[ubuntu/bionic-proposed] ncurses 6.0+20171125-1ubuntu1 (Accepted)
Julian Andres Klode
juliank at ubuntu.com
Thu Jan 11 20:05:14 UTC 2018
ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable (LP: #1637239). Remaining changes:
- Add a simple autopkgtest to the package.
- Build x32 packages.
- Build lib32 packages on s390x.
* Fix typo in libx32 package descriptions
ncurses (6.0+20171125-1) unstable; urgency=medium
* New upstream patchlevel.
- Modify _nc_write_entry() to truncate too-long filename (report by
Hosein Askari (CVE-2017-16879), Closes: #882620).
* Change priority of the -dbg packages and the udeb to optional.
* Delete trailing whitespace in debian/changelog.
* Bump debhelper compatibility level to 10.
* Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config
and drop the explicit autotools-dev build dependency.
* Drop dpkg-dev build dependency, already fulfilled in oldstable.
* Do not require (fake)root for building the packages.
* Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt.
ncurses (6.0+20170902-1) unstable; urgency=medium
* New upstream patchlevel.
- Modify check in fmt_entry() to handle a cancelled reset string
(CVE-2017-13733, Closes: #873746).
ncurses (6.0+20170827-1) unstable; urgency=medium
* New upstream patchlevel.
- Add/improve checks in tic's parser to address invalid input
(Closes: #873723).
+ Add a check in comp_scan.c to handle the special case where a
nontext file ending with a NUL rather than newline is given to
tic as input (CVE-2017-13728).
+ Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729).
+ Add validity checks for "use=" target in _nc_parse_entry
(CVE-2017-13730).
+ Check for invalid strings in postprocess_termcap (CVE-2017-13731).
+ Reset secondary pointers on EOF in next_char() (CVE-2017-13732).
+ Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
cancelled strings (CVE-2017-13734).
- Add usage message to clear command (Closes: #371855).
* Configure the test programs with --datadir=/usr/share/ncurses-examples.
* Look for tarballs on ftp.invisible-island.net in the watch files.
ncurses (6.0+20170715-2) unstable; urgency=medium
* Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial
upgrades from testing.
ncurses (6.0+20170715-1) unstable; urgency=medium
* New upstream patchlevel.
- Bring back the _nc_read_entry symbol in libtinfo5 (Closes: #868328),
drop the _nc_read_entry2 symbol which should not have been added.
- Repair termcap-format from tic/infocmp broken in 20170701 fixes
(Closes: #868266).
ncurses (6.0+20170708-1) unstable; urgency=high
* New upstream patchlevel.
- Correct a limit-check in fixes from CVE-2017-10684
(report by Sven Joachim).
* Amend the previous Debian changelog entry with CVE references.
ncurses (6.0+20170701-1) unstable; urgency=low
* New upstream patchlevel.
- Add/improve checks in tic's parser to address invalid input
(Redhat #1464684, #1464685, #1464686, #1464691).
+ alloc_entry.c, add a check for a null-pointer (CVE-2017-11113).
+ parse_entry.c, add several checks for valid pointers (CVE-2017-11112),
as well as one check to ensure that a single character on a line is
not treated as the 2-character termcap short-name.
- Fix a problem with buffer overflow in dump_entry.c, which is
addressed by reducing the use of a fixed-size buffer
(CVE-2017-16084, CVE-2017-10685).
* Refresh Debian patches.
* Update symbols files.
- Add new symbol _nc_read_entry2.
- Drop wo unused symbols obsoleted in 2004: _nc_check_termtype and
_nc_resolve_uses.
* Blacklist dvtm and dvtm-256color terminfo entries which are shipped
in the dvtm package (Closes: #863969).
* Mark ncurses-doc as Multi-Arch: foreign.
ncurses (6.0+20170408-1) experimental; urgency=low
* New upstream patchlevel.
- Fix a memory leak in the window-list when creating multiple
screens (reports by Andres Martinelli, Closes: #783486).
* Provide a curses(3) symlink to ncurses (Closes: #859293).
* Set LD_LIBRARY_PATH when building the test programs, fixes an
impending FTBFS when we switch to libncursesw6 from libncursesw5.
* Update years in debian/copyright.
* Change priority of libncurses5 to optional (see #852002).
ncurses (6.0+20161126-1) unstable; urgency=low
* New upstream patchlevel.
- Omit selection of ISO-8859-1 for G0 in enacs capability from
linux2.6 entry, to avoid conflict with the user-defined mapping
(Closes: #830694).
* Update symbols files for new symbol unfocus_current_field.
ncurses (6.0+20160917-1) unstable; urgency=medium
* New upstream patchlevel.
- Fix typo in 20160910 changes (Closes: #837892, patch by Sven Joachim).
ncurses (6.0+20160910-1) unstable; urgency=low
* New upstream patchlevel.
- Trim trailing blanks from include/Caps*, to work around a problem
in sed (Closes: #818067).
* Invoke configure via relative paths to prevent the build path from
showing up in binaries.
* Enable parallel builds.
Date: Thu, 11 Jan 2018 20:51:25 +0100
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ncurses/6.0+20171125-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Jan 2018 20:51:25 +0100
Source: ncurses
Binary: libtinfo5 libtinfo5-udeb libncurses5 libtinfo-dev libtinfo5-dbg libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib64tinfo5 lib32tinfo5 lib32tinfo-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc libx32ncurses5 libx32ncurses5-dev libx32ncursesw5 libx32ncursesw5-dev libx32tinfo5 libx32tinfo-dev
Architecture: source
Version: 6.0+20171125-1ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Description:
lib32ncurses5 - shared libraries for terminal handling (32-bit)
lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
lib32tinfo-dev - developer's library for the low-level terminfo library (32-bit)
lib32tinfo5 - shared low-level terminfo library for terminal handling (32-bit)
lib64ncurses5 - shared libraries for terminal handling (64-bit)
lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
lib64tinfo5 - shared low-level terminfo library for terminal handling (64-bit)
libncurses5 - shared libraries for terminal handling
libncurses5-dbg - debugging/profiling libraries for ncurses
libncurses5-dev - developer's libraries for ncurses
libncursesw5 - shared libraries for terminal handling (wide character support)
libncursesw5-dbg - debugging/profiling libraries for ncursesw
libncursesw5-dev - developer's libraries for ncursesw
libtinfo-dev - developer's library for the low-level terminfo library
libtinfo5 - shared low-level terminfo library for terminal handling
libtinfo5-dbg - debugging/profiling library for the low-level terminfo library
libtinfo5-udeb - shared low-level terminfo library for terminal handling - udeb (udeb)
libx32ncurses5 - shared libraries for terminal handling (x32)
libx32ncurses5-dev - developer's libraries for ncurses (x32)
libx32ncursesw5 - shared libraries for terminal handling (wide character support) (
libx32ncursesw5-dev - developer's libraries for ncursesw (x32)
libx32tinfo-dev - developer's library for the low-level terminfo library (x32)
libx32tinfo5 - shared low-level terminfo library for terminal handling (x32)
ncurses-base - basic terminal type definitions
ncurses-bin - terminal-related programs and man pages
ncurses-doc - developer's guide and documentation for ncurses
ncurses-examples - test programs and examples for ncurses
ncurses-term - additional terminal type definitions
Closes: 371855 783486 818067 830694 837892 859293 863969 868266 868328 873723 873746 882620
Launchpad-Bugs-Fixed: 1637239
Changes:
ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low
.
* Merge from Debian unstable (LP: #1637239). Remaining changes:
- Add a simple autopkgtest to the package.
- Build x32 packages.
- Build lib32 packages on s390x.
* Fix typo in libx32 package descriptions
.
ncurses (6.0+20171125-1) unstable; urgency=medium
.
* New upstream patchlevel.
- Modify _nc_write_entry() to truncate too-long filename (report by
Hosein Askari (CVE-2017-16879), Closes: #882620).
* Change priority of the -dbg packages and the udeb to optional.
* Delete trailing whitespace in debian/changelog.
* Bump debhelper compatibility level to 10.
* Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config
and drop the explicit autotools-dev build dependency.
* Drop dpkg-dev build dependency, already fulfilled in oldstable.
* Do not require (fake)root for building the packages.
* Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt.
.
ncurses (6.0+20170902-1) unstable; urgency=medium
.
* New upstream patchlevel.
- Modify check in fmt_entry() to handle a cancelled reset string
(CVE-2017-13733, Closes: #873746).
.
ncurses (6.0+20170827-1) unstable; urgency=medium
.
* New upstream patchlevel.
- Add/improve checks in tic's parser to address invalid input
(Closes: #873723).
+ Add a check in comp_scan.c to handle the special case where a
nontext file ending with a NUL rather than newline is given to
tic as input (CVE-2017-13728).
+ Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729).
+ Add validity checks for "use=" target in _nc_parse_entry
(CVE-2017-13730).
+ Check for invalid strings in postprocess_termcap (CVE-2017-13731).
+ Reset secondary pointers on EOF in next_char() (CVE-2017-13732).
+ Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
cancelled strings (CVE-2017-13734).
- Add usage message to clear command (Closes: #371855).
* Configure the test programs with --datadir=/usr/share/ncurses-examples.
* Look for tarballs on ftp.invisible-island.net in the watch files.
.
ncurses (6.0+20170715-2) unstable; urgency=medium
.
* Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial
upgrades from testing.
.
ncurses (6.0+20170715-1) unstable; urgency=medium
.
* New upstream patchlevel.
- Bring back the _nc_read_entry symbol in libtinfo5 (Closes: #868328),
drop the _nc_read_entry2 symbol which should not have been added.
- Repair termcap-format from tic/infocmp broken in 20170701 fixes
(Closes: #868266).
.
ncurses (6.0+20170708-1) unstable; urgency=high
.
* New upstream patchlevel.
- Correct a limit-check in fixes from CVE-2017-10684
(report by Sven Joachim).
* Amend the previous Debian changelog entry with CVE references.
.
ncurses (6.0+20170701-1) unstable; urgency=low
.
* New upstream patchlevel.
- Add/improve checks in tic's parser to address invalid input
(Redhat #1464684, #1464685, #1464686, #1464691).
+ alloc_entry.c, add a check for a null-pointer (CVE-2017-11113).
+ parse_entry.c, add several checks for valid pointers (CVE-2017-11112),
as well as one check to ensure that a single character on a line is
not treated as the 2-character termcap short-name.
- Fix a problem with buffer overflow in dump_entry.c, which is
addressed by reducing the use of a fixed-size buffer
(CVE-2017-16084, CVE-2017-10685).
* Refresh Debian patches.
* Update symbols files.
- Add new symbol _nc_read_entry2.
- Drop wo unused symbols obsoleted in 2004: _nc_check_termtype and
_nc_resolve_uses.
* Blacklist dvtm and dvtm-256color terminfo entries which are shipped
in the dvtm package (Closes: #863969).
* Mark ncurses-doc as Multi-Arch: foreign.
.
ncurses (6.0+20170408-1) experimental; urgency=low
.
* New upstream patchlevel.
- Fix a memory leak in the window-list when creating multiple
screens (reports by Andres Martinelli, Closes: #783486).
* Provide a curses(3) symlink to ncurses (Closes: #859293).
* Set LD_LIBRARY_PATH when building the test programs, fixes an
impending FTBFS when we switch to libncursesw6 from libncursesw5.
* Update years in debian/copyright.
* Change priority of libncurses5 to optional (see #852002).
.
ncurses (6.0+20161126-1) unstable; urgency=low
.
* New upstream patchlevel.
- Omit selection of ISO-8859-1 for G0 in enacs capability from
linux2.6 entry, to avoid conflict with the user-defined mapping
(Closes: #830694).
* Update symbols files for new symbol unfocus_current_field.
.
ncurses (6.0+20160917-1) unstable; urgency=medium
.
* New upstream patchlevel.
- Fix typo in 20160910 changes (Closes: #837892, patch by Sven Joachim).
.
ncurses (6.0+20160910-1) unstable; urgency=low
.
* New upstream patchlevel.
- Trim trailing blanks from include/Caps*, to work around a problem
in sed (Closes: #818067).
* Invoke configure via relative paths to prevent the build path from
showing up in binaries.
* Enable parallel builds.
Checksums-Sha1:
92ef1065ee4136ff081b09f6ab73063ff446be33 4768 ncurses_6.0+20171125-1ubuntu1.dsc
179d79d707ac5040499294e3206fd558d52b604a 3352201 ncurses_6.0+20171125.orig.tar.gz
13656bfcf44dc945bece6e4d60399dd356344225 267 ncurses_6.0+20171125.orig.tar.gz.asc
670f624d67abf8d3a93c282e5235e775e6edf4ee 56072 ncurses_6.0+20171125-1ubuntu1.debian.tar.xz
b37dc3bed23f496c0300eb68d7f12595a465e7e4 7971 ncurses_6.0+20171125-1ubuntu1_source.buildinfo
Checksums-Sha256:
df24534426b6a3440cf72a8de40ecda113ac1a5adde45982ca090f4b397025f2 4768 ncurses_6.0+20171125-1ubuntu1.dsc
22adbdd3c2ddfaabea8ea75de3c585d59d2a2cde4b5197dd7dd40a3481fc4d85 3352201 ncurses_6.0+20171125.orig.tar.gz
5140b404d8c4ac29241d2461a5cbadcd0a821aa61c1ce6ef5fb07030c8e491c3 267 ncurses_6.0+20171125.orig.tar.gz.asc
1697e81960eda56e63bd870dacfd833725b44436c203d97118e58f17dd461e45 56072 ncurses_6.0+20171125-1ubuntu1.debian.tar.xz
d05c43efef5b196935fac6009d74be8af8e8045ef8aea70444d4b59ff8badc6b 7971 ncurses_6.0+20171125-1ubuntu1_source.buildinfo
Files:
7d035a66c9d1d621c0a1c564755bcef6 4768 libs required ncurses_6.0+20171125-1ubuntu1.dsc
4aeb6cbb167d23386e929291dcd14c42 3352201 libs required ncurses_6.0+20171125.orig.tar.gz
aa8e99d7c3d3ec28cd82d8bc73e0a062 267 libs required ncurses_6.0+20171125.orig.tar.gz.asc
14db5672be4cb3c16222381b78048ab9 56072 libs required ncurses_6.0+20171125-1ubuntu1.debian.tar.xz
d43cbf91892e04c5fcd62c44c4aa32ee 7971 libs required ncurses_6.0+20171125-1ubuntu1_source.buildinfo
Original-Maintainer: Craig Small <csmall at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIwBAEBCgAaBQJaV8BuExxqdWxpYW5rQHVidW50dS5jb20ACgkQ1zw55WWAs4az
mRAAthYB5hT/YEsKhGcAkQTkcvUjFN4asl82dfGtbBWdtyq/0o1jDZVHyCl2CZ1s
3CwiCfV08PZxV+mOWTTsCZujhDuwc9g5M4Y7MXDEb94762Fq3+8rR4rzOZ7tXT16
5vK0xZfwwMcBvo91ofkH0CmRRXes72lnyLV0+bozcsXuXlHrbfQuXx6LxWRFvxMG
pgPe9DtL/MNLUAw3aRE4mHnLo+0uZVmFAhMMDINCyW7ABgWeu2sVNk2It/IJr+9C
wxeJxpjt9nu4FUQkk1P8YQiy3V1LuIBvh6tDmbxgOO7k7AttwcGVQFBy4a5zThSd
WstQqVp0JfN1NsNhQsoTmbjYmDA05iuEedfeJIA8XVSqnh8pPCkvUaBEiYhBR4kr
i7EPDnFGB9EkasClRGf4JGj95S5x1I3sNOtZ3MipvUy9AYA9mhyj7x8NGlCkZljC
BVMG0vdcQuDf7hq+8H85QQiO3GKtB5D9HtqY4iS1VLpNqeXTgiaAYtDMbw5q2TKA
U0IrQM9JraGH/5uiQ61rruID97Q30JbtnUf+nnwT1wzmMLbWVJUZecaiyqlhaw4O
1zE+oTbSzehNheEOQq+Onv5PUeRrp2ySlL9wyMG5Y7Ko5SFy5mk+prgcJyw0rXFf
lRAol7w/sVj8hKrDs5z7QC4u2xqNKQHAplhASch1BTIiT3A=
=ZUo2
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list