[kirkstone,07/10] ncurses: patch CVE-2025-6141

Message ID	8d09a78a79d7f4b4ae9654bdcdf5f33dab9a8b95.1753646578.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.170, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] ncurses: patch CVE-2025-6141 Date: Sun, 27 Jul 2025 13:04:39 -0700 Message-ID: <8d09a78a79d7f4b4ae9654bdcdf5f33dab9a8b95.1753646578.git.steve@sakoman.com> In-Reply-To: <cover.1753646578.git.steve@sakoman.com> References: <cover.1753646578.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/10] binutils: Fix CVE-2025-7546 \| expand [kirkstone,01/10] binutils: Fix CVE-2025-7546 [kirkstone,02/10] orc: set CVE_PRODUCT [kirkstone,03/10] gnupg: fix CVE-2025-30258 [kirkstone,04/10] ffmpeg: Ignore two CVEs fixed in 5.0.3 [kirkstone,05/10] libpam: fix CVE-2025-6020 [kirkstone,06/10] ruby: correct fix for CVE-2024-43398 [kirkstone,07/10] ncurses: patch CVE-2025-6141 [kirkstone,08/10] glibc: stable 2.35 branch updates [kirkstone,09/10] scripts/install-buildtools: Update to 4.0.28 [kirkstone,10/10] db: ignore implicit-int and implicit-function-declaration issues fatal with gcc-14

Message ID

8d09a78a79d7f4b4ae9654bdcdf5f33dab9a8b95.1753646578.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/10] ncurses: patch CVE-2025-6141
Date: Sun, 27 Jul 2025 13:04:39 -0700
Message-ID: 
 <8d09a78a79d7f4b4ae9654bdcdf5f33dab9a8b95.1753646578.git.steve@sakoman.com>
In-Reply-To: <cover.1753646578.git.steve@sakoman.com>
References: <cover.1753646578.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/10] binutils: Fix CVE-2025-7546 | expand

Commit Message

Steve Sakoman July 27, 2025, 8:04 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Pick relevant part of snapshot commit 20250329, see [1].

That has:
add a buffer-limit check in postprocess_termcap (report/testcase by
Yifan Zhang).

[1] https://invisible-island.net/ncurses/NEWS.html#index-t20250329

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ncurses/files/CVE-2025-6141.patch         | 25 +++++++++++++++++++
 .../ncurses/ncurses_6.3+20220423.bb           |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-6141.patch

diff --git a/meta/recipes-core/ncurses/files/CVE-2025-6141.patch b/meta/recipes-core/ncurses/files/CVE-2025-6141.patch
new file mode 100644
index 0000000000..331535e4d2
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2025-6141.patch
@@ -0,0 +1,25 @@ 
+From 27d1493340d714e7be6e08c0a8f43e48276149c4 Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Sat, 29 Mar 2025 22:52:37 +0000
+Subject: [PATCH] snapshot of project "ncurses", label v6_5_20250329
+
+CVE: CVE-2025-6141
+Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/27d1493340d714e7be6e08c0a8f43e48276149c4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ ncurses/tinfo/parse_entry.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index a2278c07..c551c780 100644
+--- a/ncurses/tinfo/parse_entry.c
++++ b/ncurses/tinfo/parse_entry.c
+@@ -954,6 +954,8 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
+ 	    bp = tp->Strings[from_ptr->nte_index];
+ 	    if (VALID_STRING(bp)) {
+ 		for (dp = buf2; *bp; bp++) {
++		    if ((size_t) (dp - buf2) >= (sizeof(buf2) - sizeof(TERMTYPE2)))
++			  break;
+ 		    if (bp[0] == '$' && bp[1] == '<') {
+ 			while (*bp && *bp != '>') {
+ 			    ++bp;
diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index 1fa5e036e9..68a845f27c 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -6,6 +6,7 @@  SRC_URI += "file://0001-tic-hang.patch \
            file://CVE-2023-29491.patch \
            file://CVE-2023-50495.patch \
            file://CVE-2023-45918.patch \
+           file://CVE-2025-6141.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"

[kirkstone,07/10] ncurses: patch CVE-2025-6141

Commit Message

Patch