diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
index 50b49e103274ddc00925b4c955fc1cc90b6f8bf5..c5e50e96d12ad2ebe52227f16ae5276b4fb4677e 100644
--- a/main/ncurses/APKBUILD
+++ b/main/ncurses/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=ncurses
 pkgver=6.3_p20221119
 _pkgver=${pkgver/_p/-}
-pkgrel=0
+pkgrel=1
 pkgdesc="Console display library"
 url="https://invisible-island.net/ncurses/"
 arch="all"
@@ -18,12 +18,16 @@ subpackages="
 	$pkgname-terminfo:terminfo:noarch
 	"
 _kitty_ver=0.25.2  # see comment in package()
-source="https://invisible-mirror.net/archives/ncurses/current/ncurses-$_pkgver.tgz
+source="https://invisible-mirror.net/archives/ncurses/archive/ncurses-$_pkgver.tgz
 	xterm-kitty-$_kitty_ver::https://github.com/kovidgoyal/kitty/raw/v$_kitty_ver/terminfo/x/xterm-kitty
+	fix-configure-root-args-option.patch
+	root-environ-only-setuid.patch
 	"
 builddir="$srcdir/$pkgname-$_pkgver"
 
 # secfixes:
+#   6.3_p20221119-r1:
+#     - CVE-2023-29491
 #   6.3_p20220416-r0:
 #     - CVE-2022-29458
 #   6.2_p20200530-r0:
@@ -81,6 +85,7 @@ build() {
 		--without-ada \
 		--without-tests \
 		--disable-termcap \
+		--disable-root-environ \
 		--disable-rpath-hack \
 		--disable-stripping \
 		--with-pkg-config-libdir=/usr/lib/pkgconfig \
@@ -165,4 +170,6 @@ base() {
 sha512sums="
 49a25f0d6481965121e808c5e470d1e6978ca140ce6d72f8bf79ee2e1a1cc8be7f41d4f1b8ee8b80a667bf77f593c5e91e6f502c5e5320967a5597ad7ea04225  ncurses-6.3-20221119.tgz
 76da551cffa16313933310c71eb7363ef0e35e14cd9c4547f5130484e0001195d2fad08978c9369e2519958c799226ebe14d6018b837bf6c6d75f2ad114cf9ba  xterm-kitty-0.25.2
+a075e0f0ed1778466f8da58bed279f5603ce3676afeb5345c228d4c89a42a28755d6a6f9ddcce5c4a364e6b020bf021a8aa63802fa781829c63ef0fdb9fd41c1  fix-configure-root-args-option.patch
+cd0bcf43cb8bc54b2a0189ae20b106a8545e6e3008782f1faa9ea341ac8b05305f5870d6217dbd33009876d32ce3dcc14fc454df4be234187528db27d1351432  root-environ-only-setuid.patch
 "
diff --git a/main/ncurses/fix-configure-root-args-option.patch b/main/ncurses/fix-configure-root-args-option.patch
new file mode 100644
index 0000000000000000000000000000000000000000..970ca1f0667488fa8a7656fb90a174d8e1568066
--- /dev/null
+++ b/main/ncurses/fix-configure-root-args-option.patch
@@ -0,0 +1,19 @@
+disable-root-environ mistakenly also sets disable-root-access. this corrects that (same as latest ncurses)
+--
+diff --git a/configure b/configure
+index 4c39d24..a8e683e 100755
+--- a/configure
++++ b/configure
+@@ -9501,9 +9501,9 @@ EOF
+ echo "$as_me:9501: checking if you want to permit setuid programs to access all files" >&5
+ echo $ECHO_N "checking if you want to permit setuid programs to access all files... $ECHO_C" >&6
+ 
+-# Check whether --enable-root-environ or --disable-root-environ was given.
+-if test "${enable_root_environ+set}" = set; then
+-  enableval="$enable_root_environ"
++# Check whether --enable-root-access or --disable-root-access was given.
++if test "${enable_root_access+set}" = set; then
++  enableval="$enable_root_access"
+   with_root_access=$enableval
+ else
+   with_root_access=yes
diff --git a/main/ncurses/root-environ-only-setuid.patch b/main/ncurses/root-environ-only-setuid.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e786dd7028125b567e189365599d90acf7c3fdb8
--- /dev/null
+++ b/main/ncurses/root-environ-only-setuid.patch
@@ -0,0 +1,35 @@
+Patch-Source: https://sources.debian.org/src/ncurses/6.4-4/debian/patches/debian-env-access.diff/
+we use this to patch CVE-2023-29491,
+by making disable-root-environ functionally equivalent to disable-setuid-environ
+(which only exists in latest ncurses git).
+
+that new option fixes the issue.
+--
+Author: Sven Joachim <svenjoac@gmx.de>
+Description: Change the --disable-root-environ configure option behavior
+ By default, the --disable-root-environ option forbids program run by
+ the superuser to load custom terminfo entries.  This patch changes
+ that to only restrict programs running with elevated privileges,
+ matching the behavior of the --disable-setuid-environ option
+ introduced in the 20230423 upstream patchlevel.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372#29
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00018.html
+Forwarded: not-needed
+Last-Update: 2023-05-01
+
+---
+ ncurses/tinfo/access.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/ncurses/tinfo/access.c
++++ b/ncurses/tinfo/access.c
+@@ -215,8 +215,6 @@ _nc_env_access(void)
+ 
+     if (is_elevated()) {
+ 	result = FALSE;
+-    } else if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
+-	result = FALSE;
+     }
+     return result;
+ }
+