diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-21 16:48:02 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-08-21 16:50:24 +0200 |
| commit | d510fa929a7f6ede654295930273de33fd0e9b15 (patch) | |
| tree | 563b966a324f8bfd882599e53773d562eba024a9 | |
| parent | d87903ef0e2c9558f9ca6a23af7eb28438a10ccf (diff) | |
| download | aports-d510fa929a7f6ede654295930273de33fd0e9b15.tar.bz2 aports-d510fa929a7f6ede654295930273de33fd0e9b15.tar.xz | |
main/ncurses: backport security fix (CVE-2018-10754)
fixes #9284
| -rw-r--r-- | main/ncurses/APKBUILD | 12 | ||||
| -rw-r--r-- | main/ncurses/CVE-2018-10754.patch | 17 |
2 files changed, 25 insertions, 4 deletions
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD index 8335265258..69e149a738 100644 --- a/main/ncurses/APKBUILD +++ b/main/ncurses/APKBUILD @@ -2,21 +2,24 @@ pkgname=ncurses pkgver=6.0_p20171125 _ver=${pkgver%_p*}-${pkgver#*_p} -pkgrel=0 +pkgrel=1 pkgdesc="Console display library" url="http://www.gnu.org/software/ncurses/" arch="all" license=MIT depends= makedepends_build="ncurses" -source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz" - +source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz + CVE-2018-10754.patch + " subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-terminfo-base:base $pkgname-terminfo $pkgname-libs" builddir="$srcdir"/ncurses-$_ver # secfixes: +# 6.0_p20171125-r1: +# - CVE-2018-10754 # 6.0_p20171125-r0: # - CVE-2017-16879 # 6.0_p20170930-r0: @@ -112,4 +115,5 @@ static() { mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/ } -sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz" +sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz +215c93fcb9ff1dd112454262b0b42bfc9c27b17cb46950899451f515a862e3db78e5bd021f1cd13bccb032d8a1f8ca17e07cfe9c940457d309a1c3895819138f CVE-2018-10754.patch" diff --git a/main/ncurses/CVE-2018-10754.patch b/main/ncurses/CVE-2018-10754.patch new file mode 100644 index 0000000000..377caa3b40 --- /dev/null +++ b/main/ncurses/CVE-2018-10754.patch @@ -0,0 +1,17 @@ +Index: ncurses/tinfo/parse_entry.c +--- ncurses-6.1-20180407+/ncurses/tinfo/parse_entry.c 2017-08-26 19:49:50.000000000 +0000 ++++ ncurses-6.1-20180414/ncurses/tinfo/parse_entry.c 2018-04-14 17:41:12.000000000 +0000 +@@ -543,9 +543,11 @@ + * Otherwise, look for a base entry that will already + * have picked up defaults via translation. + */ +- for (i = 0; i < entryp->nuses; i++) +- if (!strchr((char *) entryp->uses[i].name, '+')) ++ for (i = 0; i < entryp->nuses; i++) { ++ if (entryp->uses[i].name != 0 ++ && !strchr(entryp->uses[i].name, '+')) + has_base_entry = TRUE; ++ } + } + + postprocess_termcap(&entryp->tterm, has_base_entry); |