[AUTO-CHERRYPICK] Upgrade ncurses to 6.4-20230520 to fix CVE-2023-50495 - branch main (#11283)

CBL-Mariner-Bot · sandeepkarambelkar · web-flow · commit 7f5ccbffdf6f · 2024-12-03T07:55:19.000-05:00
Co-authored-by: Sandeep Karambelkar &lt;sandeep.karambelkar@gmail.com&gt;
diff --git a/SPECS/ncurses/ncurses.signatures.json b/SPECS/ncurses/ncurses.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "ncurses-6.4-20230423.tgz": "7d77f95eff470099cfb7cabd6d3b8766ee1c4bda33755dd5a4d73fcc85315a4f"
+  "ncurses-6.4-20230520.tgz": "23ff1d2b51280fa92b7ff569505662370c26e85a2f26137b75ba4cd2457f1721"
  }
 }
diff --git a/SPECS/ncurses/ncurses.spec b/SPECS/ncurses/ncurses.spec
@@ -1,9 +1,9 @@
-%global patchlevel     20230423
+%global patchlevel     20230520
 
 Summary:        Libraries for terminal handling of character screens
 Name:           ncurses
 Version:        6.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -233,6 +233,9 @@ xz NEWS
 %files term -f terms.term
 
 %changelog
+* Mon Dec 02 2024 Sandeep Karambelkar <skarambelkar@microsoft.com> - 6.4-3
+- Update to version 6.4-20230520 to fix CVE-2023-50495
+
 * Thu Nov 16 2023 Tobias Brick <tobiasb@microsoft.com> - 6.4-2
 - Update to version 6.4-20230423 to fix crash in tmux
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -14114,7 +14114,7 @@
         "other": {
           "name": "ncurses",
           "version": "6.4",
-          "downloadUrl": "https://invisible-mirror.net/archives/ncurses/current/ncurses-6.4-20230423.tgz"
+          "downloadUrl": "https://invisible-mirror.net/archives/ncurses/current/ncurses-6.4-20230520.tgz"
         }
       }
     },
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -33,11 +33,11 @@ libpkgconf-1.8.0-3.cm2.aarch64.rpm
 pkgconf-1.8.0-3.cm2.aarch64.rpm
 pkgconf-m4-1.8.0-3.cm2.noarch.rpm
 pkgconf-pkg-config-1.8.0-3.cm2.aarch64.rpm
-ncurses-6.4-2.cm2.aarch64.rpm
-ncurses-compat-6.4-2.cm2.aarch64.rpm
-ncurses-devel-6.4-2.cm2.aarch64.rpm
-ncurses-libs-6.4-2.cm2.aarch64.rpm
-ncurses-term-6.4-2.cm2.aarch64.rpm
+ncurses-6.4-3.cm2.aarch64.rpm
+ncurses-compat-6.4-3.cm2.aarch64.rpm
+ncurses-devel-6.4-3.cm2.aarch64.rpm
+ncurses-libs-6.4-3.cm2.aarch64.rpm
+ncurses-term-6.4-3.cm2.aarch64.rpm
 readline-8.1-1.cm2.aarch64.rpm
 readline-devel-8.1-1.cm2.aarch64.rpm
 coreutils-8.32-7.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -33,11 +33,11 @@ libpkgconf-1.8.0-3.cm2.x86_64.rpm
 pkgconf-1.8.0-3.cm2.x86_64.rpm
 pkgconf-m4-1.8.0-3.cm2.noarch.rpm
 pkgconf-pkg-config-1.8.0-3.cm2.x86_64.rpm
-ncurses-6.4-2.cm2.x86_64.rpm
-ncurses-compat-6.4-2.cm2.x86_64.rpm
-ncurses-devel-6.4-2.cm2.x86_64.rpm
-ncurses-libs-6.4-2.cm2.x86_64.rpm
-ncurses-term-6.4-2.cm2.x86_64.rpm
+ncurses-6.4-3.cm2.x86_64.rpm
+ncurses-compat-6.4-3.cm2.x86_64.rpm
+ncurses-devel-6.4-3.cm2.x86_64.rpm
+ncurses-libs-6.4-3.cm2.x86_64.rpm
+ncurses-term-6.4-3.cm2.x86_64.rpm
 readline-8.1-1.cm2.x86_64.rpm
 readline-devel-8.1-1.cm2.x86_64.rpm
 coreutils-8.32-7.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -251,12 +251,12 @@ mpfr-4.1.0-2.cm2.aarch64.rpm
 mpfr-debuginfo-4.1.0-2.cm2.aarch64.rpm
 mpfr-devel-4.1.0-2.cm2.aarch64.rpm
 msopenjdk-11-11.0.18-1.aarch64.rpm
-ncurses-6.4-2.cm2.aarch64.rpm
-ncurses-compat-6.4-2.cm2.aarch64.rpm
-ncurses-debuginfo-6.4-2.cm2.aarch64.rpm
-ncurses-devel-6.4-2.cm2.aarch64.rpm
-ncurses-libs-6.4-2.cm2.aarch64.rpm
-ncurses-term-6.4-2.cm2.aarch64.rpm
+ncurses-6.4-3.cm2.aarch64.rpm
+ncurses-compat-6.4-3.cm2.aarch64.rpm
+ncurses-debuginfo-6.4-3.cm2.aarch64.rpm
+ncurses-devel-6.4-3.cm2.aarch64.rpm
+ncurses-libs-6.4-3.cm2.aarch64.rpm
+ncurses-term-6.4-3.cm2.aarch64.rpm
 newt-0.52.21-5.cm2.aarch64.rpm
 newt-debuginfo-0.52.21-5.cm2.aarch64.rpm
 newt-devel-0.52.21-5.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -257,12 +257,12 @@ mpfr-4.1.0-2.cm2.x86_64.rpm
 mpfr-debuginfo-4.1.0-2.cm2.x86_64.rpm
 mpfr-devel-4.1.0-2.cm2.x86_64.rpm
 msopenjdk-11-11.0.18-1.x86_64.rpm
-ncurses-6.4-2.cm2.x86_64.rpm
-ncurses-compat-6.4-2.cm2.x86_64.rpm
-ncurses-debuginfo-6.4-2.cm2.x86_64.rpm
-ncurses-devel-6.4-2.cm2.x86_64.rpm
-ncurses-libs-6.4-2.cm2.x86_64.rpm
-ncurses-term-6.4-2.cm2.x86_64.rpm
+ncurses-6.4-3.cm2.x86_64.rpm
+ncurses-compat-6.4-3.cm2.x86_64.rpm
+ncurses-debuginfo-6.4-3.cm2.x86_64.rpm
+ncurses-devel-6.4-3.cm2.x86_64.rpm
+ncurses-libs-6.4-3.cm2.x86_64.rpm
+ncurses-term-6.4-3.cm2.x86_64.rpm
 newt-0.52.21-5.cm2.x86_64.rpm
 newt-debuginfo-0.52.21-5.cm2.x86_64.rpm
 newt-devel-0.52.21-5.cm2.x86_64.rpm

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "ncurses-6.4-20230423.tgz": "7d77f95eff470099cfb7cabd6d3b8766ee1c4bda33755dd5a4d73fcc85315a4f"`
	`3`	`+ "ncurses-6.4-20230520.tgz": "23ff1d2b51280fa92b7ff569505662370c26e85a2f26137b75ba4cd2457f1721"`
`4`	`4`	`}`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14114,7 +14114,7 @@`
`14114`	`14114`	`"other": {`
`14115`	`14115`	`"name": "ncurses",`
`14116`	`14116`	`"version": "6.4",`
`14117`		`- "downloadUrl": "https://invisible-mirror.net/archives/ncurses/current/ncurses-6.4-20230423.tgz"`
	`14117`	`+ "downloadUrl": "https://invisible-mirror.net/archives/ncurses/current/ncurses-6.4-20230520.tgz"`
`14118`	`14118`	`}`
`14119`	`14119`	`}`
`14120`	`14120`	`},`