diff --git a/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch b/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch deleted file mode 100644 index a7c8797cbca4c2ab004d577328b6539086986ecd..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001 -From: Sven Joachim -Date: Mon, 1 May 2023 11:31:39 +0200 -Subject: [PATCH] Fix the --disable-root-args and --disable-root-environ - options - -Due to a copy/paste error, the "--disable-root-environ" configure -option performed the actions of the "--disable-root-access" option, -while the latter option had no effect at all. - -Conflict:add configure file changes based on community -Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70 ---- - configure | 6 +++--- - configure.in | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure b/configure -index 4c39d24..a8e683e 100755 ---- a/configure -+++ b/configure -@@ -9501,9 +9501,9 @@ EOF - echo "$as_me:9501: checking if you want to permit setuid programs to access all files" >&5 - echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6 - --# Check whether --enable-root-environ or --disable-root-environ was given. --if test "${enable_root_environ+set}" = set; then -- enableval="$enable_root_environ" -+# Check whether --enable-root-access or --disable-root-access was given. -+if test "${enable_root_access+set}" = set; then -+ enableval="$enable_root_access" - with_root_access=$enableval - else - with_root_access=yes -diff --git a/configure.in b/configure.in -index 093dd47..a63cdf7 100644 ---- a/configure.in -+++ b/configure.in -@@ -868,7 +868,7 @@ AC_MSG_RESULT($with_root_environ) - test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,[Define to 1 if root is allowed to use ncurses environment]) - - AC_MSG_CHECKING(if you want to permit setuid programs to access all files) --AC_ARG_ENABLE(root-environ, -+AC_ARG_ENABLE(root-access, - [ --disable-root-access restrict file-access when running setuid], - [with_root_access=$enableval], - [with_root_access=yes]) --- -2.33.0 - diff --git a/backport-0002-CVE-2023-29491-env-access.patch b/backport-0002-CVE-2023-29491-env-access.patch deleted file mode 100644 index bcbcc114554fb0e6057e1f50c9b7e7a52f3323ca..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2023-29491-env-access.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001 -From: Sven Joachim -Date: Mon, 1 May 2023 11:32:01 +0200 -Subject: [PATCH] Change the behavior of the "--disable-root-environ" option - -The new patch debian-env-access.diff makes the -"--disable-root-environ" configure option functionally equivalent to -the --disable-setuid-environ" option that has been added in the -20230425 upstream patchlevel. - -Conflict:NA -Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869 ---- - ncurses/tinfo/access.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c -index a735db2..c9f8660 100644 ---- a/ncurses/tinfo/access.c -+++ b/ncurses/tinfo/access.c -@@ -215,8 +215,6 @@ _nc_env_access(void) - - if (is_elevated()) { - result = FALSE; -- } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) { -- result = FALSE; - } - return result; - } --- -2.33.0 - diff --git a/backport-CVE-2023-45918.patch b/backport-CVE-2023-45918.patch deleted file mode 100644 index 96805f832f8a2a2477b73e64c66e8d4ab82c5226..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-45918.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 6107f670972c4bb79b5f8cfb1f12cc037271a7ee Mon Sep 17 00:00:00 2001 -From: "Thomas E. Dickey" -Date: Thu, 15 Jun 2023 20:51:06 +0000 -Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230615 - -Conflict:remove unnecessary modifications -Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/6107f670972c4bb79b5f8cfb1f12cc037271a7ee ---- - ncurses/tinfo/comp_error.c | 17 +++++--- - ncurses/tinfo/read_entry.c | 67 ++++++++++++++++++++++---------- - 2 files changed, 57 insertions(+), 27 deletions(-) - -diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c -index aa745a6df..3e6b4022a 100644 ---- a/ncurses/tinfo/comp_error.c -+++ b/ncurses/tinfo/comp_error.c -@@ -42,7 +42,7 @@ - - #include - --MODULE_ID("$Id: comp_error.c,v 1.40 2020/02/02 23:34:34 tom Exp $") -+MODULE_ID("$Id: comp_error.c,v 1.44 2023/06/15 20:27:02 tom Exp $") - - NCURSES_EXPORT_VAR(bool) _nc_suppress_warnings = FALSE; - NCURSES_EXPORT_VAR(int) _nc_curr_line = 0; /* current line # in input */ -@@ -60,8 +60,15 @@ _nc_get_source(void) - NCURSES_EXPORT(void) - _nc_set_source(const char *const name) - { -- FreeIfNeeded(SourceName); -- SourceName = strdup(name); -+ if (name == NULL) { -+ free(SourceName); -+ SourceName = NULL; -+ } else if (SourceName == NULL) { -+ SourceName = strdup(name); -+ } else if (strcmp(name, SourceName)) { -+ free(SourceName); -+ SourceName = strdup(name); -+ } - } - - NCURSES_EXPORT(void) -@@ -95,9 +102,9 @@ static NCURSES_INLINE void - where_is_problem(void) - { - fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?"); -- if (_nc_curr_line >= 0) -+ if (_nc_curr_line > 0) - fprintf(stderr, ", line %d", _nc_curr_line); -- if (_nc_curr_col >= 0) -+ if (_nc_curr_col > 0) - fprintf(stderr, ", col %d", _nc_curr_col); - if (TermType != 0 && TermType[0] != '\0') - fprintf(stderr, ", terminal '%s'", TermType); -diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c -index 87e422aee..762c6c68c 100644 ---- a/ncurses/tinfo/read_entry.c -+++ b/ncurses/tinfo/read_entry.c -@@ -42,7 +42,7 @@ - - #include - --MODULE_ID("$Id: read_entry.c,v 1.164 2022/05/08 00:11:44 tom Exp $") -+MODULE_ID("$Id: read_entry.c,v 1.169 2023/06/15 20:51:06 tom Exp $") - - #define MyNumber(n) (short) LOW_MSB(n) - -@@ -138,12 +138,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count) - } - #endif - --static void --convert_strings(char *buf, char **Strings, int count, int size, char *table) -+static bool -+convert_strings(char *buf, char **Strings, int count, int size, -+ char *table, bool always) - { - int i; - char *p; -- bool corrupt = FALSE; -+ bool success = TRUE; - - for (i = 0; i < count; i++) { - if (IS_NEG1(buf + 2 * i)) { -@@ -159,13 +160,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) - TR(TRACE_DATABASE, ("Strings[%d] = %s", i, - _nc_visbuf(Strings[i]))); - } else { -- if (!corrupt) { -- corrupt = TRUE; -- TR(TRACE_DATABASE, -- ("ignore out-of-range index %d to Strings[]", nn)); -- _nc_warning("corrupt data found in convert_strings"); -- } -- Strings[i] = ABSENT_STRING; -+ TR(TRACE_DATABASE, -+ ("found out-of-range index %d to Strings[%d]", nn, i)); -+ success = FALSE; -+ break; - } - } - -@@ -175,10 +173,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) - if (*p == '\0') - break; - /* if there is no NUL, ignore the string */ -- if (p >= table + size) -+ if (p >= table + size) { - Strings[i] = ABSENT_STRING; -+ } else if (p == Strings[i] && always) { -+ TR(TRACE_DATABASE, -+ ("found empty but required Strings[%d]", i)); -+ success = FALSE; -+ break; -+ } -+ } else if (always) { /* names are always needed */ -+ TR(TRACE_DATABASE, -+ ("found invalid but required Strings[%d]", i)); -+ success = FALSE; -+ break; - } - } -+ if (!success) { -+ _nc_warning("corrupt data found in convert_strings"); -+ } -+ return success; - } - - static int -@@ -382,7 +395,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) - if (Read(string_table, (unsigned) str_size) != str_size) { - returnDB(TGETENT_NO); - } -- convert_strings(buf, ptr->Strings, str_count, str_size, string_table); -+ if (!convert_strings(buf, ptr->Strings, str_count, str_size, -+ string_table, FALSE)) { -+ returnDB(TGETENT_NO); -+ } - } - #if NCURSES_XNAMES - -@@ -483,8 +499,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) - ("Before computing extended-string capabilities " - "str_count=%d, ext_str_count=%d", - str_count, ext_str_count)); -- convert_strings(buf, ptr->Strings + str_count, ext_str_count, -- ext_str_limit, ptr->ext_str_table); -+ if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count, -+ ext_str_limit, ptr->ext_str_table, FALSE)) { -+ returnDB(TGETENT_NO); -+ } - for (i = ext_str_count - 1; i >= 0; i--) { - TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s", - i, i + str_count, -@@ -516,10 +534,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit) - TR(TRACE_DATABASE, - ("ext_NAMES starting @%d in extended_strings, first = %s", - base, _nc_visbuf(ptr->ext_str_table + base))); -- convert_strings(buf + (2 * ext_str_count), -- ptr->ext_Names, -- (int) need, -- ext_str_limit, ptr->ext_str_table + base); -+ if (!convert_strings(buf + (2 * ext_str_count), -+ ptr->ext_Names, -+ (int) need, -+ ext_str_limit, ptr->ext_str_table + base, -+ TRUE)) { -+ returnDB(TGETENT_NO); -+ } - } - - TR(TRACE_DATABASE, -@@ -572,13 +593,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr) - int limit; - char buffer[MAX_ENTRY_SIZE + 1]; - -- if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp)) -- > 0) { -+ limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp); -+ if (limit > 0) { -+ const char *old_source = _nc_get_source(); - - TR(TRACE_DATABASE, ("read terminfo %s", filename)); -+ if (old_source == NULL) -+ _nc_set_source(filename); - if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) { - _nc_free_termtype2(ptr); - } -+ _nc_set_source(old_source); - } else { - code = TGETENT_NO; - } - diff --git a/backport-CVE-2023-50495.patch b/backport-CVE-2023-50495.patch deleted file mode 100644 index 590e594a8811f7b260dc85a644fa59e94e468fc0..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-50495.patch +++ /dev/null @@ -1,92 +0,0 @@ -From efe9674ee14b14b788f9618941f97d31742f0adc Mon Sep 17 00:00:00 2001 -From: "Thomas E. Dickey" -Date: Mon, 24 Apr 2023 23:14:45 +0000 -Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230424 - -Conflict:remove unnecessary modifications -Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc#diff-92910179510f7aaf9b70441f3c70521140faa34a192f9e28671ee40bbf052dc4 ---- - ncurses/tinfo/parse_entry.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c -index a77cd0b..5390146 100644 ---- a/ncurses/tinfo/parse_entry.c -+++ b/ncurses/tinfo/parse_entry.c -@@ -1,5 +1,5 @@ - /**************************************************************************** -- * Copyright 2018-2021,2022 Thomas E. Dickey * -+ * Copyright 2018-2022,2023 Thomas E. Dickey * - * Copyright 1998-2016,2017 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * -@@ -48,7 +48,7 @@ - #include - #include - --MODULE_ID("$Id: parse_entry.c,v 1.107 2022/05/08 00:11:44 tom Exp $") -+MODULE_ID("$Id: parse_entry.c,v 1.108 2023/04/24 22:32:33 tom Exp $") - - #ifdef LINT - static short const parametrized[] = -@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) - /* Well, we are given a cancel for a name that we don't recognize */ - return _nc_extend_names(entryp, name, STRING); - default: -- return 0; -+ return NULL; - } - - /* Adjust the 'offset' (insertion-point) to keep the lists of extended -@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) - for (last = (unsigned) (max - 1); last > tindex; last--) - - if (!found) { -+ char *saved; -+ -+ if ((saved = _nc_save_str(name)) == NULL) -+ return NULL; -+ - switch (token_type) { - case BOOLEAN: - tp->ext_Booleans++; -@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type) - TYPE_REALLOC(char *, actual, tp->ext_Names); - while (--actual > offset) - tp->ext_Names[actual] = tp->ext_Names[actual - 1]; -- tp->ext_Names[offset] = _nc_save_str(name); -+ tp->ext_Names[offset] = saved; - } - - temp.nte_name = tp->ext_Names[offset]; -@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0); - bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0); - if (is_use || is_tc) { -+ char *saved; -+ - if (!VALID_STRING(_nc_curr_token.tk_valstring) - || _nc_curr_token.tk_valstring[0] == '\0') { - _nc_warning("missing name for use-clause"); -@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent) - _nc_curr_token.tk_valstring); - continue; - } -- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); -- entryp->uses[entryp->nuses].line = _nc_curr_line; -- entryp->nuses++; -- if (entryp->nuses > 1 && is_tc) { -- BAD_TC_USAGE -+ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) { -+ entryp->uses[entryp->nuses].name = saved; -+ entryp->uses[entryp->nuses].line = _nc_curr_line; -+ entryp->nuses++; -+ if (entryp->nuses > 1 && is_tc) { -+ BAD_TC_USAGE -+ } - } - } else { - /* normal token lookup */ --- -2.33.0 - diff --git a/backport-fix-coredump-when-use-Memmove.patch b/backport-fix-coredump-when-use-Memmove.patch deleted file mode 100644 index 46bec25f5c90e5ad2fd7d0ea7b5bce28fd9c0908..0000000000000000000000000000000000000000 --- a/backport-fix-coredump-when-use-Memmove.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 8884a7e908ffc6e8a0b6bcbca5832fe3fc579343 Mon Sep 17 00:00:00 2001 -From: "Thomas E. Dickey" -Date: Sun, 25 Jun 2023 18:16:49 +0000 -Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230625 - -ncurses 6.4 - patch 20230625 - Thomas E. Dickey - ------------------------------------------------------------------------------- - -Ncurses 6.4 is at - https://invisible-island.net/archives/ncurses/ - https://invisible-mirror.net/archives/ncurses/ - https://ftp.gnu.org/gnu/ncurses/ - -Patches for ncurses 6.4 can be found at - https://invisible-island.net/archives/ncurses/6.4 - https://invisible-mirror.net/archives/ncurses/6.4 - ------------------------------------------------------------------------------- - https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230625.patch.gz - patch by Thomas E. Dickey - created Sun Jun 25 23:46:35 UTC 2023 - -Conflict:Delete unnecessary modifications -Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/8884a7e908ffc6e8a0b6bcbca5832fe3fc579343 - ---- - NEWS | 5 ++++- - ncurses/tty/hashmap.c | 9 ++++++--- - 2 files changed, 10 insertions(+), 4 deletions(-) - -diff --git a/NEWS b/NEWS -index a57ff03..b49ff26 100644 ---- a/NEWS -+++ b/NEWS -@@ -26,7 +26,7 @@ - -- sale, use or other dealings in this Software without prior written -- - -- authorization. -- - ------------------------------------------------------------------------------- ---- $Id: NEWS,v 1.3969 2023/06/24 22:59:35 tom Exp $ -+-- $Id: NEWS,v 1.3971 2023/06/25 18:16:49 tom Exp $ - ------------------------------------------------------------------------------- - - This is a log of changes that ncurses has gone through since Zeyd started -@@ -46,6 +46,9 @@ See the AUTHORS file for the corresponding full names. - Changes through 1.9.9e did not credit all contributions; - it is not possible to add this information. - -+20230625 -+ + fixes for out-of-memory condition (report by "eaglegai"). -+ - 20230624 - + fixes for out-of-memory condition (report by "eaglegai"). - -diff --git a/ncurses/tty/hashmap.c b/ncurses/tty/hashmap.c -index 3f124c9..2ddfaaa 100644 ---- a/ncurses/tty/hashmap.c -+++ b/ncurses/tty/hashmap.c -@@ -1,5 +1,5 @@ - /**************************************************************************** -- * Copyright 2019,2020 Thomas E. Dickey * -+ * Copyright 2019-2020,2023 Thomas E. Dickey * - * Copyright 1998-2015,2016 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * -@@ -74,7 +74,7 @@ AUTHOR - #define CUR SP_TERMTYPE - #endif - --MODULE_ID("$Id: hashmap.c,v 1.69 2020/05/31 17:50:48 tom Exp $") -+MODULE_ID("$Id: hashmap.c,v 1.70 2023/06/25 17:16:01 tom Exp $") - - #ifdef HASHDEBUG - -@@ -318,8 +318,11 @@ NCURSES_SP_NAME(_nc_hash_map) (NCURSES_SP_DCL0) - if (newhash(SP_PARM) == 0) - newhash(SP_PARM) = typeCalloc(unsigned long, - (size_t) screen_lines(SP_PARM)); -- if (!oldhash(SP_PARM) || !newhash(SP_PARM)) -+ if (!oldhash(SP_PARM) || !newhash(SP_PARM)) { -+ FreeAndNull(oldhash(SP_PARM)); -+ FreeAndNull(newhash(SP_PARM)); - return; /* malloc failure */ -+ } - for (i = 0; i < screen_lines(SP_PARM); i++) { - newhash(SP_PARM)[i] = hash(SP_PARM, NEWTEXT(SP_PARM, i)); - oldhash(SP_PARM)[i] = hash(SP_PARM, OLDTEXT(SP_PARM, i)); --- -2.33.0 - diff --git a/backport-fix-for-out-of-memory-condition.patch b/backport-fix-for-out-of-memory-condition.patch deleted file mode 100644 index 8bca4b530b104b90350426a4d4cb6b448ab4649f..0000000000000000000000000000000000000000 --- a/backport-fix-for-out-of-memory-condition.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 6f1b898d6bac009e629f374d552d0869670b8e6a Mon Sep 17 00:00:00 2001 -From: "Thomas E. Dickey" -Date: Sat, 24 Jun 2023 22:59:35 +0000 -Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230624 - -ncurses 6.4 - patch 20230624 - Thomas E. Dickey ------------------------------------------------------------------------------- -Ncurses 6.4 is at - https://invisible-island.net/archives/ncurses/ - https://invisible-mirror.net/archives/ncurses/ - https://ftp.gnu.org/gnu/ncurses/ - -Patches for ncurses 6.4 can be found at - https://invisible-island.net/archives/ncurses/6.4 - https://invisible-mirror.net/archives/ncurses/6.4 ------------------------------------------------------------------------------- -https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230624.patch.gz -patch by Thomas E. Dickey -created Sun Jun 25 00:38:02 UTC 2023 - -Conflict:Delete unnecessary modifications and adaptation of the modification time -Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/6f1b898d6bac009e629f374d552d0869670b8e6a - ---- - NEWS | 5 ++++- - ncurses/tinfo/lib_setup.c | 9 ++++----- - ncurses/tinfo/lib_tparm.c | 7 ++++++- - ncurses/tty/hardscroll.c | 12 +++++++++--- - 4 files changed, 23 insertions(+), 10 deletions(-) - -diff --git a/NEWS b/NEWS -index 57ef74c..a57ff03 100644 ---- a/NEWS -+++ b/NEWS -@@ -26,7 +26,7 @@ - -- sale, use or other dealings in this Software without prior written -- - -- authorization. -- - ------------------------------------------------------------------------------- ---- $Id: NEWS,v 1.3895 2022/12/31 20:43:21 tom Exp $ -+-- $Id: NEWS,v 1.3969 2023/06/24 22:59:35 tom Exp $ - ------------------------------------------------------------------------------- - - This is a log of changes that ncurses has gone through since Zeyd started -@@ -46,6 +46,9 @@ See the AUTHORS file for the corresponding full names. - Changes through 1.9.9e did not credit all contributions; - it is not possible to add this information. - -+20230624 -+ + fixes for out-of-memory condition (report by "eaglegai"). -+ - 20221231 6.4 release for upload to ftp.gnu.org - + update release notes - + regenerate llib-* files. -diff --git a/ncurses/tinfo/lib_setup.c b/ncurses/tinfo/lib_setup.c -index 0aaaa93..0ad5035 100644 ---- a/ncurses/tinfo/lib_setup.c -+++ b/ncurses/tinfo/lib_setup.c -@@ -1,5 +1,5 @@ - /**************************************************************************** -- * Copyright 2018-2021,2022 Thomas E. Dickey * -+ * Copyright 2018-2022,2023 Thomas E. Dickey * - * Copyright 1998-2016,2017 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * -@@ -49,7 +49,7 @@ - #include - #endif - --MODULE_ID("$Id: lib_setup.c,v 1.218 2022/08/13 18:12:22 tom Exp $") -+MODULE_ID("$Id: lib_setup.c,v 1.219 2023/06/24 13:25:14 tom Exp $") - - /**************************************************************************** - * -@@ -679,10 +679,9 @@ TINFO_SETUP_TERM(TERMINAL **tp, - #endif - } - myname = strdup(tname); -- -- if (strlen(myname) > MAX_NAME_SIZE) { -+ if (myname == NULL || strlen(myname) > MAX_NAME_SIZE) { - ret_error(TGETENT_ERR, -- "TERM environment must be <= %d characters.\n", -+ "TERM environment must be 1..%d characters.\n", - MAX_NAME_SIZE, - free(myname)); - } -diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c -index 72d8813..9d41b60 100644 ---- a/ncurses/tinfo/lib_tparm.c -+++ b/ncurses/tinfo/lib_tparm.c -@@ -53,7 +53,7 @@ - #include - #include - --MODULE_ID("$Id: lib_tparm.c,v 1.137 2021/11/20 23:29:15 tom Exp $") -+MODULE_ID("$Id: lib_tparm.c,v 1.150 2023/06/24 16:12:52 tom Exp $") - - /* - * char * -@@ -798,6 +798,11 @@ tparam_internal(TPARM_STATE *tps, const char *string, TPARM_DATA *data) - - tparm_trace_call(tps, string, data); - -+ if (TPS(fmt_buff) == NULL) { -+ T((T_RETURN(""))); -+ return NULL; -+ } -+ - while ((cp - string) < (int) len2) { - if (*cp != '%') { - save_char(tps, UChar(*cp)); -diff --git a/ncurses/tty/hardscroll.c b/ncurses/tty/hardscroll.c -index abb21cf..d66aa99 100644 ---- a/ncurses/tty/hardscroll.c -+++ b/ncurses/tty/hardscroll.c -@@ -1,5 +1,5 @@ - /**************************************************************************** -- * Copyright 2020 Thomas E. Dickey * -+ * Copyright 2020,2023 Thomas E. Dickey * - * Copyright 1998-2015,2016 Free Software Foundation, Inc. * - * * - * Permission is hereby granted, free of charge, to any person obtaining a * -@@ -148,7 +148,7 @@ AUTHOR - - #include - --MODULE_ID("$Id: hardscroll.c,v 1.54 2020/02/02 23:34:34 tom Exp $") -+MODULE_ID("$Id: hardscroll.c,v 1.56 2023/06/24 22:55:24 tom Exp $") - - #if defined(SCROLLDEBUG) || defined(HASHDEBUG) - -@@ -204,13 +204,19 @@ NCURSES_SP_NAME(_nc_scroll_optimize) (NCURSES_SP_DCL0) - int *new_oldnums = typeRealloc(int, - (size_t) need_lines, - oldnums(SP_PARM)); -- if (!new_oldnums) -+ if (!new_oldnums) { -+ TR(TRACE_ICALLS, (T_RETURN(""))); - return; -+ } - oldnums(SP_PARM) = new_oldnums; - OLDNUM_SIZE(SP_PARM) = need_lines; - } - /* calculate the indices */ - NCURSES_SP_NAME(_nc_hash_map) (NCURSES_SP_ARG); -+ if (SP_PARM->hashtab_len < screen_lines(SP_PARM)) { -+ TR(TRACE_ICALLS, (T_RETURN(""))); -+ return; -+ } - #endif - #endif /* !defined(SCROLLDEBUG) && !defined(HASHDEBUG) */ - --- -2.33.0 - diff --git a/ncurses-6.4.tar.gz b/ncurses-6.5.tar.gz similarity index 33% rename from ncurses-6.4.tar.gz rename to ncurses-6.5.tar.gz index 7c228a06a0c332a4c540bd7aa23d2384da6166cb..3ec6637d3cc9169426300be9e6148377578b1f93 100644 Binary files a/ncurses-6.4.tar.gz and b/ncurses-6.5.tar.gz differ diff --git a/ncurses-kbs.patch b/ncurses-kbs.patch deleted file mode 100644 index 9552669425e9b2a69b6c16c1111f4eb3d819b86b..0000000000000000000000000000000000000000 --- a/ncurses-kbs.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff --git a/misc/terminfo.src b/misc/terminfo.src -index 06d46f0..70e213e 100644 ---- a/misc/terminfo.src -+++ b/misc/terminfo.src -@@ -6698,7 +6698,7 @@ rxvt-basic|rxvt terminal base (X Window System), - enacs=\E(B\E)0, flash=\E[?5h$<100/>\E[?5l, home=\E[H, - ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, - ind=\n, is1=\E[?47l\E=\E[?1l, -- is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kbs=^H, -+ is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, - kcbt=\E[Z, kmous=\E[M, rc=\E8, rev=\E[7m, ri=\EM, rmacs=^O, - rmir=\E[4l, rmkx=\E>, rmso=\E[27m, rmul=\E[24m, - rs1=\E>\E[1;3;4;5;6l\E[?7h\E[m\E[r\E[2J\E[H, -@@ -6709,7 +6709,7 @@ rxvt-basic|rxvt terminal base (X Window System), - %p9%t\016%e\017%;, - sgr0=\E[0m\017, smacs=^N, smir=\E[4h, smkx=\E=, smso=\E[7m, - smul=\E[4m, tbc=\E[3g, use=xterm+alt47, use=vt100+enq, -- use=rxvt+pcfkeys, use=vt220+cvis, use=vt220+keypad, -+ use=rxvt+pcfkeys, use=vt220+cvis, use=vt220+keypad, use=xterm+kbs, - # Key Codes from rxvt reference: - # - # Note: Shift + F1-F10 generates F11-F20 -@@ -8361,7 +8361,7 @@ screen-base|VT 100/ANSI X3.64 virtual terminal (base), - dl=\E[%p1%dM, dl1=\E[M, ed=\E[J, el=\E[K, el1=\E[1K, - enacs=\E(B\E)0, flash=\Eg, home=\E[H, hpa=\E[%i%p1%dG, - ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, -- ind=\n, indn=\E[%p1%dS, is2=\E)0, kbs=^H, kcbt=\E[Z, -+ ind=\n, indn=\E[%p1%dS, is2=\E)0, kcbt=\E[Z, - kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA, kf1=\EOP, - kf10=\E[21~, kf11=\E[23~, kf12=\E[24~, kf2=\EOQ, kf3=\EOR, - kf4=\EOS, kf5=\E[15~, kf6=\E[17~, kf7=\E[18~, kf8=\E[19~, -@@ -8374,6 +8374,7 @@ screen-base|VT 100/ANSI X3.64 virtual terminal (base), - smso=\E[3m, smul=\E[4m, tbc=\E[3g, vpa=\E[%i%p1%dd, - E0=\E(B, S0=\E(%p1%c, use=vt220+pcedit, - use=xterm+alt1049, use=ecma+color, use=vt100+enq, -+ use=xterm+kbs, - - screen|VT 100/ANSI X3.64 virtual terminal, - use=screen4, -@@ -8503,6 +8504,7 @@ screen.xterm-r6|screen customized for X11R6 xterm, - # on Solaris because Sun's curses implementation gets confused. - screen.teraterm|disable ncv in teraterm, - ncv#127, -+ kbs=^H, - acsc=+\020\,\021-\030.^Y0\333`\004a\261f\370g\361h\260i - \316j\331k\277l\332m\300n\305o~p\304q\304r\304s_t\303u - \264v\301w\302x\263y\363z\362{\343|\330}\234~\376, --- -2.39.1 - diff --git a/ncurses.spec b/ncurses.spec index d39ab29f9c5decc1675da2215b9667ccdb32d1a2..ad37ea17497052201926f4449c365a0dc2d87772 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -1,6 +1,6 @@ name: ncurses -Version: 6.4 -Release: 8 +Version: 6.5 +Release: 1 Summary: Terminal control library License: MIT URL: https://invisible-island.net/ncurses/ncurses.html @@ -9,13 +9,6 @@ Source0: https://invisible-mirror.net/archives/ncurses/ncurses-%{version}. Patch8: ncurses-config.patch Patch9: ncurses-libs.patch Patch11: ncurses-urxvt.patch -Patch12: ncurses-kbs.patch -Patch13: backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch -Patch14: backport-0002-CVE-2023-29491-env-access.patch -Patch15: backport-fix-for-out-of-memory-condition.patch -Patch16: backport-fix-coredump-when-use-Memmove.patch -Patch17: backport-CVE-2023-50495.patch -Patch18: backport-CVE-2023-45918.patch BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig @@ -53,7 +46,6 @@ Libraries for %{name}. Summary: Development files for the ncurses library Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-c++-libs = %{version}-%{release} -Requires: pkgconfig Provides: libtermcap-devel = 2.0.8-48 Obsoletes: libtermcap-devel < 2.0.8-48 @@ -84,13 +76,7 @@ Requires: %{name}-devel = %{version}-%{release} %description static The ncurses-static package includes static libraries of the ncurses library. -%package help -Summary: Ncurse help document -Requires: %{name} = %{version}-%{release} - -%description help -This package contains development documentation, manuals -for interface function, and related documents. +%package_help %prep %autosetup -n %{name}-%{version} -p1 @@ -204,10 +190,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*_g.pc xz NEWS -%ldconfig_scriptlets -%ldconfig_scriptlets libs -%ldconfig_scriptlets compat-libs - %files -f terms.term %doc ANNOUNCE AUTHORS %doc c++/README* @@ -250,6 +232,9 @@ xz NEWS %{_mandir}/man7/* %changelog +* Mon Oct 28 2024 Funda Wang - 6.5-1 +- update to 6.5 + * Wed Feb 28 2024 yanglu - 6.4-8 - Type:bugfix - CVE:NA diff --git a/ncurses.yaml b/ncurses.yaml index 6fe26b30f2d3c176297d344399f48dffe7584d39..4efcca4b11ffe0576690d49bf348aa3322205f45 100644 --- a/ncurses.yaml +++ b/ncurses.yaml @@ -1,4 +1,4 @@ version_control: github src_repo: mirror/ncurses tag_prefix: v -seperator: . +separator: .