Commit ff4efecd authored by Natanael Copa's avatar Natanael Copa
Browse files

main/ncurses: backport security fix (CVE-2018-10754)

fixes #9283
parent 896ae53d
......@@ -2,22 +2,26 @@
pkgname=ncurses
pkgver=6.0_p20171125
_ver=${pkgver%_p*}-${pkgver#*_p}
pkgrel=0
pkgrel=1
pkgdesc="Console display library"
url="https://www.gnu.org/software/ncurses/"
arch="all"
license=MIT
depends=
makedepends_build="ncurses"
source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz"
source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz
CVE-2018-10754.patch
"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc
$pkgname-terminfo-base:base $pkgname-terminfo $pkgname-libs"
builddir="$srcdir"/ncurses-$_ver
# secfixes:
# 6.0_p20171125-r1:
# - CVE-2018-10754
# 6.0_p20171125-r0:
# - CVE-2017-16879
# - CVE-2017-16879
# 6.0_p20170701-r0:
# - CVE-2017-10684
......@@ -100,4 +104,5 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
}
sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz"
sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz
215c93fcb9ff1dd112454262b0b42bfc9c27b17cb46950899451f515a862e3db78e5bd021f1cd13bccb032d8a1f8ca17e07cfe9c940457d309a1c3895819138f CVE-2018-10754.patch"
Index: ncurses/tinfo/parse_entry.c
--- ncurses-6.1-20180407+/ncurses/tinfo/parse_entry.c 2017-08-26 19:49:50.000000000 +0000
+++ ncurses-6.1-20180414/ncurses/tinfo/parse_entry.c 2018-04-14 17:41:12.000000000 +0000
@@ -543,9 +543,11 @@
* Otherwise, look for a base entry that will already
* have picked up defaults via translation.
*/
- for (i = 0; i < entryp->nuses; i++)
- if (!strchr((char *) entryp->uses[i].name, '+'))
+ for (i = 0; i < entryp->nuses; i++) {
+ if (entryp->uses[i].name != 0
+ && !strchr(entryp->uses[i].name, '+'))
has_base_entry = TRUE;
+ }
}
postprocess_termcap(&entryp->tterm, has_base_entry);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment