Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1

To: Sven Joachim <svenjoac@gmx.de>, 867814@bugs.debian.org
Cc: Cyril Brulebois <kibi@debian.org>, debian-boot@lists.debian.org
Subject: Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 28 Sep 2017 06:40:23 +0100
Message-id: <[🔎] 1506577223.2243.73.camel@adam-barratt.org.uk>
In-reply-to: <[🔎] 87fubczhv1.fsf@turtle.gmx.de>
References: <87eftpcyb4.fsf@turtle.gmx.de> <1500113059.5317.185.camel@adam-barratt.org.uk> <874luegejd.fsf@turtle.gmx.de> <87o9sgnut3.fsf@turtle.gmx.de> <[🔎] 87r2vjhiqz.fsf@turtle.gmx.de> <87eftpcyb4.fsf@turtle.gmx.de> <[🔎] 20170907170637.cwq5het6efaz4gsz@mraw.org> <[🔎] 1506193158.2243.32.camel@adam-barratt.org.uk> <87eftpcyb4.fsf@turtle.gmx.de> <[🔎] 87fubczhv1.fsf@turtle.gmx.de>

Control: tags -1 + pending

On Sun, 2017-09-24 at 09:16 +0200, Sven Joachim wrote:
> On 2017-09-23 19:59 +0100, Adam D. Barratt wrote:
> 
> > Control: tags -1 -moreinfo +confirmed
> > 
> > On Thu, 2017-09-07 at 19:06 +0200, Cyril Brulebois wrote:
> > > Sven Joachim <svenjoac@gmx.de> (2017-09-06):
> > > > Meanwhile seven new CVEs in the tic library and programs have
> > > > been
> > > > reported, and I would like to fix those as well, see the
> > > > attached
> > > > new
> > > > debdiff.  It contains all the library changes from the 20170826
> > > > upstream
> > > > patchlevel and the program fixes of the 20170902 patchlevel.  I
> > > > have
> > > > also attached the test cases for the 13 bugs reported in the
> > > > Red
> > > > Hat
> > > > bugtracker.
> > > > 
> > > > > > > I'd be okay with this, but it will need a kibi-ack due to
> > > > > > > the
> > > > > > > udeb.
> > > > > > 
> > > > > > The changes do not touch the tinfo library which is all
> > > > > > that
> > > > > > shipped in
> > > > > > the udeb.
> > > > > 
> > > > > To elaborate on that, ncurses/tinfo/{alloc,parse}_entry.c are
> > > > > compiled
> > > > > into the tic library while progs/dump_entry.c is for the
> > > > > infocmp
> > > > > and tic
> > > > > programs.  Building 6.0+20161126-1 and 6.0+20161126-1+deb9u1
> > > > > in a
> > > > > stretch chroot produced identical libtinfo.so.5.9 files.
> > > > 
> > > > This is unfortunately no longer the case, since strings.c and
> > > > trim_sgr0.c are compiled into the tinfo library.  However, the
> > > > changes
> > > > to these files are small.
> > > 
> > > I have no straightforward way to double check things still run
> > > smoothly
> > > with stretch's d-i, so I'll follow whatever decision the release
> > > team
> > > makes; if regressions pop up, we'll figure out how to fix them.
> > > 
> > 
> > Let's go with it and keep our fingers crossed that any issues show
> > up
> > quickly.
> 
> Thanks, uploaded.
> 

Flagged for acceptance, thanks.

Regards,

Adam

Reply to:

References:
- Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
  - From: Cyril Brulebois <kibi@debian.org>
- Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
  - From: Sven Joachim <svenjoac@gmx.de>

Prev by Date: partman-auto_140_source.changes ACCEPTED into unstable
Next by Date: Bug#877200: help users identify unknown keyboard layouts
Previous by thread: Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Next by thread: Processing of di-netboot-assistant_0.43_amd64.changes
Index(es):
- Date
- Thread