aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2018-08-21 16:48:02 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2018-08-21 16:48:02 +0200
commitff4efecdcffad26aa12170ab4e4b867f8f1d4c62 (patch)
tree3e39d445d05ddc42962dc40f4a5548651b6c8aab
parent896ae53d1849faa57ea676acd47332399c11bae7 (diff)
downloadaports-ff4efecdcffad26aa12170ab4e4b867f8f1d4c62.tar.gz
aports-ff4efecdcffad26aa12170ab4e4b867f8f1d4c62.tar.bz2
aports-ff4efecdcffad26aa12170ab4e4b867f8f1d4c62.tar.xz
main/ncurses: backport security fix (CVE-2018-10754)
fixes #9283
-rw-r--r--main/ncurses/APKBUILD13
-rw-r--r--main/ncurses/CVE-2018-10754.patch17
2 files changed, 26 insertions, 4 deletions
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
index 32e05af7ee..8ef132184c 100644
--- a/main/ncurses/APKBUILD
+++ b/main/ncurses/APKBUILD
@@ -2,22 +2,26 @@
pkgname=ncurses
pkgver=6.0_p20171125
_ver=${pkgver%_p*}-${pkgver#*_p}
-pkgrel=0
+pkgrel=1
pkgdesc="Console display library"
url="https://www.gnu.org/software/ncurses/"
arch="all"
license=MIT
depends=
makedepends_build="ncurses"
-source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz"
+source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz
+ CVE-2018-10754.patch
+ "
subpackages="$pkgname-static $pkgname-dev $pkgname-doc
$pkgname-terminfo-base:base $pkgname-terminfo $pkgname-libs"
builddir="$srcdir"/ncurses-$_ver
# secfixes:
+# 6.0_p20171125-r1:
+# - CVE-2018-10754
# 6.0_p20171125-r0:
-# - CVE-2017-16879
+# - CVE-2017-16879
# 6.0_p20170701-r0:
# - CVE-2017-10684
@@ -100,4 +104,5 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
}
-sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz"
+sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz
+215c93fcb9ff1dd112454262b0b42bfc9c27b17cb46950899451f515a862e3db78e5bd021f1cd13bccb032d8a1f8ca17e07cfe9c940457d309a1c3895819138f CVE-2018-10754.patch"
diff --git a/main/ncurses/CVE-2018-10754.patch b/main/ncurses/CVE-2018-10754.patch
new file mode 100644
index 0000000000..377caa3b40
--- /dev/null
+++ b/main/ncurses/CVE-2018-10754.patch
@@ -0,0 +1,17 @@
+Index: ncurses/tinfo/parse_entry.c
+--- ncurses-6.1-20180407+/ncurses/tinfo/parse_entry.c 2017-08-26 19:49:50.000000000 +0000
++++ ncurses-6.1-20180414/ncurses/tinfo/parse_entry.c 2018-04-14 17:41:12.000000000 +0000
+@@ -543,9 +543,11 @@
+ * Otherwise, look for a base entry that will already
+ * have picked up defaults via translation.
+ */
+- for (i = 0; i < entryp->nuses; i++)
+- if (!strchr((char *) entryp->uses[i].name, '+'))
++ for (i = 0; i < entryp->nuses; i++) {
++ if (entryp->uses[i].name != 0
++ && !strchr(entryp->uses[i].name, '+'))
+ has_base_entry = TRUE;
++ }
+ }
+
+ postprocess_termcap(&entryp->tterm, has_base_entry);