2 files changed, 66 insertions, 0 deletions

diff --git a/meta/recipes-core/ncurses/files/CVE-2021-39537.patch b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
new file mode 100644
index 0000000000..d63bf57e8d
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2021-39537.patch
@@ -0,0 +1,65 @@
+From e83ecbd26252bac163fc4377ef30edbd4acb0bad Mon Sep 17 00:00:00 2001
+From: Sven Joachim <svenjoac@gmx.de>
+Date: Mon, 1 Jun 2020 08:03:52 +0200
+Subject: [PATCH] Import upstream patch 20200531
+
+20200531
+        + correct configure version-check/warnng for g++ to allow for 10.x
+        + re-enable "bel" in konsole-base (report by Nia Huang)
+        + add linux-s entry (patch by Alexandre Montaron).
+        + drop long-obsolete convert_configure.pl
+        + add test/test_parm.c, for checking tparm changes.
+        + improve parameter-checking for tparm, adding function _nc_tiparm() to
+          handle the most-used case, which accepts only numeric parameters
+          (report/testcase by "puppet-meteor").
+        + use a more conservative estimate of the buffer-size in lib_tparm.c's
+          save_text() and save_number(), in case the sprintf() function
+          passes-through unexpected characters from a format specifier
+          (report/testcase by "puppet-meteor").
+        + add a check for end-of-string in cvtchar to handle a malformed
+          string in infotocap (report/testcase by "puppet-meteor").
+
+CVE: CVE-2021-39537
+
+Upstream-Status: Backport [https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ ncurses/tinfo/captoinfo.c        |   11 +-
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d1..9362105a 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -98,7 +98,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: captoinfo.c,v 1.98 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: captoinfo.c,v 1.99 2020/05/25 21:28:29 tom Exp $")
+ 
+ #if 0
+ #define DEBUG_THIS(p) DEBUG(9, p)
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+        }
+        break;
+     case '^':
++       len = 2;
+        c = UChar(*++sp);
+-       if (c == '?')
++       if (c == '?') {
+            c = 127;
+-       else
++       } else if (c == '\0') {
++           len = 1;
++       } else {
+            c &= 0x1f;
+-       len = 2;
++       }
+        break;
+     default:
+        c = UChar(*sp);
+-- 
+2.17.1
+
diff --git a/meta/recipes-core/ncurses/ncurses_6.2.bb b/meta/recipes-core/ncurses/ncurses_6.2.bb
index e7d7396a20..598c51b00b 100644
--- a/meta/recipes-core/ncurses/ncurses_6.2.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.2.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
            file://0002-configure-reproducible.patch \
            file://0003-gen-pkgconfig.in-Do-not-include-LDFLAGS-in-generated.patch \
+           file://CVE-2021-39537.patch \
            "
 # commit id corresponds to the revision in package version
 SRCREV = "a669013cd5e9d6434e5301348ea51baf306c93c4"