[kirkstone,v3,18/19] ncurses: fix for CVE-2025-69720

Message ID	4a046b39185314ceafbc7846b9c00fb8984c71ce.1775578386.git.yoann.congal@smile.fr
State	New
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone v3 18/19] ncurses: fix for CVE-2025-69720 Date: Tue, 7 Apr 2026 18:15:55 +0200 Message-ID: <4a046b39185314ceafbc7846b9c00fb8984c71ce.1775578386.git.yoann.congal@smile.fr> In-Reply-To: <cover.1775578386.git.yoann.congal@smile.fr> References: <cover.1775578386.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,v3,01/19] linux-yocto/5.15: update to v5.15.200 \| expand [kirkstone,v3,01/19] linux-yocto/5.15: update to v5.15.200 [kirkstone,v3,02/19] linux-yocto/5.15: update to v5.15.201 [kirkstone,v3,03/19] create-pull-request: Keep commit hash to be pulled in cover email [kirkstone,v3,04/19] README.OE-Core: update contributor links and add kirkstone prefix [kirkstone,v3,05/19] libtheora: mark CVE-2024-56431 as not vulnerable yet [kirkstone,v3,06/19] tzdata,tzcode-native: Upgrade 2025b -> 2025c [kirkstone,v3,07/19] tzdata/tzcode-native: upgrade 2025c -> 2026a [kirkstone,v3,08/19] python3: upgrade 3.10.19 -> 3.10.20 [kirkstone,v3,09/19] python3-pyopenssl: Fix CVE-2026-27448 [kirkstone,v3,10/19] python3-pyopenssl: Fix CVE-2026-27459 [kirkstone,v3,11/19] libarchive: Fix CVE-2026-4111 [kirkstone,v3,12/19] vim: Fix CVE-2026-33412 [kirkstone,v3,13/19] sqlite3: Fix CVE-2025-70873 [kirkstone,v3,14/19] curl: patch CVE-2025-14524 [kirkstone,v3,15/19] curl: patch CVE-2026-1965 [kirkstone,v3,16/19] curl: patch CVE-2026-3783 [kirkstone,v3,17/19] curl: patch CVE-2026-3784 [kirkstone,v3,18/19] ncurses: fix for CVE-2025-69720 [kirkstone,v3,19/19] scripts/install-buildtools: Update to 4.0.34

Message ID

4a046b39185314ceafbc7846b9c00fb8984c71ce.1775578386.git.yoann.congal@smile.fr

State

New

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone v3 18/19] ncurses: fix for CVE-2025-69720
Date: Tue,  7 Apr 2026 18:15:55 +0200
Message-ID: 
 <4a046b39185314ceafbc7846b9c00fb8984c71ce.1775578386.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1775578386.git.yoann.congal@smile.fr>
References: <cover.1775578386.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,v3,01/19] linux-yocto/5.15: update to v5.15.200 | expand

Commit Message

Yoann Congal April 7, 2026, 4:15 p.m. UTC

From: Hitendra Prajapati <hprajapati@mvista.com>

Pick relevant part of snapshot commit 20251213, see [1].

That has:
add a limit-check in infocmp -i option (report/example by Yixuan Cao).

[1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213

References:
1. https://github.com/Cao-Wuhui/CVE-2025-69720
2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720
3. https://access.redhat.com/errata/RHSA-2026:5913

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../ncurses/files/CVE-2025-69720.patch        | 42 +++++++++++++++++++
 .../ncurses/ncurses_6.3+20220423.bb           |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch

diff --git a/meta/recipes-core/ncurses/files/CVE-2025-69720.patch b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
new file mode 100644
index 00000000000..d570b2007a7
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
@@ -0,0 +1,42 @@ 
+From 6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 6 Apr 2026 18:08:09 +0530
+Subject: [PATCH] add limit-check in infocmp
+
+origin : https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20251213.patch.gz
+Refer: https://github.com/Cao-Wuhui/CVE-2025-69720
+patch by : Thomas E. Dickey <dickey@invisible-island.net>
+
+CVE: CVE-2025-69720
+Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ progs/infocmp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/progs/infocmp.c b/progs/infocmp.c
+index 0ee0b958..538aca5a 100644
+--- a/progs/infocmp.c
++++ b/progs/infocmp.c
+@@ -816,7 +816,7 @@ lookup_params(const assoc * table, char *dst, char *src)
+ static void
+ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
+ {
+-    char buf2[MAX_TERMINFO_LENGTH];
++    char buf2[MAX_TERMINFO_LENGTH + 1];
+     const char *sp;
+     const assoc *ap;
+     int tp_lines = tp->Numbers[2];
+@@ -846,7 +846,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
+ 	    if (VALID_STRING(cp) &&
+ 		cp[0] != '\0' &&
+ 		cp != cap) {
+-		len = strlen(cp);
++		if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH)
++		    len = MAX_TERMINFO_LENGTH;
+ 		_nc_STRNCPY(buf2, sp, len);
+ 		buf2[len] = '\0';
+ 
+-- 
+2.50.1
+
diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index 68a845f27c8..15ea2756cdb 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -7,6 +7,7 @@  SRC_URI += "file://0001-tic-hang.patch \
            file://CVE-2023-50495.patch \
            file://CVE-2023-45918.patch \
            file://CVE-2025-6141.patch \
+           file://CVE-2025-69720.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"

[kirkstone,v3,18/19] ncurses: fix for CVE-2025-69720

Commit Message

Patch