diff --git a/backport-CVE-2022-29458.patch b/backport-CVE-2022-29458.patch deleted file mode 100644 index 1830758c1d9b0af9f1102f0b4ff1945bd987e198..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-29458.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 4c9f63c460cb7134f142aa65f6866c175ed77605 Mon Sep 17 00:00:00 2001 -From: "Thomas E. Dickey" -Date: Sun, 17 Apr 2022 00:27:48 +0000 -Subject: [PATCH] ncurses 6.3 - patch 20220416 - - ncurses/tinfo/alloc_entry.c | 12 +- - ncurses/tinfo/read_entry.c | 21 +- - 2 files changed, 19 insertions(+), 8 deletions(-) - -diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c -index 0bc93942c..aed739436 100644 ---- a/ncurses/tinfo/alloc_entry.c -+++ b/ncurses/tinfo/alloc_entry.c -@@ -48,8 +48,6 @@ - #define ABSENT_OFFSET -1 - #define CANCELLED_OFFSET -2 - --#define MAX_STRTAB 4096 /* documented maximum entry size */ -- - static char *stringbuf; /* buffer for string capabilities */ - static size_t next_free; /* next free character in stringbuf */ - -@@ -74,7 +72,7 @@ _nc_init_entry(ENTRY * const tp) - #endif - - if (stringbuf == 0) -- TYPE_MALLOC(char, (size_t) MAX_STRTAB, stringbuf); -+ TYPE_MALLOC(char, (size_t) MAX_ENTRY_SIZE, stringbuf); - - next_free = 0; - -@@ -111,11 +109,11 @@ _nc_save_str(const char *string) - * Cheat a little by making an empty string point to the end of the - * previous string. - */ -- if (next_free < MAX_STRTAB) { -+ if (next_free < MAX_ENTRY_SIZE) { - result = (stringbuf + next_free - 1); - } -- } else if (next_free + len < MAX_STRTAB) { -- _nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB); -+ } else if (next_free + len < MAX_ENTRY_SIZE) { -+ _nc_STRCPY(&stringbuf[next_free], string, MAX_ENTRY_SIZE); - DEBUG(7, ("Saved string %s", _nc_visbuf(string))); - DEBUG(7, ("at location %d", (int) next_free)); - next_free += len; -diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c -index 41ef0d0aa..66e3d31ee 100644 ---- a/ncurses/tinfo/read_entry.c -+++ b/ncurses/tinfo/read_entry.c -@@ -145,6 +145,7 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) - { - int i; - char *p; -+ bool corrupt = FALSE; - - for (i = 0; i < count; i++) { - if (IS_NEG1(buf + 2 * i)) { -@@ -154,8 +155,20 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table) - } else if (MyNumber(buf + 2 * i) > size) { - Strings[i] = ABSENT_STRING; - } else { -- Strings[i] = (MyNumber(buf + 2 * i) + table); -- TR(TRACE_DATABASE, ("Strings[%d] = %s", i, _nc_visbuf(Strings[i]))); -+ int nn = MyNumber(buf + 2 * i); -+ if (nn >= 0 && nn < size) { -+ Strings[i] = (nn + table); -+ TR(TRACE_DATABASE, ("Strings[%d] = %s", i, -+ _nc_visbuf(Strings[i]))); -+ } else { -+ if (!corrupt) { -+ corrupt = TRUE; -+ TR(TRACE_DATABASE, -+ ("ignore out-of-range index %d to Strings[]", nn)); -+ _nc_warning("corrupt data found in convert_strings"); -+ } -+ Strings[i] = ABSENT_STRING; -+ } - } - - /* make sure all strings are NUL terminated */ diff --git a/ncurses-6.3.tar.gz b/ncurses-6.4.tar.gz similarity index 33% rename from ncurses-6.3.tar.gz rename to ncurses-6.4.tar.gz index f3482d93a1382aa86577befb787343845950e3c7..7c228a06a0c332a4c540bd7aa23d2384da6166cb 100644 Binary files a/ncurses-6.3.tar.gz and b/ncurses-6.4.tar.gz differ diff --git a/ncurses-config.patch b/ncurses-config.patch index 7ca0ccb82e9b44330842d42177c1b5cad5af825d..d6b481f1e74dc64e295964c78b010c7c676f26e9 100644 --- a/ncurses-config.patch +++ b/ncurses-config.patch @@ -49,7 +49,7 @@ index 7b02ac2..b64379f 100644 do if [ -d "$lib_check" ] @@ -271,7 +270,6 @@ ENDECHO - echo $INCS + echo "$INCS" ;; --libdir) - echo "${libdir}" diff --git a/ncurses-kbs.patch b/ncurses-kbs.patch index f3069d7d2953fa3e4790d85f821d70f751879095..9552669425e9b2a69b6c16c1111f4eb3d819b86b 100644 --- a/ncurses-kbs.patch +++ b/ncurses-kbs.patch @@ -1,26 +1,26 @@ diff --git a/misc/terminfo.src b/misc/terminfo.src -index 650428a..855e644 100644 +index 06d46f0..70e213e 100644 --- a/misc/terminfo.src +++ b/misc/terminfo.src -@@ -6425,7 +6425,7 @@ rxvt-basic|rxvt terminal base (X Window System), +@@ -6698,7 +6698,7 @@ rxvt-basic|rxvt terminal base (X Window System), enacs=\E(B\E)0, flash=\E[?5h$<100/>\E[?5l, home=\E[H, ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, ind=\n, is1=\E[?47l\E=\E[?1l, - is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kbs=^H, + is2=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l\E[4l, kcbt=\E[Z, kmous=\E[M, rc=\E8, rev=\E[7m, ri=\EM, rmacs=^O, - rmcup=\E[2J\E[?47l\E8, rmir=\E[4l, rmkx=\E>, rmso=\E[27m, - rmul=\E[24m, -@@ -6437,7 +6437,7 @@ rxvt-basic|rxvt terminal base (X Window System), + rmir=\E[4l, rmkx=\E>, rmso=\E[27m, rmul=\E[24m, + rs1=\E>\E[1;3;4;5;6l\E[?7h\E[m\E[r\E[2J\E[H, +@@ -6709,7 +6709,7 @@ rxvt-basic|rxvt terminal base (X Window System), %p9%t\016%e\017%;, - sgr0=\E[0m\017, smacs=^N, smcup=\E7\E[?47h, smir=\E[4h, - smkx=\E=, smso=\E[7m, smul=\E[4m, tbc=\E[3g, use=vt100+enq, + sgr0=\E[0m\017, smacs=^N, smir=\E[4h, smkx=\E=, smso=\E[7m, + smul=\E[4m, tbc=\E[3g, use=xterm+alt47, use=vt100+enq, - use=rxvt+pcfkeys, use=vt220+cvis, use=vt220+keypad, + use=rxvt+pcfkeys, use=vt220+cvis, use=vt220+keypad, use=xterm+kbs, # Key Codes from rxvt reference: # # Note: Shift + F1-F10 generates F11-F20 -@@ -8074,7 +8074,7 @@ screen|VT 100/ANSI X3.64 virtual terminal, +@@ -8361,7 +8361,7 @@ screen-base|VT 100/ANSI X3.64 virtual terminal (base), dl=\E[%p1%dM, dl1=\E[M, ed=\E[J, el=\E[K, el1=\E[1K, enacs=\E(B\E)0, flash=\Eg, home=\E[H, hpa=\E[%i%p1%dG, ht=^I, hts=\EH, ich=\E[%p1%d@, il=\E[%p1%dL, il1=\E[L, @@ -29,15 +29,15 @@ index 650428a..855e644 100644 kcub1=\EOD, kcud1=\EOB, kcuf1=\EOC, kcuu1=\EOA, kf1=\EOP, kf10=\E[21~, kf11=\E[23~, kf12=\E[24~, kf2=\EOQ, kf3=\EOR, kf4=\EOS, kf5=\E[15~, kf6=\E[17~, kf7=\E[18~, kf8=\E[19~, -@@ -8087,6 +8087,7 @@ screen|VT 100/ANSI X3.64 virtual terminal, +@@ -8374,6 +8374,7 @@ screen-base|VT 100/ANSI X3.64 virtual terminal (base), smso=\E[3m, smul=\E[4m, tbc=\E[3g, vpa=\E[%i%p1%dd, E0=\E(B, S0=\E(%p1%c, use=vt220+pcedit, use=xterm+alt1049, use=ecma+color, use=vt100+enq, + use=xterm+kbs, - # The bce and status-line entries are from screen 3.9.13 (and require some - # changes to .screenrc). - screen-bce|VT 100/ANSI X3.64 virtual terminal with bce, -@@ -8202,6 +8203,7 @@ screen.xterm-r6|screen customized for X11R6 xterm, + + screen|VT 100/ANSI X3.64 virtual terminal, + use=screen4, +@@ -8503,6 +8504,7 @@ screen.xterm-r6|screen customized for X11R6 xterm, # on Solaris because Sun's curses implementation gets confused. screen.teraterm|disable ncv in teraterm, ncv#127, @@ -46,4 +46,5 @@ index 650428a..855e644 100644 \316j\331k\277l\332m\300n\305o~p\304q\304r\304s_t\303u \264v\301w\302x\263y\363z\362{\343|\330}\234~\376, -- -2.33.0 \ No newline at end of file +2.39.1 + diff --git a/ncurses.spec b/ncurses.spec index 46f662cc712607d1b1f594d58a294ef04cce4598..6aed2c48730782aac87268c82862ed02cb8a7645 100644 --- a/ncurses.spec +++ b/ncurses.spec @@ -1,6 +1,6 @@ Name: ncurses -Version: 6.3 -Release: 5 +Version: 6.4 +Release: 1 Summary: Terminal control library License: MIT URL: https://invisible-island.net/ncurses/ncurses.html @@ -10,9 +10,8 @@ Patch8: ncurses-config.patch Patch9: ncurses-libs.patch Patch11: ncurses-urxvt.patch Patch12: ncurses-kbs.patch -Patch13: backport-CVE-2022-29458.patch -BuildRequires: gcc gcc-c++ gpm-devel pkgconfig +BuildRequires: make gcc gcc-c++ gpm-devel pkgconfig Requires: %{name}-base = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release} @@ -121,8 +120,8 @@ for abi in 5 6; do [ $progs = yes ] || echo --without-progs ) - make %{?_smp_mflags} libs - [ $progs = yes ] && make %{?_smp_mflags} -C progs + %make_build libs + [ $progs = yes ] && %make_build -C progs popd done @@ -202,7 +201,6 @@ xz NEWS %files -f terms.term %doc ANNOUNCE AUTHORS %doc c++/README* -%{!?_licensedir:%global license %%doc} %license COPYING %{_bindir}/[cirt]* %{_libdir}/libncurses++*.so.6* @@ -242,6 +240,12 @@ xz NEWS %{_mandir}/man7/* %changelog +* Thu Feb 02 2023 yanglu - 6.4-1 +- Type:requirement +- CVE:NA +- SUG:NA +- DESC:update ncurses version to 6.4 + * Thu Nov 10 2022 yanglu - 6.3-5 - Type:bugfix - CVE:NA