summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/ncurses/files
Commit message (Collapse)AuthorAgeFilesLines
* ncurses: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, ↵Ovidiu Panait2017-09-211-0/+541
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2017-13728, CVE-2017-13731 There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-13734 https://nvd.nist.gov/vuln/detail/CVE-2017-13732 https://nvd.nist.gov/vuln/detail/CVE-2017-13731 https://nvd.nist.gov/vuln/detail/CVE-2017-13730 https://nvd.nist.gov/vuln/detail/CVE-2017-13729 https://nvd.nist.gov/vuln/detail/CVE-2017-13728 Upstream patch: https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926 (From OE-Core rev: 52d0f351062da730055ffc6b953ff4e68ddb437f) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses: 6.0+20161126 -> 6.0+20170715Hongxu Jia2017-08-183-26/+39
| | | | | | | | | | | | | | | | | | | | | | | Rebase patches: - tic-hang.patch -> 0001 - configure-reproducible.patch -> 0002 Drop fix-cflags-mangle.patch, which accepted by upstream ... commit 1b74f120ab7be89011408a6ad0f1c748a314bae8 Author: Sven Joachim <svenjoac@gmx.de> Date: Sun Feb 26 09:01:34 2017 +0100 Import upstream patch 20170225 20170225 + fixes for CF_CC_ENV_FLAGS (report by Ross Burton). ... (From OE-Core rev: a4ad0703e1209fee6cd89bf74088931785c4d8c7) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses_6.0: Improve reproducibilityJuro Bystricky2017-04-011-0/+20
| | | | | | | | | | | | | | Build static libraries without the binutils "ar" -U option. This option deliberately breaks deterministic mode. The option seems to be a relic from 2015, intended as a workaround for some unspecified build problems. [YOCTO#11247] (From OE-Core rev: 46c757d0ca7ff294a7e55c130698fd256b69b62e) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses: 6.0+20160625 -> 6.0+20161126Hongxu Jia2017-02-231-0/+18
| | | | | | | | | | Add a patch to fix the CC/CFLAGS mangling that broke builds. [RB] (From OE-Core rev: e5d1cbbc1a04b0b190f3706e7ab7421c87d46c78) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses_6: Improve installationJuro Bystricky2016-03-201-32/+0
| | | | | | | | | | | | | | | | | As "install.libs" also installs header files, it is redundant to also call "install.includes". In fact, doing so can lead to a race, as both targets could try to install the header files at the same time if running parallel make. Obviously, with only calling "install.libs", there is no race with "install.includes". If there is no race, then the patch fix-include-files-race.patch is no longer needed. (From OE-Core rev: 8df2060a323acf2a2cc2bc4076623463039c46a6) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses_6: Fix an install race conditionJuro Bystricky2016-03-121-0/+32
| | | | | | | | | | | | | | Both targets install.libs and install.includes install the same files, resulting in a race condition when running parallel make. This race is addressed in a patch file, making sure only one of the targets (install.includes) installes the include files. This will work properly (i.e.ncurses will install as intended by the recipe) as long as we always install both targets. (From OE-Core rev: a3df0aa78af1c2fecf847e87cc480fd2ed9afe89) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses: update to revision 20160213Alexander Kanavin2016-02-282-0/+31
Also, put the revision into PV, so that a meaningful upstream version check can be performed. (From OE-Core rev: 78064460a7087de5065f035633ea37a7f5b5cff6) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-27 15:51:33 +0000