Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)

Bug #1637239 reported by Tiago Stürmer Daitx on 2016-10-27
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ncurses (Ubuntu)
Wishlist
Unassigned

Bug Description

Ubuntu version: 6.0+20160625-1ubuntu1
Debian verison: 6.0+20161126-1

Details: https://merges.ubuntu.com/n/ncurses/REPORT

Changed in ncurses (Ubuntu):
status: New → In Progress
assignee: nobody → Tiago Stürmer Daitx (tdaitx)
Robie Basak (racb) on 2016-10-27
Changed in ncurses (Ubuntu):
importance: Undecided → Wishlist
tags: added: upgrade-software-version
Tiago Stürmer Daitx (tdaitx) wrote :

Patch to merge latest debian version (6.0+20161126-1) into to Ubuntu (last merge was 6.0+20160625-1ubuntu1).

Remaining changes:
- Add a simple autopkgtest to the package.
- Build x32 packages.
- Build lib32 packages on s390x.

The changes have been forwarded to Debian:
- http://bugs.debian.org/857000 (autopkgtest)
- http://bugs.debian.org/857001 (lib32 packages on s390x)
- http://bugs.debian.org/857003 (x32 packages)

Thanks to Steve Langasek for the info bellow:
The x32 multilib packages (libx32ncurses5) makes as much sense to include in the package as lib32ncurses5 and lib64ncurses5 which are being shipped, and for the same rationale. It's also relevant that there is no official x32 port in either Debian or Ubuntu from which to install the multiarch binaries.

Still it might be controversial on Debian because https://bugs.debian.org/848163 requests the removal of the multilib binaries for other arche; has also not been acted on but might be after Debian stretch is released.

For now we will be keeping the x32 multilib as it is and going forward with the merge.

Changed in ncurses (Ubuntu):
assignee: Tiago Stürmer Daitx (tdaitx) → nobody
status: In Progress → Confirmed
description: updated
summary: - Please merge ncurses 6.0+20160917-1 (main) from Debian unstable (main)
+ Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
Steve Langasek (vorlon) wrote :

The debdiff looks good, but have reviewed the upstream delta and agreed with Tiago that this should wait until after the zesty release. Unsubscribing sponsors.

Hans Joachim Desserud (hjd) wrote :

Hi, came across this issue.

Now that 17.04 is out, are there any more blockers from landing this in artful? (Just curious)

tags: added: needs-debian-merge
Simon Quigley (tsimonq2) wrote :

Unsubscribing ~ubuntu-sponsors as this has been uploaded already.

Mattia Rizzolo (mapreri) wrote :

@tsimonq2 where/when? I still see 6.0+20160625-1ubuntu1 in artful. Subscribing ubuntu-sponsors again.

Simon Quigley (tsimonq2) wrote :

Oh, I apparently don't know how to read...

Thanks Mattia!

Simon Quigley (tsimonq2) wrote :

(in any case, we're already in Feature Freeze, so unless an exception is given (in which case I'll gladly upload it), it's too late to go in Artful)

Julian Andres Klode (juliank) wrote :

Uploaded the latest and greatest last week:

ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable (LP: #1637239). Remaining changes:
    - Add a simple autopkgtest to the package.
    - Build x32 packages.
    - Build lib32 packages on s390x.
  * Fix typo in libx32 package descriptions

 -- Julian Andres Klode <email address hidden> Thu, 11 Jan 2018 20:51:25 +0100

Changed in ncurses (Ubuntu):
status: Confirmed → Fix Committed
Brian Murray (brian-murray) wrote :

Given that this is Fix Committed I'm unsubscibing the ubuntu-sponsors team.

Launchpad Janitor (janitor) wrote :
Download full text (5.2 KiB)

This bug was fixed in the package ncurses - 6.0+20171125-1ubuntu1

---------------
ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable (LP: #1637239). Remaining changes:
    - Add a simple autopkgtest to the package.
    - Build x32 packages.
    - Build lib32 packages on s390x.
  * Fix typo in libx32 package descriptions

ncurses (6.0+20171125-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Modify _nc_write_entry() to truncate too-long filename (report by
      Hosein Askari (CVE-2017-16879), Closes: #882620).
  * Change priority of the -dbg packages and the udeb to optional.
  * Delete trailing whitespace in debian/changelog.
  * Bump debhelper compatibility level to 10.
  * Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config
    and drop the explicit autotools-dev build dependency.
  * Drop dpkg-dev build dependency, already fulfilled in oldstable.
  * Do not require (fake)root for building the packages.
  * Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt.

ncurses (6.0+20170902-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Modify check in fmt_entry() to handle a cancelled reset string
      (CVE-2017-13733, Closes: #873746).

ncurses (6.0+20170827-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Add/improve checks in tic's parser to address invalid input
      (Closes: #873723).
      + Add a check in comp_scan.c to handle the special case where a
        nontext file ending with a NUL rather than newline is given to
        tic as input (CVE-2017-13728).
      + Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729).
      + Add validity checks for "use=" target in _nc_parse_entry
        (CVE-2017-13730).
      + Check for invalid strings in postprocess_termcap (CVE-2017-13731).
      + Reset secondary pointers on EOF in next_char() (CVE-2017-13732).
      + Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
        cancelled strings (CVE-2017-13734).
    - Add usage message to clear command (Closes: #371855).
  * Configure the test programs with --datadir=/usr/share/ncurses-examples.
  * Look for tarballs on ftp.invisible-island.net in the watch files.

ncurses (6.0+20170715-2) unstable; urgency=medium

  * Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial
    upgrades from testing.

ncurses (6.0+20170715-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Bring back the _nc_read_entry symbol in libtinfo5 (Closes: #868328),
      drop the _nc_read_entry2 symbol which should not have been added.
    - Repair termcap-format from tic/infocmp broken in 20170701 fixes
      (Closes: #868266).

ncurses (6.0+20170708-1) unstable; urgency=high

  * New upstream patchlevel.
    - Correct a limit-check in fixes from CVE-2017-10684
      (report by Sven Joachim).
  * Amend the previous Debian changelog entry with CVE references.

ncurses (6.0+20170701-1) unstable; urgency=low

  * New upstream patchlevel.
    - Add/improve checks in tic's parser to address invalid input
      (Redhat #1464684, #1464685, #1464686, #1464691).
      + alloc_entry.c, add a check for a null-po...

Read more...

Changed in ncurses (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.