde2 100644 Binary files a/ncurses-6.1-20180923.tgz and b/ncurses-6.1-20191109.tgz differ diff --git a/ncurses-config.patch b/ncurses-config.patch index 4fcc35bf3bf0e483f8883727a830cd38f1b4a327..58722e9d2d1cf6126bbc56d5c144d6d2019f8df5 100644 --- a/ncurses-config.patch +++ b/ncurses-config.patch @@ -1,6 +1,18 @@ -diff -up ncurses-6.1-20180714/misc/ncurses-config.in.config ncurses-6.1-20180714/misc/ncurses-config.in ---- ncurses-6.1-20180714/misc/ncurses-config.in.config 2018-06-10 00:29:01.000000000 +0200 -+++ ncurses-6.1-20180714/misc/ncurses-config.in 2018-07-16 16:23:22.202581815 +0200 +diff -up ncurses-6.1-20191109/misc/gen-pkgconfig.in.config ncurses-6.1-20191109/misc/gen-pkgconfig.in +--- ncurses-6.1-20191109/misc/gen-pkgconfig.in.config 2019-10-13 00:27:10.000000000 +0200 ++++ ncurses-6.1-20191109/misc/gen-pkgconfig.in 2019-11-12 09:52:09.693017663 +0100 +@@ -78,7 +78,7 @@ if [ "$includedir" != "/usr/include" ]; + fi + + lib_flags= +-for opt in -L$libdir @LDFLAGS@ @EXTRA_LDFLAGS@ @LIBS@ ++for opt in -L$libdir @LIBS@ + do + case $opt in + -l*) # LIBS is handled specially below +diff -up ncurses-6.1-20191109/misc/ncurses-config.in.config ncurses-6.1-20191109/misc/ncurses-config.in +--- ncurses-6.1-20191109/misc/ncurses-config.in.config 2019-10-12 23:25:17.000000000 +0200 ++++ ncurses-6.1-20191109/misc/ncurses-config.in 2019-11-12 09:54:42.069324995 +0100 @@ -40,7 +40,6 @@ exec_prefix="@exec_prefix@" bindir="@bindir@" @@ -9,16 +21,26 @@ diff -up ncurses-6.1-20180714/misc/ncurses-config.in.config ncurses-6.1-20180714 datarootdir="@datarootdir@" datadir="@datadir@" mandir="@mandir@" -@@ -111,7 +110,7 @@ while test $# -gt 0; do - ENDECHO - ;; - --libs) -- if test "$libdir" = /usr/lib -+ if true - then - LIBDIR= - else -@@ -155,7 +154,6 @@ ENDECHO +@@ -100,7 +99,7 @@ fi + # There is no portable way to find the list of standard library directories. + # Require a POSIX shell anyway, to keep this simple. + lib_flags= +-for opt in -L$libdir @LDFLAGS@ @EXTRA_LDFLAGS@ $LIBS ++for opt in $LIBS + do + case $opt in + -Wl,-z,*) # ignore flags used to manipulate shared image +@@ -109,9 +108,6 @@ do + -L*) + [ -d ${opt##-L} ] || continue + case ${opt##-L} in +- @LD_SEARCHPATH@) # skip standard libdir +- continue +- ;; + *) + found=no + for check in $lib_flags +@@ -231,7 +227,6 @@ ENDECHO echo $INCS ;; --libdir) diff --git a/ncurses-kbs.patch b/ncurses-kbs.patch index 0ff3f109f1d0e642856401b805e07c6114ebe37e..6fcef92992ae7ebf322c206c535c6d24753cff02 100644 --- a/ncurses-kbs.patch +++ b/ncurses-kbs.patch @@ -1,16 +1,16 @@ -diff -up ncurses-6.1-20180127/misc/terminfo.src.kbs ncurses-6.1-20180127/misc/terminfo.src ---- ncurses-6.1-20180127/misc/terminfo.src.kbs 2018-01-29 10:59:01.644758573 +0100 -+++ ncurses-6.1-20180127/misc/terminfo.src 2018-01-29 11:02:34.018246276 +0100 -@@ -5713,7 +5713,7 @@ rxvt-basic|rxvt terminal base (X Window +diff -up ncurses-6.1-20191109/misc/terminfo.src.kbs ncurses-6.1-20191109/misc/terminfo.src +--- ncurses-6.1-20191109/misc/terminfo.src.kbs 2019-11-12 09:23:27.079543254 +0100 ++++ ncurses-6.1-20191109/misc/terminfo.src 2019-11-12 09:24:58.622727887 +0100 +@@ -5952,7 +5952,7 @@ rxvt-basic|rxvt terminal base (X Window enacs=\E(B\E)0, flash=\E[?5h$<100/>\E[?5l, home=\E[H, - ht=^I, hts=\EH, ich=\E[%p1%d@, ich1=\E[@, il=\E[%p1%dL, - il1=\E[L, ind=\n, is1=\E[?47l\E=\E[?1l, + ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, + ind=\n, is1=\E[?47l\E=\E[?1l, - is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kbs=^H, + is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kcbt=\E[Z, kmous=\E[M, rc=\E8, rev=\E[7m, ri=\EM, rmacs=^O, rmcup=\E[2J\E[?47l\E8, rmir=\E[4l, rmkx=\E>, rmso=\E[27m, rmul=\E[24m, -@@ -5725,7 +5725,7 @@ rxvt-basic|rxvt terminal base (X Window +@@ -5964,7 +5964,7 @@ rxvt-basic|rxvt terminal base (X Window %p9%t\016%e\017%;, sgr0=\E[0m\017, smacs=^N, smcup=\E7\E[?47h, smir=\E[4h, smkx=\E=, smso=\E[7m, smul=\E[4m, tbc=\E[3g, use=vt100+enq, @@ -19,7 +19,7 @@ diff -up ncurses-6.1-20180127/misc/terminfo.src.kbs ncurses-6.1-20180127/misc/te # Key Codes from rxvt reference: # # Note: Shift + F1-F10 generates F11-F20 -@@ -6897,7 +6897,7 @@ screen|VT 100/ANSI X3.64 virtual termina +@@ -7467,7 +7467,7 @@ screen|VT 100/ANSI X3.64 virtual termina dl=\E[%p1%dM, dl1=\E[M, ed=\E[J, el=\E[K, el1=\E[1K, enacs=\E(B\E)0, flash=\Eg, home=\E[H, hpa=\E[%i%p1%dG, ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, @@ -28,15 +28,15 @@ diff -up ncurses-6.1-20180127/misc/terminfo.src.kbs ncurses-6.1-20180127/misc/te kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA, kdch1=\E[3~, kend=\E[4~, kf1=\EOP, kf10=\E[21~, kf11=\E[23~, kf12=\E[24~, kf2=\EOQ, kf3=\EOR, kf4=\EOS, -@@ -6911,6 +6911,7 @@ screen|VT 100/ANSI X3.64 virtual termina - sgr0=\E[m\017, smacs=^N, smcup=\E[?1049h, smir=\E[4h, - smkx=\E[?1h\E=, smso=\E[3m, smul=\E[4m, tbc=\E[3g, - vpa=\E[%i%p1%dd, E0=\E(B, S0=\E(%p1%c, use=ecma+color, +@@ -7481,6 +7481,7 @@ screen|VT 100/ANSI X3.64 virtual termina + sgr0=\E[m\017, smacs=^N, smir=\E[4h, smkx=\E[?1h\E=, + smso=\E[3m, smul=\E[4m, tbc=\E[3g, vpa=\E[%i%p1%dd, + E0=\E(B, S0=\E(%p1%c, use=xterm+alt1049, use=ecma+color, + use=xterm+kbs, # The bce and status-line entries are from screen 3.9.13 (and require some # changes to .screenrc). screen-bce|VT 100/ANSI X3.64 virtual terminal with bce, -@@ -7026,6 +7027,7 @@ screen.xterm-r6|screen customized for X1 +@@ -7596,6 +7597,7 @@ screen.xterm-r6|screen customized for X1 # on Solaris because Sun's curses implementation gets confused. screen.teraterm|disable ncv in teraterm, ncv#127, diff --git a/ncurses.spec b/ncurses.spec index 7a8b4efbe3c1233c5f2fffdcbc40182b4810a797..8eeed67e9984e2af05ec007a140d1728522ce58b 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -1,7 +1,7 @@ -%global revision 20180923 +%global revision 20191109 Name: ncurses Version: 6.1 -Release: 12 +Release: 13 Summary: Terminal control library License: MIT URL: https://invisible-island.net/ncurses/ncurses.html @@ -12,14 +12,9 @@ Patch9: ncurses-libs.patch Patch11: ncurses-urxvt.patch Patch12: ncurses-kbs.patch -Patch6000: CVE-2019-17594.patch -Patch6001: CVE-2019-17595.patch - BuildRequires: gcc gcc-c++ gpm-devel pkgconfig -Obsoletes: ncurses < 5.6-13 -Obsoletes: libtermcap < 2.0.8-48 -Obsoletes: termcap < 1:5.5-2 +Obsoletes: rxvt-unicode-terminfo < 9.22-18 Provides: %{name}-base = %{version}-%{release} Obsoletes: %{name}-base < %{version}-%{release} Provides: %{name}-libs = %{version}-%{release} @@ -43,8 +38,6 @@ enhancements over BSD curses. SVr4 curses became the basis of X/Open Curses. Summary: Development files for the ncurses library Requires: %{name} = %{version}-%{release} Requires: pkgconfig -Obsoletes: libtermcap-devel < 2.0.8-48 -Provides: libtermcap-devel = 2.0.8-48 Provides: %{name}-static = %{version}-%{release} Obsoletes: %{name}-static = %{version}-%{release} @@ -61,6 +54,7 @@ Requires: %{name} = %{version}-%{release} This package contains development documentation, manuals for interface function, and related documents. + %prep %autosetup -n %{name}-%{version}-%{revision} -p1 @@ -167,7 +161,7 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/ncurses*5-config rm -f $RPM_BUILD_ROOT%{_libdir}/terminfo rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*_g.pc -bzip2 NEWS +xz NEWS %ldconfig_scriptlets @@ -193,7 +187,7 @@ bzip2 NEWS %{_includedir}/*.h %files help -%doc NEWS.bz2 README TO-DO +%doc NEWS.xz README TO-DO %doc doc/html/hackguide.html %doc doc/html/ncurses-intro.html %doc misc/ncurses.supp @@ -205,6 +199,9 @@ bzip2 NEWS %changelog +* Fri Jan 10 2020 openEuler Buildteam - 6.1-13 +- update to 20191102 + * Sat Dec 21 2019 openEuler Buildteam - 6.1-12 - Type:cves - ID:CVE-2019-17594 CVE-2019-17595