--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ncur...@packages.debian.org
Control: affects -1 + src:ncurses
I would like to fix three bugs[1,2,3] in ncurses for Bookworm. While
none of them is RC, they have some impact on users, and the changes are
fairly small.
[ Reason ]
1. Pasting in vim is broken on some terminal emulators[1]
Remedy: Declare versioned Breaks against vim-common in ncurses-{base,term}
2. Stack buffer overflow in "tic -I" on crafted input[2]
Remedy: Cherry-pick upstream fix
3. On i386 and mips64el, libncurses++w.a is not stripped[3]
Remedy: Strip the file by hand in debian/rules
[ Impact ]
1. On upgrades from Bullseye to Bookworm, if ncurses-base is upgraded
before vim (which is rather likely without the Breaks), pasting in
vim is severely broken for some terminal emulators and values of
$TERM. One rather popular combination is using tmux and TERM=tmux
or TERM=tmux-256color.
For the gory details see #1027435, #1027674[4] and upstream issue
11766[5] in vim.
2. Potentially a security issue, although it requires some cooperation
by the victim, and the stack protection should prevent worse things
than a crash. Several cases of such crash bugs in tic have been
fixed via point releases in the past.
3. On the affected architectures, several hundred kilobytes are used,
and the size of libncurses-dev.deb also increases, wasting bandwith.
Perhaps more importantly, the build becomes unreproducible, a sad
regression compared to previous Debian releases.
[ Tests ]
1. No tests have been performed yet. Once ncurses 6.4-2 is in unstable
I intend to test upgrades from Bullseye in a chroot, but real world
examples with 1000+ installed packages will have to be tested by
users.
2. The reproducer test given by the upstream bug submitter no longer
crashes. The terminfo database in the ncurses-{base,term} packages
is identical with the 6.4-1 version.
3. The offending file is stripped on i386, and two test builds produced
identical packages.
[ Risks ]
1. On upgrades from Bullseye, the upgrade of ncurses-base and
ncurses-term will be delayed. All reverse dependencies in the archive
are satisfied with the Bullseye versions, so I do not expect problems.
2. Although the fix is small, it might still contain bugs. Any damage
will be limited to the usage of "infocmp -u", "tic -I" and "tic -C"
(or their aliases infotocap and captoinfo), which are not used very
often.
3. Although the workaround for debhelper bug #875780[6] is not exactly
pretty, it should not pose any risks.
[ Checklist ]
[x] all changes are documented in debian/changelog
[x] I reviewed all changes and I approve them
[x] attach the patches applied in git, rather than a debdiff
Thanks for your consideration.
Cheers,
Sven
1. https://bugs.debian.org/1027435
2. https://bugs.debian.org/1029399
3. https://bugs.debian.org/1029404
4. https://bugs.debian.org/1027674
5. https://github.com/vim/vim/issues/11766
6. https://bugs.debian.org/875780
From 12bb87e58cf0ad787b90281452404a9ee1240244 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenj...@gmx.de>
Date: Sun, 22 Jan 2023 18:02:59 +0100
Subject: [PATCH 1/3] Add versioned Breaks against vim-common to
ncurses-{base,term}
Pasting text is broken in older vim versions for some rather popular
terminals and values of $TERM, e.g. in tmux if TERM is set to "tmux"
or "tmux-256color". To avoid nasty surprises on partial upgrades,
ensure that a fixed vim version is installed along the new terminfo
database.
Closes: #1027435
---
debian/changelog | 7 +++++++
debian/control | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3af8f1e5..fdd6f828 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ncurses (6.4-2) UNRELEASED; urgency=medium
+
+ * Add Breaks against vim-common (<< 2:9.0.1000-2) to ncurses-base
+ and ncurses-term (Closes: #1027435).
+
+ -- Sven Joachim <svenj...@gmx.de> Sun, 22 Jan 2023 17:59:41 +0100
+
ncurses (6.4-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/control b/debian/control
index 0d2f7af0..fc151b97 100644
--- a/debian/control
+++ b/debian/control
@@ -24,7 +24,7 @@ Provides: ncurses-runtime
Breaks: libtinfo5 (<< 6.1), libslang2 (<< 2.3.1a-3), libunibilium0 (<< 2),
libunibilium4 (<< 2.0.0-3), bash-static (<< 4.4.18-1.1),
zsh-static (<< 5.4.2-4), libmono-corlib4.5-cil (<< 4.6.2.7+dfsg-2),
- neovim (<< 0.6.0)
+ neovim (<< 0.6.0), vim-common (<< 2:9.0.1000-2)
Description: basic terminal type definitions
The ncurses library routines are a terminal-independent method of
updating character screens with reasonable optimization.
@@ -44,7 +44,7 @@ Replaces: dvtm (<< 0.15-3), alacritty (<< 0.3.4~), jfbterm (<< 0.4.7-10),
Breaks: libtinfo5 (<< 6.1), libslang2 (<< 2.3.1a-3), libunibilium0 (<< 2),
libunibilium4 (<< 2.0.0-3), bash-static (<< 4.4.18-1.1),
zsh-static (<< 5.4.2-4), libmono-corlib4.5-cil (<< 4.6.2.7+dfsg-2),
- dvtm (<< 0.15-3)
+ dvtm (<< 0.15-3), vim-common (<< 2:9.0.1000-2)
Description: additional terminal type definitions
The ncurses library routines are a terminal-independent method of
updating character screens with reasonable optimization.
--
2.39.0
From 6a1c9a57de88d7fae451dbc5ae52e9311cfd18a1 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenj...@gmx.de>
Date: Sun, 22 Jan 2023 18:32:37 +0100
Subject: [PATCH 2/3] Cherry-pick upstream fix for recently reported tic crash
New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked
from the 20230121 upstream patchlevel: correct limit-check when
dumping tc/use clause via tic -I (report by Gabriel Ravier).
Closes: #1029399
---
debian/changelog | 3 ++
.../fix_crash_on_very_long_tc-use_clause.diff | 44 +++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 48 insertions(+)
create mode 100644 debian/patches/fix_crash_on_very_long_tc-use_clause.diff
diff --git a/debian/changelog b/debian/changelog
index fdd6f828..a0b2148d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ ncurses (6.4-2) UNRELEASED; urgency=medium
* Add Breaks against vim-common (<< 2:9.0.1000-2) to ncurses-base
and ncurses-term (Closes: #1027435).
+ * New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked
+ from the 20230121 patchlevel: correct limit-check when dumping tc/use
+ clause via tic -I (report by Gabriel Ravier, Closes: #1029399).
-- Sven Joachim <svenj...@gmx.de> Sun, 22 Jan 2023 17:59:41 +0100
diff --git a/debian/patches/fix_crash_on_very_long_tc-use_clause.diff b/debian/patches/fix_crash_on_very_long_tc-use_clause.diff
new file mode 100644
index 00000000..53dd2ae6
--- /dev/null
+++ b/debian/patches/fix_crash_on_very_long_tc-use_clause.diff
@@ -0,0 +1,44 @@
+Author: Sven Joachim <svenj...@gmx.de>
+Description: Fix tic crash on very long tc/use clauses
+ Correct limit-check when dumping tc/use clause via tic -I (report by
+ Gabriel Ravier), fix cherry-picked from the 20230121 upstream patchlevel.
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-01/msg00035.html
+Bug-Debian: https://bugs.debian.org/1029399
+Forwarded: not-needed
+Last-Update: 2023-01-22
+
+---
+ progs/dump_entry.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/progs/dump_entry.c
++++ b/progs/dump_entry.c
+@@ -1651,15 +1651,25 @@ dump_entry(TERMTYPE2 *tterm,
+ }
+
+ void
+-dump_uses(const char *name, bool infodump)
++dump_uses(const char *value, bool infodump)
+ /* dump "use=" clauses in the appropriate format */
+ {
+- char buffer[MAX_TERMINFO_LENGTH];
++ char buffer[MAX_TERMINFO_LENGTH + EXTRA_CAP];
++ int limit = (VALID_STRING(value) ? (int) strlen(value) : 0);
++ const char *cap = infodump ? "use" : "tc";
+
+ if (TcOutput())
+ trim_trailing();
++ if (limit == 0) {
++ _nc_warning("empty \"%s\" field", cap);
++ value = "";
++ } else if (limit > MAX_ALIAS) {
++ _nc_warning("\"%s\" field too long (%d), limit to %d",
++ cap, limit, MAX_ALIAS);
++ limit = MAX_ALIAS;
++ }
+ _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
+- "%s%s", infodump ? "use=" : "tc=", name);
++ "%s=%.*s", cap, limit, value);
+ wrap_concat1(buffer);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 1f28dda7..565d676e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
02-debian-backspace.diff
02-debian-xterm.diff
03-debian-ncursesconfig-omit-L.diff
+fix_crash_on_very_long_tc-use_clause.diff
--
2.39.0
From af4606ad8f0ac69e9b6ed3c00f10acfbd103cdb2 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenj...@gmx.de>
Date: Sun, 22 Jan 2023 19:37:18 +0100
Subject: [PATCH 3/3] Work around dh_strip bug #875780
Unfortunately perl's -B check fails to recognize libncurses++w.a as a
binary file on at least two architectures. Work around that by
stripping the file manually, using the same options as dh_strip (as of
debhelper 13.11.4).
Closes: #1029404
---
debian/changelog | 2 ++
debian/rules | 9 +++++++++
2 files changed, 11 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index a0b2148d..2820260f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ ncurses (6.4-2) UNRELEASED; urgency=medium
* New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked
from the 20230121 patchlevel: correct limit-check when dumping tc/use
clause via tic -I (report by Gabriel Ravier, Closes: #1029399).
+ * Work around dh_strip bug #875780 by stripping libncurses++w.a manually
+ (Closes: #1029404).
-- Sven Joachim <svenj...@gmx.de> Sun, 22 Jan 2023 17:59:41 +0100
diff --git a/debian/rules b/debian/rules
index 2dd9f915..870ff74e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -20,11 +20,18 @@ include /usr/share/dpkg/architecture.mk
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
HOST_CC ?= $(DEB_HOST_GNU_TYPE)-gcc
HOST_CXX ?= $(DEB_HOST_GNU_TYPE)-g++
+STRIP = $(DEB_HOST_GNU_TYPE)-strip
else
HOST_CC ?= gcc
HOST_CXX ?= g++
+STRIP = strip
endif
+STRIP_OPTIONS = --strip-debug --remove-section=.comment \
+ --remove-section=.note --enable-deterministic-archives \
+ -R .gnu.lto_* -R .gnu.debuglto_* \
+ -N __gnu_lto_slim -N __gnu_lto_v1
+
# These are important since this is a library package
soname=6
sodepver = (>= 6.3+20220423)
@@ -503,6 +510,8 @@ endif
# Strip the packages, shipping detached debugging symbols.
dh_dwz -a
dh_strip -a
+ # Fugly workaround for dh_strip bug #875780
+ $(STRIP) $(STRIP_OPTIONS) debian/libncurses-dev/usr/lib/$(DEB_HOST_MULTIARCH)/libncurses++w.a
dh_lintian -a
dh_link -a
dh_compress -p$(package-examples) usr/libexec/ncurses-examples/README
--
2.39.0
signature.asc
Description: PGP signature
--- End Message ---
