mirror of
https://gitee.com/openharmony/third_party_ncurses
synced 2024-11-26 23:50:58 +00:00
openharmony_ci
Gitee
commit
5d2caa5c99
92
backport-CVE-2023-50495.patch
Normal file
92
backport-CVE-2023-50495.patch
Normal file
@ -0,0 +1,92 @@
|
||||
From efe9674ee14b14b788f9618941f97d31742f0adc Mon Sep 17 00:00:00 2001
|
||||
From: "Thomas E. Dickey" <dickey@invisible-island.net>
|
||||
Date: Mon, 24 Apr 2023 23:14:45 +0000
|
||||
Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230424
|
||||
|
||||
Conflict:remove unnecessary modifications
|
||||
Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc#diff-92910179510f7aaf9b70441f3c70521140faa34a192f9e28671ee40bbf052dc4
|
||||
---
|
||||
ncurses/tinfo/parse_entry.c | 27 ++++++++++++++++++---------
|
||||
1 file changed, 18 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
|
||||
index a77cd0b..5390146 100644
|
||||
--- a/ncurses/tinfo/parse_entry.c
|
||||
+++ b/ncurses/tinfo/parse_entry.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/****************************************************************************
|
||||
- * Copyright 2018-2020,2021 Thomas E. Dickey *
|
||||
+ * Copyright 2018-2022,2023 Thomas E. Dickey *
|
||||
* Copyright 1998-2016,2017 Free Software Foundation, Inc. *
|
||||
* *
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a *
|
||||
@@ -48,7 +48,7 @@
|
||||
#include <ctype.h>
|
||||
#include <tic.h>
|
||||
|
||||
-MODULE_ID("$Id: parse_entry.c,v 1.102 2021/09/04 10:54:35 tom Exp $")
|
||||
+MODULE_ID("$Id: parse_entry.c,v 1.108 2023/04/24 22:32:33 tom Exp $")
|
||||
|
||||
#ifdef LINT
|
||||
static short const parametrized[] =
|
||||
@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
|
||||
/* Well, we are given a cancel for a name that we don't recognize */
|
||||
return _nc_extend_names(entryp, name, STRING);
|
||||
default:
|
||||
- return 0;
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
/* Adjust the 'offset' (insertion-point) to keep the lists of extended
|
||||
@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
|
||||
for (last = (unsigned) (max - 1); last > tindex; last--)
|
||||
|
||||
if (!found) {
|
||||
+ char *saved;
|
||||
+
|
||||
+ if ((saved = _nc_save_str(name)) == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
switch (token_type) {
|
||||
case BOOLEAN:
|
||||
tp->ext_Booleans++;
|
||||
@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
|
||||
TYPE_REALLOC(char *, actual, tp->ext_Names);
|
||||
while (--actual > offset)
|
||||
tp->ext_Names[actual] = tp->ext_Names[actual - 1];
|
||||
- tp->ext_Names[offset] = _nc_save_str(name);
|
||||
+ tp->ext_Names[offset] = saved;
|
||||
}
|
||||
|
||||
temp.nte_name = tp->ext_Names[offset];
|
||||
@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
|
||||
bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
|
||||
bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
|
||||
if (is_use || is_tc) {
|
||||
+ char *saved;
|
||||
+
|
||||
if (!VALID_STRING(_nc_curr_token.tk_valstring)
|
||||
|| _nc_curr_token.tk_valstring[0] == '\0') {
|
||||
_nc_warning("missing name for use-clause");
|
||||
@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
|
||||
_nc_curr_token.tk_valstring);
|
||||
continue;
|
||||
}
|
||||
- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
|
||||
- entryp->uses[entryp->nuses].line = _nc_curr_line;
|
||||
- entryp->nuses++;
|
||||
- if (entryp->nuses > 1 && is_tc) {
|
||||
- BAD_TC_USAGE
|
||||
+ if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
|
||||
+ entryp->uses[entryp->nuses].name = saved;
|
||||
+ entryp->uses[entryp->nuses].line = _nc_curr_line;
|
||||
+ entryp->nuses++;
|
||||
+ if (entryp->nuses > 1 && is_tc) {
|
||||
+ BAD_TC_USAGE
|
||||
+ }
|
||||
}
|
||||
} else {
|
||||
/* normal token lookup */
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: ncurses
|
||||
Version: 6.3
|
||||
Release: 7
|
||||
Release: 9
|
||||
Summary: Terminal control library
|
||||
License: MIT
|
||||
URL: https://invisible-island.net/ncurses/ncurses.html
|
||||
@ -13,6 +13,7 @@ Patch12: ncurses-kbs.patch
|
||||
Patch13: backport-CVE-2022-29458.patch
|
||||
Patch14: backport-0001-CVE-2023-29491-fix-configure-root-args-option.patch
|
||||
Patch15: backport-0002-CVE-2023-29491-env-access.patch
|
||||
Patch18: backport-CVE-2023-50495.patch
|
||||
|
||||
BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
|
||||
|
||||
@ -248,6 +249,12 @@ xz NEWS
|
||||
%{_mandir}/man7/*
|
||||
|
||||
%changelog
|
||||
* Fri Dec 15 2023 yanglu <yanglu72@h-partners.com> - 6.3-9
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-50495
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2023-50495
|
||||
|
||||
* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.3-7
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-29491
|
||||
|
||||
Loading…
Reference in New Issue
Block a user