* [kirkstone][PATCH] ncurses: fix for CVE-2025-69720
@ 2026-04-07 5:44 Hitendra Prajapati
2026-04-07 6:59 ` [OE-core] " Yoann Congal
2026-04-07 16:11 ` Yoann Congal
0 siblings, 2 replies; 3+ messages in thread
From: Hitendra Prajapati @ 2026-04-07 5:44 UTC (permalink / raw)
To: openembedded-core; +Cc: Hitendra Prajapati
Pick relevant part of snapshot commit 20251213, see [1].
That has:
add a limit-check in infocmp -i option (report/example by Yixuan Cao).
[1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213
References:
1. https://github.com/Cao-Wuhui/CVE-2025-69720
2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720
3. https://access.redhat.com/errata/RHSA-2026:5913
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
.../ncurses/files/CVE-2025-69720.patch | 42 +++++++++++++++++++
.../ncurses/ncurses_6.3+20220423.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch
diff --git a/meta/recipes-core/ncurses/files/CVE-2025-69720.patch b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
new file mode 100644
index 0000000000..d570b2007a
--- /dev/null
+++ b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
@@ -0,0 +1,42 @@
+From 6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 6 Apr 2026 18:08:09 +0530
+Subject: [PATCH] add limit-check in infocmp
+
+origin : https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20251213.patch.gz
+Refer: https://github.com/Cao-Wuhui/CVE-2025-69720
+patch by : Thomas E. Dickey <dickey@invisible-island.net>
+
+CVE: CVE-2025-69720
+Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ progs/infocmp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/progs/infocmp.c b/progs/infocmp.c
+index 0ee0b958..538aca5a 100644
+--- a/progs/infocmp.c
++++ b/progs/infocmp.c
+@@ -816,7 +816,7 @@ lookup_params(const assoc * table, char *dst, char *src)
+ static void
+ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
+ {
+- char buf2[MAX_TERMINFO_LENGTH];
++ char buf2[MAX_TERMINFO_LENGTH + 1];
+ const char *sp;
+ const assoc *ap;
+ int tp_lines = tp->Numbers[2];
+@@ -846,7 +846,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
+ if (VALID_STRING(cp) &&
+ cp[0] != '\0' &&
+ cp != cap) {
+- len = strlen(cp);
++ if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH)
++ len = MAX_TERMINFO_LENGTH;
+ _nc_STRNCPY(buf2, sp, len);
+ buf2[len] = '\0';
+
+--
+2.50.1
+
diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
index 68a845f27c..15ea2756cd 100644
--- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://0001-tic-hang.patch \
file://CVE-2023-50495.patch \
file://CVE-2023-45918.patch \
file://CVE-2025-6141.patch \
+ file://CVE-2025-69720.patch \
"
# commit id corresponds to the revision in package version
SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
--
2.50.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core] [kirkstone][PATCH] ncurses: fix for CVE-2025-69720
2026-04-07 5:44 [kirkstone][PATCH] ncurses: fix for CVE-2025-69720 Hitendra Prajapati
@ 2026-04-07 6:59 ` Yoann Congal
2026-04-07 16:11 ` Yoann Congal
1 sibling, 0 replies; 3+ messages in thread
From: Yoann Congal @ 2026-04-07 6:59 UTC (permalink / raw)
To: hprajapati, openembedded-core
On Tue Apr 7, 2026 at 7:44 AM CEST, Hitendra Prajapati via lists.openembedded.org wrote:
> Pick relevant part of snapshot commit 20251213, see [1].
>
> That has:
> add a limit-check in infocmp -i option (report/example by Yixuan Cao).
>
> [1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213
>
> References:
> 1. https://github.com/Cao-Wuhui/CVE-2025-69720
> 2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720
> 3. https://access.redhat.com/errata/RHSA-2026:5913
>
> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> ---
Hello,
Sorry, but this might come too late for kirkstone.
See "End of kirkstone LTS support"
https://lore.kernel.org/yocto/DH8I3C005I7I.EAFAABGT2FJL@smile.fr/T/#u
I will try to include it but no promises.
Regards,
> .../ncurses/files/CVE-2025-69720.patch | 42 +++++++++++++++++++
> .../ncurses/ncurses_6.3+20220423.bb | 1 +
> 2 files changed, 43 insertions(+)
> create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch
>
> diff --git a/meta/recipes-core/ncurses/files/CVE-2025-69720.patch b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
> new file mode 100644
> index 0000000000..d570b2007a
> --- /dev/null
> +++ b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
> @@ -0,0 +1,42 @@
> +From 6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e Mon Sep 17 00:00:00 2001
> +From: Hitendra Prajapati <hprajapati@mvista.com>
> +Date: Mon, 6 Apr 2026 18:08:09 +0530
> +Subject: [PATCH] add limit-check in infocmp
> +
> +origin : https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20251213.patch.gz
> +Refer: https://github.com/Cao-Wuhui/CVE-2025-69720
> +patch by : Thomas E. Dickey <dickey@invisible-island.net>
> +
> +CVE: CVE-2025-69720
> +Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e]
> +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> +---
> + progs/infocmp.c | 5 +++--
> + 1 file changed, 3 insertions(+), 2 deletions(-)
> +
> +diff --git a/progs/infocmp.c b/progs/infocmp.c
> +index 0ee0b958..538aca5a 100644
> +--- a/progs/infocmp.c
> ++++ b/progs/infocmp.c
> +@@ -816,7 +816,7 @@ lookup_params(const assoc * table, char *dst, char *src)
> + static void
> + analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
> + {
> +- char buf2[MAX_TERMINFO_LENGTH];
> ++ char buf2[MAX_TERMINFO_LENGTH + 1];
> + const char *sp;
> + const assoc *ap;
> + int tp_lines = tp->Numbers[2];
> +@@ -846,7 +846,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
> + if (VALID_STRING(cp) &&
> + cp[0] != '\0' &&
> + cp != cap) {
> +- len = strlen(cp);
> ++ if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH)
> ++ len = MAX_TERMINFO_LENGTH;
> + _nc_STRNCPY(buf2, sp, len);
> + buf2[len] = '\0';
> +
> +--
> +2.50.1
> +
> diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> index 68a845f27c..15ea2756cd 100644
> --- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> @@ -7,6 +7,7 @@ SRC_URI += "file://0001-tic-hang.patch \
> file://CVE-2023-50495.patch \
> file://CVE-2023-45918.patch \
> file://CVE-2025-6141.patch \
> + file://CVE-2025-69720.patch \
> "
> # commit id corresponds to the revision in package version
> SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core] [kirkstone][PATCH] ncurses: fix for CVE-2025-69720
2026-04-07 5:44 [kirkstone][PATCH] ncurses: fix for CVE-2025-69720 Hitendra Prajapati
2026-04-07 6:59 ` [OE-core] " Yoann Congal
@ 2026-04-07 16:11 ` Yoann Congal
1 sibling, 0 replies; 3+ messages in thread
From: Yoann Congal @ 2026-04-07 16:11 UTC (permalink / raw)
To: hprajapati, openembedded-core
On Tue Apr 7, 2026 at 7:44 AM CEST, Hitendra Prajapati via lists.openembedded.org wrote:
> Pick relevant part of snapshot commit 20251213, see [1].
>
> That has:
> add a limit-check in infocmp -i option (report/example by Yixuan Cao).
>
> [1] https://invisible-island.net/ncurses/NEWS.html#index-t20251213
>
> References:
> 1. https://github.com/Cao-Wuhui/CVE-2025-69720
> 2. https://nvd.nist.gov/vuln/detail/CVE-2025-69720
> 3. https://access.redhat.com/errata/RHSA-2026:5913
>
> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> ---
Hello,
As far as I can tell, this CVE applies to scarthgap. Since this is the
end of kirkstone soon, I'll take it into the reviews series but can only
merge it if there is a patch sent for this CVE for scarthgap.
Regards,
> .../ncurses/files/CVE-2025-69720.patch | 42 +++++++++++++++++++
> .../ncurses/ncurses_6.3+20220423.bb | 1 +
> 2 files changed, 43 insertions(+)
> create mode 100644 meta/recipes-core/ncurses/files/CVE-2025-69720.patch
>
> diff --git a/meta/recipes-core/ncurses/files/CVE-2025-69720.patch b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
> new file mode 100644
> index 0000000000..d570b2007a
> --- /dev/null
> +++ b/meta/recipes-core/ncurses/files/CVE-2025-69720.patch
> @@ -0,0 +1,42 @@
> +From 6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e Mon Sep 17 00:00:00 2001
> +From: Hitendra Prajapati <hprajapati@mvista.com>
> +Date: Mon, 6 Apr 2026 18:08:09 +0530
> +Subject: [PATCH] add limit-check in infocmp
> +
> +origin : https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20251213.patch.gz
> +Refer: https://github.com/Cao-Wuhui/CVE-2025-69720
> +patch by : Thomas E. Dickey <dickey@invisible-island.net>
> +
> +CVE: CVE-2025-69720
> +Upstream-Status: Backport [https://github.com/ThomasDickey/ncurses-snapshots/commit/6f6db0e8fd14e40096a0ee6f8bdf32dedbd3fc9e]
> +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> +---
> + progs/infocmp.c | 5 +++--
> + 1 file changed, 3 insertions(+), 2 deletions(-)
> +
> +diff --git a/progs/infocmp.c b/progs/infocmp.c
> +index 0ee0b958..538aca5a 100644
> +--- a/progs/infocmp.c
> ++++ b/progs/infocmp.c
> +@@ -816,7 +816,7 @@ lookup_params(const assoc * table, char *dst, char *src)
> + static void
> + analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
> + {
> +- char buf2[MAX_TERMINFO_LENGTH];
> ++ char buf2[MAX_TERMINFO_LENGTH + 1];
> + const char *sp;
> + const assoc *ap;
> + int tp_lines = tp->Numbers[2];
> +@@ -846,7 +846,8 @@ analyze_string(const char *name, const char *cap, TERMTYPE2 *tp)
> + if (VALID_STRING(cp) &&
> + cp[0] != '\0' &&
> + cp != cap) {
> +- len = strlen(cp);
> ++ if ((len = strlen(cp)) > MAX_TERMINFO_LENGTH)
> ++ len = MAX_TERMINFO_LENGTH;
> + _nc_STRNCPY(buf2, sp, len);
> + buf2[len] = '\0';
> +
> +--
> +2.50.1
> +
> diff --git a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> index 68a845f27c..15ea2756cd 100644
> --- a/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> +++ b/meta/recipes-core/ncurses/ncurses_6.3+20220423.bb
> @@ -7,6 +7,7 @@ SRC_URI += "file://0001-tic-hang.patch \
> file://CVE-2023-50495.patch \
> file://CVE-2023-45918.patch \
> file://CVE-2025-6141.patch \
> + file://CVE-2025-69720.patch \
> "
> # commit id corresponds to the revision in package version
> SRCREV = "a0bc708bc6954b5d3c0a38d92b683c3ec3135260"
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-07 16:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-07 5:44 [kirkstone][PATCH] ncurses: fix for CVE-2025-69720 Hitendra Prajapati
2026-04-07 6:59 ` [OE-core] " Yoann Congal
2026-04-07 16:11 ` Yoann Congal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox