Commit - rpms/ncurses - 6772ca2d91df6ae282dfb3bb88d27520b2859f6e

@@ -0,0 +1,28 @@
+From snapshot 6.1-20191012
+            +
+diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
+index 21f165ca..a62d38f9 100644
+--- a/ncurses/tinfo/comp_hash.c
++++ b/ncurses/tinfo/comp_hash.c
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+     hashvalue = data->hash_of(string);
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++    && (unsigned) hashvalue < data->table_size
++    && data->table_data[hashvalue] >= 0) {
+     real_table = _nc_get_table(termcap);
+     ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+     const HashData *data = _nc_get_hash_info(termcap);
+     int hashvalue = data->hash_of(string);
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++    && (unsigned) hashvalue < data->table_size
++    && data->table_data[hashvalue] >= 0) {
+     const struct name_table_entry *const table = _nc_get_table(termcap);
+     ptr = table + data->table_data[hashvalue];

SOURCES/ncurses-cve-2019-17595.patch

file added

+16

SOURCES/ncurses-cve-2019-17595.patch ADDED

@@ -0,0 +1,16 @@
+From snapshot 6.1-20191012
+            +
+diff --git a/progs/dump_entry.c b/progs/dump_entry.c
+index d0e420ec..8a47084a 100644
+--- a/progs/dump_entry.c
++++ b/progs/dump_entry.c
+@@ -1136,7 +1136,8 @@ fmt_entry(TERMTYPE2 *tterm,
+                 *d++ = '\\';
+                 *d = ':';
+                 } else if (*d == '\\') {
+-                *++d = *s++;
++                if ((*++d = *s++) == '\0')
++                    break;
+                 }
+                 d++;
+                 *d = '\0';

SOURCES/ncurses-tputx.patch

file added

+15

SOURCES/ncurses-tputx.patch ADDED

@@ -0,0 +1,15 @@
+From snapshot 6.1-20180630
+            +
+diff --git a/progs/tput.c b/progs/tput.c
+index fd051eb4..88e75799 100644
+--- a/progs/tput.c
++++ b/progs/tput.c
+@@ -293,7 +293,7 @@ main(int argc, char **argv)
+     term = getenv("TERM");
+-    while ((c = getopt(argc, argv, "ST:V")) != -1) {
++    while ((c = getopt(argc, argv, "ST:Vx")) != -1) {
+     switch (c) {
+     case 'S':
+         cmdline = FALSE;

SPECS/ncurses.spec

file modified

+14 -1

SPECS/ncurses.spec CHANGED

@@ -2,7 +2,7 @@
 Summary: Ncurses support utilities
 Name: ncurses
 Version: 6.1
-Release: 7.%{revision}%{?dist}
+Release: 9.%{revision}%{?dist}
 License: MIT
 Group: System Environment/Base
 URL: https://invisible-island.net/ncurses/ncurses.html
@@ -13,6 +13,9 @@ Patch8: ncurses-config.patch
 Patch9: ncurses-libs.patch
 Patch11: ncurses-urxvt.patch
 Patch12: ncurses-kbs.patch
+Patch13: ncurses-cve-2019-17594.patch
+Patch14: ncurses-cve-2019-17595.patch
+Patch15: ncurses-tputx.patch
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@@ -127,6 +130,9 @@ The ncurses-static package includes static libraries of the ncurses library.
 %patch9 -p1 -b .libs
 %patch11 -p1 -b .urxvt
 %patch12 -p1 -b .kbs
+%patch13 -p1 -b .cve-2019-17594
+%patch14 -p1 -b .cve-2019-17595
+%patch15 -p1 -b .tputx
 for f in ANNOUNCE; do
     iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -293,6 +299,13 @@ bzip2 NEWS
 %{_libdir}/lib*.a
 %changelog
+* Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-9.20180224
+- fix tput to accept -x option (#1916340)
+            +
+* Tue May 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 6.1-8.20180224
+- fix buffer overflow in terminfo entry hashtable (CVE-2019-17594)
+- handle missing character after backslash in terminfo entry (CVE-2019-17595)
+            +
 * Wed Jan 16 2019 Miroslav Lichvar <mlichvar@redhat.com> 6.1-7.20180224
 - disable stripping on program installation (#1665177)