[ubuntu/bionic-proposed] ncurses 6.0+20171125-1ubuntu1 (Accepted)

Julian Andres Klode juliank at ubuntu.com
Thu Jan 11 20:05:14 UTC 2018


ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable (LP: #1637239).  Remaining changes:
    - Add a simple autopkgtest to the package.
    - Build x32 packages.
    - Build lib32 packages on s390x.
  * Fix typo in libx32 package descriptions

ncurses (6.0+20171125-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Modify _nc_write_entry() to truncate too-long filename (report by
      Hosein Askari (CVE-2017-16879), Closes: #882620).
  * Change priority of the -dbg packages and the udeb to optional.
  * Delete trailing whitespace in debian/changelog.
  * Bump debhelper compatibility level to 10.
  * Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config
    and drop the explicit autotools-dev build dependency.
  * Drop dpkg-dev build dependency, already fulfilled in oldstable.
  * Do not require (fake)root for building the packages.
  * Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt.

ncurses (6.0+20170902-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Modify check in fmt_entry() to handle a cancelled reset string
      (CVE-2017-13733, Closes: #873746).

ncurses (6.0+20170827-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Add/improve checks in tic's parser to address invalid input
      (Closes: #873723).
      + Add a check in comp_scan.c to handle the special case where a
        nontext file ending with a NUL rather than newline is given to
        tic as input (CVE-2017-13728).
      + Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729).
      + Add validity checks for "use=" target in _nc_parse_entry
        (CVE-2017-13730).
      + Check for invalid strings in postprocess_termcap (CVE-2017-13731).
      + Reset secondary pointers on EOF in next_char() (CVE-2017-13732).
      + Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
        cancelled strings (CVE-2017-13734).
    - Add usage message to clear command (Closes: #371855).
  * Configure the test programs with --datadir=/usr/share/ncurses-examples.
  * Look for tarballs on ftp.invisible-island.net in the watch files.

ncurses (6.0+20170715-2) unstable; urgency=medium

  * Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial
    upgrades from testing.

ncurses (6.0+20170715-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Bring back the _nc_read_entry symbol in libtinfo5 (Closes: #868328),
      drop the _nc_read_entry2 symbol which should not have been added.
    - Repair termcap-format from tic/infocmp broken in 20170701 fixes
      (Closes: #868266).

ncurses (6.0+20170708-1) unstable; urgency=high

  * New upstream patchlevel.
    - Correct a limit-check in fixes from CVE-2017-10684
      (report by Sven Joachim).
  * Amend the previous Debian changelog entry with CVE references.

ncurses (6.0+20170701-1) unstable; urgency=low

  * New upstream patchlevel.
    - Add/improve checks in tic's parser to address invalid input
      (Redhat #1464684, #1464685, #1464686, #1464691).
      + alloc_entry.c, add a check for a null-pointer (CVE-2017-11113).
      + parse_entry.c, add several checks for valid pointers (CVE-2017-11112),
        as well as one check to ensure that a single character on a line is
        not treated as the 2-character termcap short-name.
    - Fix a problem with buffer overflow in dump_entry.c, which is
      addressed by reducing the use of a fixed-size buffer
      (CVE-2017-16084, CVE-2017-10685).
  * Refresh Debian patches.
  * Update symbols files.
    - Add new symbol _nc_read_entry2.
    - Drop wo unused symbols obsoleted in 2004: _nc_check_termtype and
      _nc_resolve_uses.
  * Blacklist dvtm and dvtm-256color terminfo entries which are shipped
    in the dvtm package (Closes: #863969).
  * Mark ncurses-doc as Multi-Arch: foreign.

ncurses (6.0+20170408-1) experimental; urgency=low

  * New upstream patchlevel.
    - Fix a memory leak in the window-list when creating multiple
      screens (reports by Andres Martinelli, Closes: #783486).
  * Provide a curses(3) symlink to ncurses (Closes: #859293).
  * Set LD_LIBRARY_PATH when building the test programs, fixes an
    impending FTBFS when we switch to libncursesw6 from libncursesw5.
  * Update years in debian/copyright.
  * Change priority of libncurses5 to optional (see #852002).

ncurses (6.0+20161126-1) unstable; urgency=low

  * New upstream patchlevel.
    - Omit selection of ISO-8859-1 for G0 in enacs capability from
      linux2.6 entry, to avoid conflict with the user-defined mapping
      (Closes: #830694).
  * Update symbols files for new symbol unfocus_current_field.

ncurses (6.0+20160917-1) unstable; urgency=medium

  * New upstream patchlevel.
    - Fix typo in 20160910 changes (Closes: #837892, patch by Sven Joachim).

ncurses (6.0+20160910-1) unstable; urgency=low

  * New upstream patchlevel.
    - Trim trailing blanks from include/Caps*, to work around a problem
      in sed (Closes: #818067).
  * Invoke configure via relative paths to prevent the build path from
    showing up in binaries.
  * Enable parallel builds.

Date: Thu, 11 Jan 2018 20:51:25 +0100
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ncurses/6.0+20171125-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 11 Jan 2018 20:51:25 +0100
Source: ncurses
Binary: libtinfo5 libtinfo5-udeb libncurses5 libtinfo-dev libtinfo5-dbg libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib64tinfo5 lib32tinfo5 lib32tinfo-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc libx32ncurses5 libx32ncurses5-dev libx32ncursesw5 libx32ncursesw5-dev libx32tinfo5 libx32tinfo-dev
Architecture: source
Version: 6.0+20171125-1ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Description:
 lib32ncurses5 - shared libraries for terminal handling (32-bit)
 lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
 lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
 lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
 lib32tinfo-dev - developer's library for the low-level terminfo library (32-bit)
 lib32tinfo5 - shared low-level terminfo library for terminal handling (32-bit)
 lib64ncurses5 - shared libraries for terminal handling (64-bit)
 lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
 lib64tinfo5 - shared low-level terminfo library for terminal handling (64-bit)
 libncurses5 - shared libraries for terminal handling
 libncurses5-dbg - debugging/profiling libraries for ncurses
 libncurses5-dev - developer's libraries for ncurses
 libncursesw5 - shared libraries for terminal handling (wide character support)
 libncursesw5-dbg - debugging/profiling libraries for ncursesw
 libncursesw5-dev - developer's libraries for ncursesw
 libtinfo-dev - developer's library for the low-level terminfo library
 libtinfo5  - shared low-level terminfo library for terminal handling
 libtinfo5-dbg - debugging/profiling library for the low-level terminfo library
 libtinfo5-udeb - shared low-level terminfo library for terminal handling - udeb (udeb)
 libx32ncurses5 - shared libraries for terminal handling (x32)
 libx32ncurses5-dev - developer's libraries for ncurses (x32)
 libx32ncursesw5 - shared libraries for terminal handling (wide character support) (
 libx32ncursesw5-dev - developer's libraries for ncursesw (x32)
 libx32tinfo-dev - developer's library for the low-level terminfo library (x32)
 libx32tinfo5 - shared low-level terminfo library for terminal handling (x32)
 ncurses-base - basic terminal type definitions
 ncurses-bin - terminal-related programs and man pages
 ncurses-doc - developer's guide and documentation for ncurses
 ncurses-examples - test programs and examples for ncurses
 ncurses-term - additional terminal type definitions
Closes: 371855 783486 818067 830694 837892 859293 863969 868266 868328 873723 873746 882620
Launchpad-Bugs-Fixed: 1637239
Changes:
 ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low
 .
   * Merge from Debian unstable (LP: #1637239).  Remaining changes:
     - Add a simple autopkgtest to the package.
     - Build x32 packages.
     - Build lib32 packages on s390x.
   * Fix typo in libx32 package descriptions
 .
 ncurses (6.0+20171125-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Modify _nc_write_entry() to truncate too-long filename (report by
       Hosein Askari (CVE-2017-16879), Closes: #882620).
   * Change priority of the -dbg packages and the udeb to optional.
   * Delete trailing whitespace in debian/changelog.
   * Bump debhelper compatibility level to 10.
   * Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config
     and drop the explicit autotools-dev build dependency.
   * Drop dpkg-dev build dependency, already fulfilled in oldstable.
   * Do not require (fake)root for building the packages.
   * Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt.
 .
 ncurses (6.0+20170902-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Modify check in fmt_entry() to handle a cancelled reset string
       (CVE-2017-13733, Closes: #873746).
 .
 ncurses (6.0+20170827-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Add/improve checks in tic's parser to address invalid input
       (Closes: #873723).
       + Add a check in comp_scan.c to handle the special case where a
         nontext file ending with a NUL rather than newline is given to
         tic as input (CVE-2017-13728).
       + Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729).
       + Add validity checks for "use=" target in _nc_parse_entry
         (CVE-2017-13730).
       + Check for invalid strings in postprocess_termcap (CVE-2017-13731).
       + Reset secondary pointers on EOF in next_char() (CVE-2017-13732).
       + Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
         cancelled strings (CVE-2017-13734).
     - Add usage message to clear command (Closes: #371855).
   * Configure the test programs with --datadir=/usr/share/ncurses-examples.
   * Look for tarballs on ftp.invisible-island.net in the watch files.
 .
 ncurses (6.0+20170715-2) unstable; urgency=medium
 .
   * Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial
     upgrades from testing.
 .
 ncurses (6.0+20170715-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Bring back the _nc_read_entry symbol in libtinfo5 (Closes: #868328),
       drop the _nc_read_entry2 symbol which should not have been added.
     - Repair termcap-format from tic/infocmp broken in 20170701 fixes
       (Closes: #868266).
 .
 ncurses (6.0+20170708-1) unstable; urgency=high
 .
   * New upstream patchlevel.
     - Correct a limit-check in fixes from CVE-2017-10684
       (report by Sven Joachim).
   * Amend the previous Debian changelog entry with CVE references.
 .
 ncurses (6.0+20170701-1) unstable; urgency=low
 .
   * New upstream patchlevel.
     - Add/improve checks in tic's parser to address invalid input
       (Redhat #1464684, #1464685, #1464686, #1464691).
       + alloc_entry.c, add a check for a null-pointer (CVE-2017-11113).
       + parse_entry.c, add several checks for valid pointers (CVE-2017-11112),
         as well as one check to ensure that a single character on a line is
         not treated as the 2-character termcap short-name.
     - Fix a problem with buffer overflow in dump_entry.c, which is
       addressed by reducing the use of a fixed-size buffer
       (CVE-2017-16084, CVE-2017-10685).
   * Refresh Debian patches.
   * Update symbols files.
     - Add new symbol _nc_read_entry2.
     - Drop wo unused symbols obsoleted in 2004: _nc_check_termtype and
       _nc_resolve_uses.
   * Blacklist dvtm and dvtm-256color terminfo entries which are shipped
     in the dvtm package (Closes: #863969).
   * Mark ncurses-doc as Multi-Arch: foreign.
 .
 ncurses (6.0+20170408-1) experimental; urgency=low
 .
   * New upstream patchlevel.
     - Fix a memory leak in the window-list when creating multiple
       screens (reports by Andres Martinelli, Closes: #783486).
   * Provide a curses(3) symlink to ncurses (Closes: #859293).
   * Set LD_LIBRARY_PATH when building the test programs, fixes an
     impending FTBFS when we switch to libncursesw6 from libncursesw5.
   * Update years in debian/copyright.
   * Change priority of libncurses5 to optional (see #852002).
 .
 ncurses (6.0+20161126-1) unstable; urgency=low
 .
   * New upstream patchlevel.
     - Omit selection of ISO-8859-1 for G0 in enacs capability from
       linux2.6 entry, to avoid conflict with the user-defined mapping
       (Closes: #830694).
   * Update symbols files for new symbol unfocus_current_field.
 .
 ncurses (6.0+20160917-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Fix typo in 20160910 changes (Closes: #837892, patch by Sven Joachim).
 .
 ncurses (6.0+20160910-1) unstable; urgency=low
 .
   * New upstream patchlevel.
     - Trim trailing blanks from include/Caps*, to work around a problem
       in sed (Closes: #818067).
   * Invoke configure via relative paths to prevent the build path from
     showing up in binaries.
   * Enable parallel builds.
Checksums-Sha1:
 92ef1065ee4136ff081b09f6ab73063ff446be33 4768 ncurses_6.0+20171125-1ubuntu1.dsc
 179d79d707ac5040499294e3206fd558d52b604a 3352201 ncurses_6.0+20171125.orig.tar.gz
 13656bfcf44dc945bece6e4d60399dd356344225 267 ncurses_6.0+20171125.orig.tar.gz.asc
 670f624d67abf8d3a93c282e5235e775e6edf4ee 56072 ncurses_6.0+20171125-1ubuntu1.debian.tar.xz
 b37dc3bed23f496c0300eb68d7f12595a465e7e4 7971 ncurses_6.0+20171125-1ubuntu1_source.buildinfo
Checksums-Sha256:
 df24534426b6a3440cf72a8de40ecda113ac1a5adde45982ca090f4b397025f2 4768 ncurses_6.0+20171125-1ubuntu1.dsc
 22adbdd3c2ddfaabea8ea75de3c585d59d2a2cde4b5197dd7dd40a3481fc4d85 3352201 ncurses_6.0+20171125.orig.tar.gz
 5140b404d8c4ac29241d2461a5cbadcd0a821aa61c1ce6ef5fb07030c8e491c3 267 ncurses_6.0+20171125.orig.tar.gz.asc
 1697e81960eda56e63bd870dacfd833725b44436c203d97118e58f17dd461e45 56072 ncurses_6.0+20171125-1ubuntu1.debian.tar.xz
 d05c43efef5b196935fac6009d74be8af8e8045ef8aea70444d4b59ff8badc6b 7971 ncurses_6.0+20171125-1ubuntu1_source.buildinfo
Files:
 7d035a66c9d1d621c0a1c564755bcef6 4768 libs required ncurses_6.0+20171125-1ubuntu1.dsc
 4aeb6cbb167d23386e929291dcd14c42 3352201 libs required ncurses_6.0+20171125.orig.tar.gz
 aa8e99d7c3d3ec28cd82d8bc73e0a062 267 libs required ncurses_6.0+20171125.orig.tar.gz.asc
 14db5672be4cb3c16222381b78048ab9 56072 libs required ncurses_6.0+20171125-1ubuntu1.debian.tar.xz
 d43cbf91892e04c5fcd62c44c4aa32ee 7971 libs required ncurses_6.0+20171125-1ubuntu1_source.buildinfo
Original-Maintainer: Craig Small <csmall at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIwBAEBCgAaBQJaV8BuExxqdWxpYW5rQHVidW50dS5jb20ACgkQ1zw55WWAs4az
mRAAthYB5hT/YEsKhGcAkQTkcvUjFN4asl82dfGtbBWdtyq/0o1jDZVHyCl2CZ1s
3CwiCfV08PZxV+mOWTTsCZujhDuwc9g5M4Y7MXDEb94762Fq3+8rR4rzOZ7tXT16
5vK0xZfwwMcBvo91ofkH0CmRRXes72lnyLV0+bozcsXuXlHrbfQuXx6LxWRFvxMG
pgPe9DtL/MNLUAw3aRE4mHnLo+0uZVmFAhMMDINCyW7ABgWeu2sVNk2It/IJr+9C
wxeJxpjt9nu4FUQkk1P8YQiy3V1LuIBvh6tDmbxgOO7k7AttwcGVQFBy4a5zThSd
WstQqVp0JfN1NsNhQsoTmbjYmDA05iuEedfeJIA8XVSqnh8pPCkvUaBEiYhBR4kr
i7EPDnFGB9EkasClRGf4JGj95S5x1I3sNOtZ3MipvUy9AYA9mhyj7x8NGlCkZljC
BVMG0vdcQuDf7hq+8H85QQiO3GKtB5D9HtqY4iS1VLpNqeXTgiaAYtDMbw5q2TKA
U0IrQM9JraGH/5uiQ61rruID97Q30JbtnUf+nnwT1wzmMLbWVJUZecaiyqlhaw4O
1zE+oTbSzehNheEOQq+Onv5PUeRrp2ySlL9wyMG5Y7Ko5SFy5mk+prgcJyw0rXFf
lRAol7w/sVj8hKrDs5z7QC4u2xqNKQHAplhASch1BTIiT3A=
=ZUo2
-----END PGP SIGNATURE-----


More information about the Bionic-changes mailing list