packages/ncurses
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:2fbb4952c5d2d4078dfa6de87f4a0e5be9c2bb86
Branches Tags
packages:main
..
compare: packages:5fc58dcc7a25b57b523585c82074f217a45bf488
Branches Tags
packages:main

10 Commits
2fbb4952c5 ... 5fc58dcc7a

Author SHA1 Message Date
openeuler-ci-bot
5fc58dcc7a
!91 sysboost no longer needs relocation, so remove it. 
From: @ironictwist 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2024-02-28 06:57:13 +00:00
Ricardo
99cd3216aa Relocations are no longer required. 
sysboost no longer needs relocation, so we remove it.

Signed-off-by: Ricardo <liutie4@huawei.com>
 2024-02-28 14:23:19 +08:00
openeuler-ci-bot
84d33d98f4
!90 [sync] PR-87: fix CVE-2023-45918 
From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2024-01-31 06:52:25 +00:00
yangl777
8ca5073079 fix CVE-2023-45918 
(cherry picked from commit eefdaf24a8fc61c12ea8b06b4a1a913505eec3aa)
 2024-01-30 17:30:54 +08:00
openeuler-ci-bot
2d3cf15862
!81 [sync] PR-75: fix CVE-2023-50495 
From: @openeuler-sync-bot 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2023-12-19 01:36:24 +00:00
yangl777
e9073cd1e8 fix CVE-2023-50495 
(cherry picked from commit 589c64697663b16afa8c35a88df8c92dc2c6c895)
 2023-12-18 16:36:28 +08:00
openeuler-ci-bot
a516582092
!69 [sync] PR-65: fixes for out-of-memory condition 
From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2023-10-17 06:46:18 +00:00
yangl777
66cafa36e8 fixes for out-of-memory condition 
(cherry picked from commit b01acab204cc03d4f9e4fbe28fe6e9a692e44b90)
 2023-07-10 19:03:32 +08:00
openeuler-ci-bot
d6d8570f9d
!68 [sync] PR-59: fix CVE-2023-29491 
From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
 2023-07-10 10:47:17 +00:00
yangl777
91702f9ee8 fix CVE-2023-29491 
(cherry picked from commit 2fe55f9f4b797b89c9d70fdc82cea6db078c8438)
 2023-07-10 15:45:16 +08:00
7 changed files with 652 additions and 38 deletions
Show Stats Expand all files Collapse all files

50
backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch Normal file
View File

@ -0,0 +1,50 @@
From 49d07be98e591d2df1d5b8d55fc9ecac3185fb70 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 1 May 2023 11:31:39 +0200
Subject: [PATCH] Fix the --disable-root-args and --disable-root-environ
options
Due to a copy/paste error, the "--disable-root-environ" configure
option performed the actions of the "--disable-root-access" option,
while the latter option had no effect at all.
Conflict:add configure file changes based on community
Reference:https://salsa.debian.org/debian/ncurses/-/commit/49d07be98e591d2df1d5b8d55fc9ecac3185fb70
---
configure.in | 2 +-
configure | 6 +++---
2 file changed, 4 insertion(+), 4 deletion(-)
diff --git a/configure.in b/configure.in
index 798b95a..613677f 100644
--- a/configure.in
+++ b/configure.in
@@ -854,7 +854,7 @@ AC_MSG_RESULT($with_root_environ)
test "x$with_root_environ" = xyes && AC_DEFINE(USE_ROOT_ENVIRON,1,[Define to 1 if root is allowed to use ncurses environment])
AC_MSG_CHECKING(if you want to permit setuid programs to access all files)
-AC_ARG_ENABLE(root-environ,
+AC_ARG_ENABLE(root-access,
[ --disable-root-access restrict file-access when running setuid],
[with_root_access=$enableval],
[with_root_access=yes])
diff --git a/configure b/configure
index 421cf85..5141933 100755
--- a/configure
+++ b/configure
@@ -9399,9 +9399,9 @@ EOF
echo "$as_me:9399: checking if you want to permit setuid programs to access all files" >&5
echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
-# Check whether --enable-root-environ or --disable-root-environ was given.
-if test "${enable_root_environ+set}" = set; then
- enableval="$enable_root_environ"
+# Check whether --enable-root-access or --disable-root-access was given.
+if test "${enable_root_access+set}" = set; then
+ enableval="$enable_root_access"
with_root_access=$enableval
else
with_root_access=yes
--
2.33.0

32
backport-0002-CVE-2023-29491-env-access.patch Normal file
View File

@ -0,0 +1,32 @@
From 94240194a58b15e7fc3a015ed123ebb124f4e869 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 1 May 2023 11:32:01 +0200
Subject: [PATCH] Change the behavior of the "--disable-root-environ" option
The new patch debian-env-access.diff makes the
"--disable-root-environ" configure option functionally equivalent to
the --disable-setuid-environ" option that has been added in the
20230425 upstream patchlevel.
Conflict:NA
Reference:https://salsa.debian.org/debian/ncurses/-/commit/94240194a58b15e7fc3a015ed123ebb124f4e869
---
ncurses/tinfo/access.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
index a735db2..c9f8660 100644
--- a/ncurses/tinfo/access.c
+++ b/ncurses/tinfo/access.c
@@ -215,8 +215,6 @@ _nc_env_access(void)
if (is_elevated()) {
result = FALSE;
- } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
- result = FALSE;
}
return result;
}
--
2.33.0

194
backport-CVE-2023-45918.patch Normal file
View File

@ -0,0 +1,194 @@
From 6107f670972c4bb79b5f8cfb1f12cc037271a7ee Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Thu, 15 Jun 2023 20:51:06 +0000
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230615
Conflict:remove unnecessary modifications
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/6107f670972c4bb79b5f8cfb1f12cc037271a7ee
---
ncurses/tinfo/comp_error.c | 17 +++++---
ncurses/tinfo/read_entry.c | 67 ++++++++++++++++++++++----------
2 files changed, 57 insertions(+), 27 deletions(-)
diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c
index aa745a6df..3e6b4022a 100644
--- a/ncurses/tinfo/comp_error.c
+++ b/ncurses/tinfo/comp_error.c
@@ -42,7 +42,7 @@
#include <tic.h>
-MODULE_ID("$Id: comp_error.c,v 1.40 2020/02/02 23:34:34 tom Exp $")
+MODULE_ID("$Id: comp_error.c,v 1.44 2023/06/15 20:27:02 tom Exp $")
NCURSES_EXPORT_VAR(bool) _nc_suppress_warnings = FALSE;
NCURSES_EXPORT_VAR(int) _nc_curr_line = 0; /* current line # in input */
@@ -60,8 +60,15 @@ _nc_get_source(void)
NCURSES_EXPORT(void)
_nc_set_source(const char *const name)
{
- FreeIfNeeded(SourceName);
- SourceName = strdup(name);
+ if (name == NULL) {
+ free(SourceName);
+ SourceName = NULL;
+ } else if (SourceName == NULL) {
+ SourceName = strdup(name);
+ } else if (strcmp(name, SourceName)) {
+ free(SourceName);
+ SourceName = strdup(name);
+ }
}
NCURSES_EXPORT(void)
@@ -95,9 +102,9 @@ static NCURSES_INLINE void
where_is_problem(void)
{
fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?");
- if (_nc_curr_line >= 0)
+ if (_nc_curr_line > 0)
fprintf(stderr, ", line %d", _nc_curr_line);
- if (_nc_curr_col >= 0)
+ if (_nc_curr_col > 0)
fprintf(stderr, ", col %d", _nc_curr_col);
if (TermType != 0 && TermType[0] != '\0')
fprintf(stderr, ", terminal '%s'", TermType);
diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
index 87e422aee..762c6c68c 100644
--- a/ncurses/tinfo/read_entry.c
+++ b/ncurses/tinfo/read_entry.c
@@ -42,7 +42,7 @@
#include <tic.h>
-MODULE_ID("$Id: read_entry.c,v 1.161 2021/06/26 19:43:17 tom Exp $")
+MODULE_ID("$Id: read_entry.c,v 1.169 2023/06/15 20:51:06 tom Exp $")
#define TYPE_CALLOC(type,elts) typeCalloc(type, (unsigned)(elts))
@@ -138,12 +138,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count)
}
#endif
-static void
-convert_strings(char *buf, char **Strings, int count, int size, char *table)
+static bool
+convert_strings(char *buf, char **Strings, int count, int size,
+ char *table, bool always)
{
int i;
char *p;
- bool corrupt = FALSE;
+ bool success = TRUE;
for (i = 0; i < count; i++) {
if (IS_NEG1(buf + 2 * i)) {
@@ -159,13 +160,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
_nc_visbuf(Strings[i])));
} else {
- if (!corrupt) {
- corrupt = TRUE;
- TR(TRACE_DATABASE,
- ("ignore out-of-range index %d to Strings[]", nn));
- _nc_warning("corrupt data found in convert_strings");
- }
- Strings[i] = ABSENT_STRING;
+ TR(TRACE_DATABASE,
+ ("found out-of-range index %d to Strings[%d]", nn, i));
+ success = FALSE;
+ break;
}
}
@@ -175,10 +173,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
if (*p == '\0')
break;
/* if there is no NUL, ignore the string */
- if (p >= table + size)
+ if (p >= table + size) {
Strings[i] = ABSENT_STRING;
+ } else if (p == Strings[i] && always) {
+ TR(TRACE_DATABASE,
+ ("found empty but required Strings[%d]", i));
+ success = FALSE;
+ break;
+ }
+ } else if (always) { /* names are always needed */
+ TR(TRACE_DATABASE,
+ ("found invalid but required Strings[%d]", i));
+ success = FALSE;
+ break;
}
}
+ if (!success) {
+ _nc_warning("corrupt data found in convert_strings");
+ }
+ return success;
}
static int
@@ -382,7 +395,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
if (Read(string_table, (unsigned) str_size) != str_size) {
returnDB(TGETENT_NO);
}
- convert_strings(buf, ptr->Strings, str_count, str_size, string_table);
+ if (!convert_strings(buf, ptr->Strings, str_count, str_size,
+ string_table, FALSE)) {
+ returnDB(TGETENT_NO);
+ }
}
#if NCURSES_XNAMES
@@ -483,8 +499,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
("Before computing extended-string capabilities "
"str_count=%d, ext_str_count=%d",
str_count, ext_str_count));
- convert_strings(buf, ptr->Strings + str_count, ext_str_count,
- ext_str_limit, ptr->ext_str_table);
+ if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+ ext_str_limit, ptr->ext_str_table, FALSE)) {
+ returnDB(TGETENT_NO);
+ }
for (i = ext_str_count - 1; i >= 0; i--) {
TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s",
i, i + str_count,
@@ -516,10 +534,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
TR(TRACE_DATABASE,
("ext_NAMES starting @%d in extended_strings, first = %s",
base, _nc_visbuf(ptr->ext_str_table + base)));
- convert_strings(buf + (2 * ext_str_count),
- ptr->ext_Names,
- (int) need,
- ext_str_limit, ptr->ext_str_table + base);
+ if (!convert_strings(buf + (2 * ext_str_count),
+ ptr->ext_Names,
+ (int) need,
+ ext_str_limit, ptr->ext_str_table + base,
+ TRUE)) {
+ returnDB(TGETENT_NO);
+ }
}
TR(TRACE_DATABASE,
@@ -572,13 +593,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr)
int limit;
char buffer[MAX_ENTRY_SIZE + 1];
- if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp))
- > 0) {
+ limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp);
+ if (limit > 0) {
+ const char *old_source = _nc_get_source();
TR(TRACE_DATABASE, ("read terminfo %s", filename));
+ if (old_source == NULL)
+ _nc_set_source(filename);
if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) {
_nc_free_termtype2(ptr);
}
+ _nc_set_source(old_source);
} else {
code = TGETENT_NO;
}

92
backport-CVE-2023-50495.patch Normal file
View File

@ -0,0 +1,92 @@
From efe9674ee14b14b788f9618941f97d31742f0adc Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Mon, 24 Apr 2023 23:14:45 +0000
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230424
Conflict:remove unnecessary modifications
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc#diff-92910179510f7aaf9b70441f3c70521140faa34a192f9e28671ee40bbf052dc4
---
ncurses/tinfo/parse_entry.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
index a77cd0b..5390146 100644
--- a/ncurses/tinfo/parse_entry.c
+++ b/ncurses/tinfo/parse_entry.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2018-2020,2021 Thomas E. Dickey *
+ * Copyright 2018-2022,2023 Thomas E. Dickey *
* Copyright 1998-2016,2017 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -48,7 +48,7 @@
#include <ctype.h>
#include <tic.h>
-MODULE_ID("$Id: parse_entry.c,v 1.102 2021/09/04 10:54:35 tom Exp $")
+MODULE_ID("$Id: parse_entry.c,v 1.108 2023/04/24 22:32:33 tom Exp $")
#ifdef LINT
static short const parametrized[] =
@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
/* Well, we are given a cancel for a name that we don't recognize */
return _nc_extend_names(entryp, name, STRING);
default:
- return 0;
+ return NULL;
}
/* Adjust the 'offset' (insertion-point) to keep the lists of extended
@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
for (last = (unsigned) (max - 1); last > tindex; last--)
if (!found) {
+ char *saved;
+
+ if ((saved = _nc_save_str(name)) == NULL)
+ return NULL;
+
switch (token_type) {
case BOOLEAN:
tp->ext_Booleans++;
@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
TYPE_REALLOC(char *, actual, tp->ext_Names);
while (--actual > offset)
tp->ext_Names[actual] = tp->ext_Names[actual - 1];
- tp->ext_Names[offset] = _nc_save_str(name);
+ tp->ext_Names[offset] = saved;
}
temp.nte_name = tp->ext_Names[offset];
@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
if (is_use || is_tc) {
+ char *saved;
+
if (!VALID_STRING(_nc_curr_token.tk_valstring)
|| _nc_curr_token.tk_valstring[0] == '\0') {
_nc_warning("missing name for use-clause");
@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
_nc_curr_token.tk_valstring);
continue;
}
- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
- entryp->uses[entryp->nuses].line = _nc_curr_line;
- entryp->nuses++;
- if (entryp->nuses > 1 && is_tc) {
- BAD_TC_USAGE
+ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
+ entryp->uses[entryp->nuses].name = saved;
+ entryp->uses[entryp->nuses].line = _nc_curr_line;
+ entryp->nuses++;
+ if (entryp->nuses > 1 && is_tc) {
+ BAD_TC_USAGE
+ }
}
} else {
/* normal token lookup */
--
2.33.0

90
backport-fix-coredump-when-use-Memmove.patch Normal file
View File

@ -0,0 +1,90 @@
From 8884a7e908ffc6e8a0b6bcbca5832fe3fc579343 Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Sun, 25 Jun 2023 18:16:49 +0000
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230625
ncurses 6.4 - patch 20230625 - Thomas E. Dickey
------------------------------------------------------------------------------
Ncurses 6.4 is at
https://invisible-island.net/archives/ncurses/
https://invisible-mirror.net/archives/ncurses/
https://ftp.gnu.org/gnu/ncurses/
Patches for ncurses 6.4 can be found at
https://invisible-island.net/archives/ncurses/6.4
https://invisible-mirror.net/archives/ncurses/6.4
------------------------------------------------------------------------------
https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230625.patch.gz
patch by Thomas E. Dickey <dickey@invisible-island.net>
created Sun Jun 25 23:46:35 UTC 2023
Conflict:Delete unnecessary modifications
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/8884a7e908ffc6e8a0b6bcbca5832fe3fc579343
---
NEWS | 5 ++++-
ncurses/tty/hashmap.c | 9 ++++++---
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index a57ff03..b49ff26 100644
--- a/NEWS
+++ b/NEWS
@@ -26,7 +26,7 @@
-- sale, use or other dealings in this Software without prior written --
-- authorization. --
-------------------------------------------------------------------------------
--- $Id: NEWS,v 1.3969 2023/06/24 22:59:35 tom Exp $
+-- $Id: NEWS,v 1.3971 2023/06/25 18:16:49 tom Exp $
-------------------------------------------------------------------------------
This is a log of changes that ncurses has gone through since Zeyd started
@@ -46,6 +46,9 @@ See the AUTHORS file for the corresponding full names.
Changes through 1.9.9e did not credit all contributions;
it is not possible to add this information.
+20230625
+ + fixes for out-of-memory condition (report by "eaglegai").
+
20230624
+ fixes for out-of-memory condition (report by "eaglegai").
diff --git a/ncurses/tty/hashmap.c b/ncurses/tty/hashmap.c
index 3f124c9..2ddfaaa 100644
--- a/ncurses/tty/hashmap.c
+++ b/ncurses/tty/hashmap.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2019,2020 Thomas E. Dickey *
+ * Copyright 2019-2020,2023 Thomas E. Dickey *
* Copyright 1998-2015,2016 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -74,7 +74,7 @@ AUTHOR
#define CUR SP_TERMTYPE
#endif
-MODULE_ID("$Id: hashmap.c,v 1.69 2020/05/31 17:50:48 tom Exp $")
+MODULE_ID("$Id: hashmap.c,v 1.70 2023/06/25 17:16:01 tom Exp $")
#ifdef HASHDEBUG
@@ -318,8 +318,11 @@ NCURSES_SP_NAME(_nc_hash_map) (NCURSES_SP_DCL0)
if (newhash(SP_PARM) == 0)
newhash(SP_PARM) = typeCalloc(unsigned long,
(size_t) screen_lines(SP_PARM));
- if (!oldhash(SP_PARM) || !newhash(SP_PARM))
+ if (!oldhash(SP_PARM) || !newhash(SP_PARM)) {
+ FreeAndNull(oldhash(SP_PARM));
+ FreeAndNull(newhash(SP_PARM));
return; /* malloc failure */
+ }
for (i = 0; i < screen_lines(SP_PARM); i++) {
newhash(SP_PARM)[i] = hash(SP_PARM, NEWTEXT(SP_PARM, i));
oldhash(SP_PARM)[i] = hash(SP_PARM, OLDTEXT(SP_PARM, i));
--
2.33.0

155
backport-fix-for-out-of-memory-condition.patch Normal file
View File

@ -0,0 +1,155 @@
From 6f1b898d6bac009e629f374d552d0869670b8e6a Mon Sep 17 00:00:00 2001
From: "Thomas E. Dickey" <dickey@invisible-island.net>
Date: Sat, 24 Jun 2023 22:59:35 +0000
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230624
ncurses 6.4 - patch 20230624 - Thomas E. Dickey
------------------------------------------------------------------------------
Ncurses 6.4 is at
https://invisible-island.net/archives/ncurses/
https://invisible-mirror.net/archives/ncurses/
https://ftp.gnu.org/gnu/ncurses/
Patches for ncurses 6.4 can be found at
https://invisible-island.net/archives/ncurses/6.4
https://invisible-mirror.net/archives/ncurses/6.4
------------------------------------------------------------------------------
https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230624.patch.gz
patch by Thomas E. Dickey <dickey@invisible-island.net>
created Sun Jun 25 00:38:02 UTC 2023
Conflict:Delete unnecessary modifications and adaptation of the modification time
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/6f1b898d6bac009e629f374d552d0869670b8e6a
---
NEWS | 5 ++++-
ncurses/tinfo/lib_setup.c | 9 ++++-----
ncurses/tinfo/lib_tparm.c | 7 ++++++-
ncurses/tty/hardscroll.c | 12 +++++++++---
4 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/NEWS b/NEWS
index 57ef74c..a57ff03 100644
--- a/NEWS
+++ b/NEWS
@@ -26,7 +26,7 @@
-- sale, use or other dealings in this Software without prior written --
-- authorization. --
-------------------------------------------------------------------------------
--- $Id: NEWS,v 1.3732 2021/10/20 22:49:51 tom Exp $
+-- $Id: NEWS,v 1.3969 2023/06/24 22:59:35 tom Exp $
-------------------------------------------------------------------------------
This is a log of changes that ncurses has gone through since Zeyd started
@@ -46,6 +46,9 @@ See the AUTHORS file for the corresponding full names.
Changes through 1.9.9e did not credit all contributions;
it is not possible to add this information.
+20230624
+ + fixes for out-of-memory condition (report by "eaglegai").
+
20211021 6.3 release for upload to ftp.gnu.org
+ update release notes
+ add "ncu2openbsd" script, to illustrate how to update an OpenBSD
diff --git a/ncurses/tinfo/lib_setup.c b/ncurses/tinfo/lib_setup.c
index 0aaaa93..0ad5035 100644
--- a/ncurses/tinfo/lib_setup.c
+++ b/ncurses/tinfo/lib_setup.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2018-2020,2021 Thomas E. Dickey *
+ * Copyright 2018-2022,2023 Thomas E. Dickey *
* Copyright 1998-2016,2017 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -49,7 +49,7 @@
#include <locale.h>
#endif
-MODULE_ID("$Id: lib_setup.c,v 1.214 2021/09/01 23:38:12 tom Exp $")
+MODULE_ID("$Id: lib_setup.c,v 1.219 2023/06/24 13:25:14 tom Exp $")
/****************************************************************************
*
@@ -679,10 +679,9 @@ TINFO_SETUP_TERM(TERMINAL **tp,
#endif
}
myname = strdup(tname);
-
- if (strlen(myname) > MAX_NAME_SIZE) {
+ if (myname == NULL || strlen(myname) > MAX_NAME_SIZE) {
ret_error(TGETENT_ERR,
- "TERM environment must be <= %d characters.\n",
+ "TERM environment must be 1..%d characters.\n",
MAX_NAME_SIZE,
free(myname));
}
diff --git a/ncurses/tinfo/lib_tparm.c b/ncurses/tinfo/lib_tparm.c
index 72d8813..9d41b60 100644
--- a/ncurses/tinfo/lib_tparm.c
+++ b/ncurses/tinfo/lib_tparm.c
@@ -53,7 +53,7 @@
#include <ctype.h>
#include <tic.h>
-MODULE_ID("$Id: lib_tparm.c,v 1.134 2021/08/21 21:52:08 tom Exp $")
+MODULE_ID("$Id: lib_tparm.c,v 1.150 2023/06/24 16:12:52 tom Exp $")
/*
* char *
@@ -798,6 +798,11 @@ tparam_internal(TPARM_STATE *tps, const char *string, TPARM_DATA *data)
tparm_trace_call(tps, string, data);
+ if (TPS(fmt_buff) == NULL) {
+ T((T_RETURN("<null>")));
+ return NULL;
+ }
+
while ((cp - string) < (int) len2) {
if (*cp != '%') {
save_char(tps, UChar(*cp));
diff --git a/ncurses/tty/hardscroll.c b/ncurses/tty/hardscroll.c
index abb21cf..d66aa99 100644
--- a/ncurses/tty/hardscroll.c
+++ b/ncurses/tty/hardscroll.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright 2020 Thomas E. Dickey *
+ * Copyright 2020,2023 Thomas E. Dickey *
* Copyright 1998-2015,2016 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
@@ -148,7 +148,7 @@ AUTHOR
#include <curses.priv.h>
-MODULE_ID("$Id: hardscroll.c,v 1.54 2020/02/02 23:34:34 tom Exp $")
+MODULE_ID("$Id: hardscroll.c,v 1.56 2023/06/24 22:55:24 tom Exp $")
#if defined(SCROLLDEBUG) || defined(HASHDEBUG)
@@ -204,13 +204,19 @@ NCURSES_SP_NAME(_nc_scroll_optimize) (NCURSES_SP_DCL0)
int *new_oldnums = typeRealloc(int,
(size_t) need_lines,
oldnums(SP_PARM));
- if (!new_oldnums)
+ if (!new_oldnums) {
+ TR(TRACE_ICALLS, (T_RETURN("")));
return;
+ }
oldnums(SP_PARM) = new_oldnums;
OLDNUM_SIZE(SP_PARM) = need_lines;
}
/* calculate the indices */
NCURSES_SP_NAME(_nc_hash_map) (NCURSES_SP_ARG);
+ if (SP_PARM->hashtab_len < screen_lines(SP_PARM)) {
+ TR(TRACE_ICALLS, (T_RETURN("")));
+ return;
+ }
#endif
#endif /* !defined(SCROLLDEBUG) && !defined(HASHDEBUG) */
--
2.33.0

77
ncurses.spec
View File

@ -1,15 +1,6 @@
%if %{?openEuler:1}0
%global ENABLE_RELOC 0
%endif
%if %{ENABLE_RELOC}
%global ldflags_options -Wl,--emit-relocs
%endif
Name: ncurses
Version: 6.3
Release: 10
Release: 15
Summary: Terminal control library
License: MIT
URL: https://invisible-island.net/ncurses/ncurses.html
@ -20,6 +11,12 @@ Patch9: ncurses-libs.patch
Patch11: ncurses-urxvt.patch
Patch12: ncurses-kbs.patch
Patch13: backport-CVE-2022-29458.patch
Patch14: backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
Patch15: backport-0002-CVE-2023-29491-env-access.patch
Patch16: backport-fix-for-out-of-memory-condition.patch
Patch17: backport-fix-coredump-when-use-Memmove.patch
Patch18: backport-CVE-2023-50495.patch
Patch19: backport-CVE-2023-45918.patch
BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
@ -96,16 +93,6 @@ Requires: %{name} = %{version}-%{release}
This package contains development documentation, manuals
for interface function, and related documents.
%if %{?ENABLE_RELOC}
%package relocation
Summary: Relocations for %{name}
Requires: %{name}-libs = %{version}-%{release}
BuildRequires: sysboost-devel
%description relocation
Relocations for %{name}
%endif
%prep
%autosetup -n %{name}-%{version} -p1
@ -116,7 +103,7 @@ done
%build
common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
--enable-pc-files --enable-xmc-glitch --disable-wattr-macros \
--enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
--with-cxx-shared --with-ospeed=unsigned \
--with-pkg-config-libdir=%{_libdir}/pkgconfig \
--with-shared \
@ -142,7 +129,7 @@ for abi in 5 6; do
[ $abi = 5 ] && echo $abi5_options
[ $char = widec ] && echo --enable-widec
[ $progs = yes ] || echo --without-progs
) LDFLAGS="%{?ldflags_options}"
)
make %{?_smp_mflags} libs
[ $progs = yes ] && make %{?_smp_mflags} -C progs
@ -150,11 +137,6 @@ for abi in 5 6; do
popd
done
done
%if %{?ENABLE_RELOC}
objreloc widec6/lib/libtinfo.so.%{version}
mv -f widec6/lib/libtinfo.so.%{version}.relocation ${RPM_BUILD_DIR}/libtinfo.so.%{version}.relocation
rm -rf widec6/lib/libtinfo.so.%{version}.prim
%endif
%install
make -C narrowc5 DESTDIR=$RPM_BUILD_ROOT install.libs
@ -164,12 +146,6 @@ make -C narrowc6 DESTDIR=$RPM_BUILD_ROOT install.libs
rm ${RPM_BUILD_ROOT}%{_libdir}/lib{tic,tinfo}.so.6*
make -C widec6 DESTDIR=$RPM_BUILD_ROOT install.{libs,progs,data,includes,man}
%if %{?ENABLE_RELOC}
mkdir -p ${RPM_BUILD_ROOT}/usr/lib/relocation/%{_libdir}
mv ${RPM_BUILD_DIR}/libtinfo.so.%{version}.relocation ${RPM_BUILD_ROOT}/usr/lib/relocation/%{_libdir}libtinfo.so.%{version}.relocation
chmod 400 ${RPM_BUILD_ROOT}/usr/lib/relocation/%{_libdir}libtinfo.so.%{version}.relocation
%endif
chmod 755 ${RPM_BUILD_ROOT}%{_libdir}/lib*.so.*.*
chmod 644 ${RPM_BUILD_ROOT}%{_libdir}/lib*.a
@ -275,12 +251,37 @@ xz NEWS
%{_mandir}/man5/*
%{_mandir}/man7/*
%if %{?ENABLE_RELOC}
%files relocation
/usr/lib/relocation/%{_libdir}libtinfo.so.%{version}.relocation
%endif
%changelog
* Wed Feb 28 2024 liutie <liutie4@huawei.com> - 6.3-15
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sysboost no longer needs relocation, so remove it.
* Tue Jan 30 2024 yanglu <yanglu72@h-partners.com> - 6.3-14
- Type:CVE
- ID:CVE-2023-45918
- SUG:NA
- DESC:fix CVE-2023-45918
* Fri Dec 15 2023 yanglu <yanglu72@h-partners.com> - 6.3-13
- Type:CVE
- ID:CVE-2023-50495
- SUG:NA
- DESC:fix CVE-2023-50495
* Tue Jul 04 2023 yanglu <yanglu72@h-partners.com> - 6.3-12
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fixes for out-of-memory condition
* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.3-11
- Type:CVE
- ID:CVE-2023-29491
- SUG:NA
- DESC: fix CVE-2023-29491
* Mon Jun 5 2023 liutie <liutie4@huawei.com> - 6.3-10
- Type:enhancement
- ID:NA