From cc24cd13a8637fdc3228347152cbaea7dd8f56e2 Mon Sep 17 00:00:00 2001
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Date: Fri, 18 May 2018 08:32:42 +0000
Subject: [PATCH] ncurses: CVE-2018-10754
# ncurses 6.1 - patch 20180414 - Thomas E. Dickey
#
# ------------------------------------------------------------------------------
#
# Ncurses 6.1 is at
# ftp.gnu.org:/pub/gnu
#
# Patches for ncurses 6.1 can be found at
# ftp://ftp.invisible-island.net/ncurses/6.1
# http://invisible-mirror.net/archives/ncurses/6.1
#
# ------------------------------------------------------------------------------
# ftp://ftp.invisible-island.net/ncurses/6.1/ncurses-6.1-20180414.patch.gz
# patch by Thomas E. Dickey <dickey@invisible-island.net>
# created Sat Apr 14 22:50:05 UTC 2018
Upstream-Status: Backport
CVE: CVE-2018-10754
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
form/form.h | 5 +++--
form/form.priv.h | 7 ++++---
form/frm_driver.c | 24 +++++++++++++++++++-----
ncurses/curses.priv.h | 2 --
ncurses/llib-lncursestw | 9 ++-------
ncurses/llib-lncursesw | 8 +-------
ncurses/llib-ltinfotw | 8 +-------
ncurses/llib-ltinfow | 8 +-------
ncurses/tinfo/alloc_entry.c | 7 +++++--
ncurses/tinfo/alloc_ttype.c | 24 ++++++++++--------------
ncurses/tinfo/comp_parse.c | 6 +++++-
ncurses/tinfo/parse_entry.c | 8 +++++---
ncurses/tinfo/read_entry.c | 3 +++
13 files changed, 59 insertions(+), 60 deletions(-)
diff --git a/form/form.h b/form/form.h
index f11807f5..1d4c241d 100644
--- a/form/form.h
+++ b/form/form.h
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 1998-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -30,7 +30,7 @@
* Author: Juergen Pfeifer, 1995,1997 *
****************************************************************************/
-/* $Id: form.h,v 0.27 2017/02/11 16:35:42 tom Exp $ */
+/* $Id: form.h,v 0.28 2018/04/14 21:06:21 Leon.Winter Exp $ */
#ifndef FORM_H
#define FORM_H
@@ -222,6 +222,7 @@ typedef void (*Form_Hook)(FORM *);
#define O_STATIC (0x0200U)
#define O_DYNAMIC_JUSTIFY (0x0400U) /* ncurses extension */
#define O_NO_LEFT_STRIP (0x0800U) /* ncurses extension */
+#define O_EDGE_INSERT_STAY (0x1000U) /* ncurses extension */
/* form options */
#define O_NL_OVERLOAD (0x0001U)
diff --git a/form/form.priv.h b/form/form.priv.h
index ad25ec2d..e48a9f26 100644
--- a/form/form.priv.h
+++ b/form/form.priv.h
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 1998-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -30,7 +30,7 @@
* Author: Juergen Pfeifer, 1995,1997 *
****************************************************************************/
-/* $Id: form.priv.h,v 0.42 2017/02/11 16:12:19 tom Exp $ */
+/* $Id: form.priv.h,v 0.43 2018/04/14 21:06:14 Leon.Winter Exp $ */
#ifndef FORM_PRIV_H
#define FORM_PRIV_H 1
@@ -166,7 +166,8 @@ TypeArgument;
#define ALL_FIELD_OPTS (Field_Options)( \
STD_FIELD_OPTS |\
O_DYNAMIC_JUSTIFY |\
- O_NO_LEFT_STRIP)
+ O_NO_LEFT_STRIP |\
+ O_EDGE_INSERT_STAY)
#define C_BLANK ' '
#define is_blank(c) ((c)==C_BLANK)
diff --git a/form/frm_driver.c b/form/frm_driver.c
index 45e323f7..7ed06ef7 100644
--- a/form/frm_driver.c
+++ b/form/frm_driver.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 1998-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -808,6 +808,7 @@ _nc_Position_Form_Cursor(FORM *form)
{
FIELD *field;
WINDOW *formwin;
+ int row, col;
if (!form)
return (E_BAD_ARGUMENT);
@@ -818,14 +819,17 @@ _nc_Position_Form_Cursor(FORM *form)
field = form->current;
formwin = Get_Form_Window(form);
- wmove(form->w, form->currow, form->curcol);
+ col = Field_Has_Option(field, O_PUBLIC) ? form->curcol : form->begincol;
+ row = Field_Has_Option(field, O_PUBLIC) ? form->currow : form->toprow;
+
+ wmove(form->w, row, col);
if (Has_Invisible_Parts(field))
{
/* in this case fieldwin isn't derived from formwin, so we have
to move the cursor in formwin by hand... */
wmove(formwin,
- field->frow + form->currow - form->toprow,
- field->fcol + form->curcol - form->begincol);
+ field->frow + row - form->toprow,
+ field->fcol + col - form->begincol);
wcursyncup(formwin);
}
else
@@ -844,6 +848,7 @@ _nc_Position_Form_Cursor(FORM *form)
| E_BAD_ARGUMENT - invalid form pointer
| E_SYSTEM_ERROR - general error
+--------------------------------------------------------------------------*/
+static bool move_after_insert = true;
NCURSES_EXPORT(int)
_nc_Refresh_Current_Field(FORM *form)
{
@@ -875,7 +880,8 @@ _nc_Refresh_Current_Field(FORM *form)
else
{
if (form->curcol >= (form->begincol + field->cols))
- form->begincol = form->curcol - field->cols + 1;
+ form->begincol = form->curcol - field->cols
+ + (move_after_insert ? 1 : 0);
}
copywin(form->w,
formwin,
@@ -4158,6 +4164,12 @@ Data_Entry(FORM *form, int c)
bool End_Of_Field = (((field->drows - 1) == form->currow) &&
((field->dcols - 1) == form->curcol));
+ if (Field_Has_Option(field, O_EDGE_INSERT_STAY))
+ move_after_insert = !!(form->curcol
+ - form->begincol
+ - field->cols
+ + 1);
+
SetStatus(form, _WINDOW_MODIFIED);
if (End_Of_Field && !Growable(field) && (Field_Has_Option(field, O_AUTOSKIP)))
result = Inter_Field_Navigation(FN_Next_Field, form);
@@ -4322,6 +4334,8 @@ form_driver(FORM *form, int c)
const Binding_Info *BI = (Binding_Info *) 0;
int res = E_UNKNOWN_COMMAND;
+ move_after_insert = true;
+
T((T_CALLED("form_driver(%p,%d)"), (void *)form, c));
if (!form)
diff --git a/ncurses/curses.priv.h b/ncurses/curses.priv.h
index 839d5b35..aec86543 100644
--- a/ncurses/curses.priv.h
+++ b/ncurses/curses.priv.h
@@ -2170,11 +2170,9 @@ extern NCURSES_EXPORT(const TERMTYPE2 *) _nc_fallback2 (const char *);
#if NCURSES_EXT_NUMBERS
extern NCURSES_EXPORT(void) _nc_copy_termtype2 (TERMTYPE2 *, const TERMTYPE2 *);
extern NCURSES_EXPORT(void) _nc_export_termtype2(TERMTYPE *, const TERMTYPE2 *);
-extern NCURSES_EXPORT(void) _nc_import_termtype2(TERMTYPE2 *, const TERMTYPE *);
#else
#define _nc_copy_termtype2(dst,src) _nc_copy_termtype((dst),(src))
#define _nc_export_termtype2(dst,src) /* nothing */
-#define _nc_import_termtype2(dst,src) /* nothing */
#define _nc_free_termtype2(t) _nc_free_termtype(t)
/* also... */
#define _nc_read_entry2 _nc_read_entry
diff --git a/ncurses/llib-lncursestw b/ncurses/llib-lncursestw
index f4c211d3..e056ce55 100644
--- a/ncurses/llib-lncursestw
+++ b/ncurses/llib-lncursestw
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 2009-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 2009-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -34,6 +34,7 @@
/* ./tty/hardscroll.c */
#include <curses.priv.h>
+
#undef _nc_oldnums
int *_nc_oldnums;
@@ -3741,12 +3742,6 @@ void _nc_export_termtype2(
const TERMTYPE2 *src)
{ /* void */ }
-#undef _nc_import_termtype2
-void _nc_import_termtype2(
- TERMTYPE2 *dst,
- const TERMTYPE *src)
- { /* void */ }
-
/* ./codes.c */
#undef _nc_boolcodes
diff --git a/ncurses/llib-lncursesw b/ncurses/llib-lncursesw
index 8aacf053..c16f0783 100644
--- a/ncurses/llib-lncursesw
+++ b/ncurses/llib-lncursesw
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 2001-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 2001-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -3732,12 +3732,6 @@ void _nc_export_termtype2(
const TERMTYPE2 *src)
{ /* void */ }
-#undef _nc_import_termtype2
-void _nc_import_termtype2(
- TERMTYPE2 *dst,
- const TERMTYPE *src)
- { /* void */ }
-
/* ./codes.c */
#undef boolcodes
diff --git a/ncurses/llib-ltinfotw b/ncurses/llib-ltinfotw
index 31376b54..eba1d95c 100644
--- a/ncurses/llib-ltinfotw
+++ b/ncurses/llib-ltinfotw
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 2012-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 2012-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -110,12 +110,6 @@ void _nc_export_termtype2(
const TERMTYPE2 *src)
{ /* void */ }
-#undef _nc_import_termtype2
-void _nc_import_termtype2(
- TERMTYPE2 *dst,
- const TERMTYPE *src)
- { /* void */ }
-
/* ./codes.c */
#undef _nc_boolcodes
diff --git a/ncurses/llib-ltinfow b/ncurses/llib-ltinfow
index 5b8411c2..9ab9de0b 100644
--- a/ncurses/llib-ltinfow
+++ b/ncurses/llib-ltinfow
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 2012-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 2012-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -110,12 +110,6 @@ void _nc_export_termtype2(
const TERMTYPE2 *src)
{ /* void */ }
-#undef _nc_import_termtype2
-void _nc_import_termtype2(
- TERMTYPE2 *dst,
- const TERMTYPE *src)
- { /* void */ }
-
/* ./codes.c */
#undef boolcodes
diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c
index 09374d6e..fe7892f4 100644
--- a/ncurses/tinfo/alloc_entry.c
+++ b/ncurses/tinfo/alloc_entry.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 1998-2013,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -47,7 +47,7 @@
#include <tic.h>
-MODULE_ID("$Id: alloc_entry.c,v 1.61 2017/08/25 09:09:08 tom Exp $")
+MODULE_ID("$Id: alloc_entry.c,v 1.62 2018/04/14 20:32:09 tom Exp $")
#define ABSENT_OFFSET -1
#define CANCELLED_OFFSET -2
@@ -229,6 +229,9 @@ _nc_merge_entry(ENTRY * const target, ENTRY * const source)
TERMTYPE2 *from = &(source->tterm);
unsigned i;
+ if (source == 0 || from == 0 || target == 0 || to == 0)
+ return;
+
#if NCURSES_XNAMES
_nc_align_termtype(to, from);
#endif
diff --git a/ncurses/tinfo/alloc_ttype.c b/ncurses/tinfo/alloc_ttype.c
index 4a1b6913..6e830d0f 100644
--- a/ncurses/tinfo/alloc_ttype.c
+++ b/ncurses/tinfo/alloc_ttype.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 1999-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 1999-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -42,7 +42,7 @@
#include <tic.h>
-MODULE_ID("$Id: alloc_ttype.c,v 1.29 2017/04/09 23:15:34 tom Exp $")
+MODULE_ID("$Id: alloc_ttype.c,v 1.30 2018/04/14 19:24:54 tom Exp $")
#if NCURSES_XNAMES
/*
@@ -388,12 +388,16 @@ adjust_cancels(TERMTYPE2 *to, TERMTYPE2 *from)
NCURSES_EXPORT(void)
_nc_align_termtype(TERMTYPE2 *to, TERMTYPE2 *from)
{
- int na = (int) NUM_EXT_NAMES(to);
- int nb = (int) NUM_EXT_NAMES(from);
+ int na;
+ int nb;
char **ext_Names;
- DEBUG(2, ("align_termtype to(%d:%s), from(%d:%s)", na, to->term_names,
- nb, from->term_names));
+ na = to ? ((int) NUM_EXT_NAMES(to)) : 0;
+ nb = from ? ((int) NUM_EXT_NAMES(from)) : 0;
+
+ DEBUG(2, ("align_termtype to(%d:%s), from(%d:%s)",
+ na, to ? NonNull(to->term_names) : "?",
+ nb, from ? NonNull(from->term_names) : "?"));
if (na != 0 || nb != 0) {
int ext_Booleans, ext_Numbers, ext_Strings;
@@ -592,12 +596,4 @@ _nc_export_termtype2(TERMTYPE *dst, const TERMTYPE2 *src)
DEBUG(2, ("_nc_export_termtype2..."));
copy_termtype((TERMTYPE2 *) dst, src, srcINT);
}
-
-/* FIXME - this will go away when conversion is complete */
-NCURSES_EXPORT(void)
-_nc_import_termtype2(TERMTYPE2 *dst, const TERMTYPE *src)
-{
- DEBUG(2, ("_nc_import_termtype2..."));
- copy_termtype(dst, (const TERMTYPE2 *) src, dstINT);
-}
#endif /* NCURSES_EXT_NUMBERS */
diff --git a/ncurses/tinfo/comp_parse.c b/ncurses/tinfo/comp_parse.c
index 580d4df2..d4875b27 100644
--- a/ncurses/tinfo/comp_parse.c
+++ b/ncurses/tinfo/comp_parse.c
@@ -317,6 +317,9 @@ _nc_resolve_uses2(bool fullresolve, bool literal)
char *lookfor = qp->uses[i].name;
long lookline = qp->uses[i].line;
+ if (lookfor == 0)
+ continue;
+
foundit = FALSE;
_nc_set_type(child);
@@ -394,7 +397,8 @@ _nc_resolve_uses2(bool fullresolve, bool literal)
* subsequent pass.
*/
for (i = 0; i < qp->nuses; i++)
- if (qp->uses[i].link->nuses) {
+ if (qp->uses[i].link
+ && qp->uses[i].link->nuses) {
DEBUG(2, ("%s: use entry %d unresolved",
_nc_first_name(qp->tterm.term_names), i));
goto incomplete;
diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
index bbbfcb27..0389767b 100644
--- a/ncurses/tinfo/parse_entry.c
+++ b/ncurses/tinfo/parse_entry.c
@@ -1,5 +1,5 @@
/****************************************************************************
- * Copyright (c) 1998-2016,2017 Free Software Foundation, Inc. *
+ * Copyright (c) 1998-2017,2018 Free Software Foundation, Inc. *
* *
* Permission is hereby granted, free of charge, to any person obtaining a *
* copy of this software and associated documentation files (the *
@@ -543,9 +543,11 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
* Otherwise, look for a base entry that will already
* have picked up defaults via translation.
*/
- for (i = 0; i < entryp->nuses; i++)
- if (!strchr((char *) entryp->uses[i].name, '+'))
+ for (i = 0; i < entryp->nuses; i++) {
+ if (entryp->uses[i].name != 0
+ && !strchr(entryp->uses[i].name, '+'))
has_base_entry = TRUE;
+ }
}
postprocess_termcap(&entryp->tterm, has_base_entry);
diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
index 3cb02410..dc8ddba8 100644
--- a/ncurses/tinfo/read_entry.c
+++ b/ncurses/tinfo/read_entry.c
@@ -717,6 +717,9 @@ _nc_read_entry2(const char *const name, char *const filename, TERMTYPE2 *const t
{
int code = TGETENT_NO;
+ if (name == 0)
+ return _nc_read_entry2("", filename, tp);
+
_nc_SPRINTF(filename, _nc_SLIMIT(PATH_MAX)
"%.*s", PATH_MAX - 1, name);
--
2.13.3
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
433b4553d08bedca8e02e6e6ae3bd100
>
files
>
3
