diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-21 16:48:02 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-21 16:48:02 +0200 |
commit | ff4efecdcffad26aa12170ab4e4b867f8f1d4c62 (patch) | |
tree | 3e39d445d05ddc42962dc40f4a5548651b6c8aab | |
parent | 896ae53d1849faa57ea676acd47332399c11bae7 (diff) |
main/ncurses: backport security fix (CVE-2018-10754)
fixes #9283
-rw-r--r-- | main/ncurses/APKBUILD | 13 | ||||
-rw-r--r-- | main/ncurses/CVE-2018-10754.patch | 17 |
2 files changed, 26 insertions, 4 deletions
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD index 32e05af7ee9..8ef132184c6 100644 --- a/main/ncurses/APKBUILD +++ b/main/ncurses/APKBUILD @@ -2,22 +2,26 @@ pkgname=ncurses pkgver=6.0_p20171125 _ver=${pkgver%_p*}-${pkgver#*_p} -pkgrel=0 +pkgrel=1 pkgdesc="Console display library" url="https://www.gnu.org/software/ncurses/" arch="all" license=MIT depends= makedepends_build="ncurses" -source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz" +source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz + CVE-2018-10754.patch + " subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-terminfo-base:base $pkgname-terminfo $pkgname-libs" builddir="$srcdir"/ncurses-$_ver # secfixes: +# 6.0_p20171125-r1: +# - CVE-2018-10754 # 6.0_p20171125-r0: -# - CVE-2017-16879 +# - CVE-2017-16879 # 6.0_p20170701-r0: # - CVE-2017-10684 @@ -100,4 +104,5 @@ static() { mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/ } -sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz" +sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz +215c93fcb9ff1dd112454262b0b42bfc9c27b17cb46950899451f515a862e3db78e5bd021f1cd13bccb032d8a1f8ca17e07cfe9c940457d309a1c3895819138f CVE-2018-10754.patch" diff --git a/main/ncurses/CVE-2018-10754.patch b/main/ncurses/CVE-2018-10754.patch new file mode 100644 index 00000000000..377caa3b401 --- /dev/null +++ b/main/ncurses/CVE-2018-10754.patch @@ -0,0 +1,17 @@ +Index: ncurses/tinfo/parse_entry.c +--- ncurses-6.1-20180407+/ncurses/tinfo/parse_entry.c 2017-08-26 19:49:50.000000000 +0000 ++++ ncurses-6.1-20180414/ncurses/tinfo/parse_entry.c 2018-04-14 17:41:12.000000000 +0000 +@@ -543,9 +543,11 @@ + * Otherwise, look for a base entry that will already + * have picked up defaults via translation. + */ +- for (i = 0; i < entryp->nuses; i++) +- if (!strchr((char *) entryp->uses[i].name, '+')) ++ for (i = 0; i < entryp->nuses; i++) { ++ if (entryp->uses[i].name != 0 ++ && !strchr(entryp->uses[i].name, '+')) + has_base_entry = TRUE; ++ } + } + + postprocess_termcap(&entryp->tterm, has_base_entry); |