Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
On 2017-09-09 15:08 +0200, Julien Cristau wrote:
> Do you know what the reverse dependencies of the tic program or library
> are in Debian,
Short answer: I don't know.
Long answer:
The tic library is used by tack and a few programs in ncurses-bin (tic
and its aliases infotocap/captoinfo, infocmp and toe). I am not aware
of any others, but there might be one or two.
For the programs, infocmp is commonly used by Perl's Term::Cap module
which in turn is used by other Perl modules, so by quite a few
packages. It only runs infocmp on the terminfo description pointed to
by the TERM variable. There are 40+ other hits for infocmp on
codesearch.debian.net, I have not really checked them.
Apparently captoinfo and infotocap have no reverse dependencies. For
tic and toe, it is impossible to check due to their short names. :-(
If you run tic with common arguments as a normal user, it will write to
the ~/.terminfo directory, creating it if necessary. I don't have this
directory which indicates that third parties don't run tic behind my
back, but then again I have only a fraction of all packages installed.
> and whether any of them commonly process untrusted
> terminfo data (though I know that's not an easy thing to paint as
> black/white)?
If I had known such a program, I would have asked for a DSA after all.
So I don't know, but my knowledge is limited and Debian is large.
Cheers,
Sven
Reply to: