-
ncurses (6.1+20181013-2+deb10u2) buster; urgency=medium
* Cherry-pick tic fixes from upstream patchlevels 20191012,
20191015 and 20191019 (Closes: #942401).
- Check for invalid hashcode in _nc_find_type_entry and
nc_find_entry (CVE-2019-17594).
- Check for missing character after backslash in fmt_entry
(CVE-2019-17595).
- Check for acsc with odd length in dump_entry in check for
one-one mapping.
- Check for missing character after backslash in write_it.
- Modify tic to exit if it cannot remove a conflicting name, because
treating that as a partial success can cause an infinite loop in
use-resolution.
-- Sven Joachim <email address hidden> Sat, 02 Nov 2019 19:16:19 +0100
-
ncurses (6.1+20181013-2+deb10u1) buster; urgency=medium
* Drop "rep" from xterm-new and derived terminfo descriptions
(Closes: #933053).
-- Sven Joachim <email address hidden> Mon, 05 Aug 2019 20:03:21 +0200
-
ncurses (6.1+20181013-2) unstable; urgency=medium
* Add Breaks against libmono-corlib4.5-cil (<< 4.6.2.7+dfsg-2)
to ncurses-base and ncurses-term (Closes: #899394).
* Add Build-Depends-Package annotations to the symbols files.
* Add a lintian override to ncurses-examples for
package-contains-documentation-outside-usr-share-doc.
* Upgrade Standards-Version to 4.3.0, no changes needed.
-- Sven Joachim <email address hidden> Mon, 11 Feb 2019 18:17:20 +0100
-
ncurses (6.1+20181013-1) unstable; urgency=medium
* New upstream patchlevel.
- Modify configure scripts to reduce relinking/ranlib during library
install. Together with the next change, this Closes: #903790.
* Configure with --disable-relink.
* Fix wrong-path-for-interpreter lintian error in ncurses-examples.
* Add Breaks against libunibilium4 (<< 2.0.0-3) to ncurses-base and
ncurses-term (Closes: #904337).
* Upgrade Standards-Version to 4.2.1, no further changes needed.
-- Sven Joachim <email address hidden> Thu, 18 Oct 2018 19:45:43 +0200
-
ncurses (6.1+20180714-1) unstable; urgency=medium
* New upstream patchlevel.
- Fix a case where tiparm could return null if the format-string was
empty (Closes: #902630).
- Reduce use of _GNU_SOURCE for current glibc where _DEFAULT_SOURCE
combines with _XOPEN_SOURCE (Closes: #900987).
- Modify generated ncurses*config and ncurses.pc, ncursesw.pc, etc.,
to list helper libraries such as gpm for static linking (see #900839).
* Refresh Debian patches.
* Stop building special debug libraries, and mark the -dbg packages as
Multi-Arch: same (Addresses: #849003).
* Build the static libraries without gpm support (Closes: #900839).
* Upgrade Standards-Version to 4.1.5, no changes needed.
-- Sven Joachim <email address hidden> Tue, 17 Jul 2018 18:17:02 +0200
-
ncurses (6.1+20180210-4) unstable; urgency=medium
* Take over the dvtm and dvtm-256color terminfo entries from the dvtm
package in ncurses-term (see #897953).
* Cherry-pick a fix from the 20180519 patchlevel: add check in
pair_content() to handle the case where caller asks for an
uninitialized pair (Closes: #898658).
* Move screen.xterm-256color and rxvt-unicode-256color terminfo entries
from ncurses-term to ncurses-base (Closes: #898666, #898948).
* Speed up binary-indep builds by building only the configurations
necessary to install and run tic.
- Move the g++-muiltilib build dependency to Build-Depends-Arch.
-- Sven Joachim <email address hidden> Mon, 21 May 2018 10:54:08 +0200
-
ncurses (6.1+20180210-3) unstable; urgency=medium
* Add back "Suggests: ncurses-doc" to libncurses-dev which inadvertently
got lost in 6.1+20180210-1 (Closes: #897035).
* Cherry-pick a fix from the 20180414 patchlevel: add a null-pointer
check in _nc_parse_entry to handle an error when a use-name is invalid
syntax (report by Chung-Yi Lin, CVE-2018-10754).
* Add Breaks against versions of bash-static and zsh-static which were
built with libtinfo before 6.1 to ncurses-{base,term}.
-- Sven Joachim <email address hidden> Thu, 10 May 2018 16:17:05 +0200
-
ncurses (6.1+20180210-2) unstable; urgency=medium
* Run dh_autoreconf at build time to regenerate configure scripts.
- Add a build-dependency on autoconf-dickey (>= 2.52+20170501).
- Drop debian/README.source.
* Drop Replaces/Breaks relationships on pre-wheezy packages.
* Add more Breaks to ncurses-base and ncurses-term against libraries
incompatible with the new terminfo format: libtinfo5 (<< 6.1) and
libunibilium0 (Closes: #891380).
* Update the watch files to version 4, and look for tarballs on
https://invisible-mirror.net.
* Bump debhelper compatibility level to 11.
* Use "dh_missing --fail-missing" instead of "dh_install --fail-missing".
* Temporarily add ncurses{w,}5-config compatibility symlinks.
* Upgrade Standards-Version to 4.1.4, no changes needed.
* Upload to unstable.
-- Sven Joachim <email address hidden> Thu, 26 Apr 2018 18:07:30 +0200
-
ncurses (6.1-1) unstable; urgency=low
* New upstream release.
* Refresh Debian patches.
* Update symbols files and bump shlibs.
- Bump the minimal version of symbols introduced after the 6.0
release to 6.1.
- Reset the minimal version of _nc_read_entry to back to 6.
* Pass --disable-stripping to the configure scripts.
* Update xterm.ti from xterm 331.
* Use https in the Homepage field.
* Update Vcs-{Browser,Git} URLs to point at salsa.debian.org.
* Change priority of all library packages to optional.
* Update years in debian/copyright.
-- Sven Joachim <email address hidden> Sun, 11 Feb 2018 21:06:50 +0100
-
ncurses (6.0+20171125-1) unstable; urgency=medium
* New upstream patchlevel.
- Modify _nc_write_entry() to truncate too-long filename (report by
Hosein Askari (CVE-2017-16879), Closes: #882620).
* Change priority of the -dbg packages and the udeb to optional.
* Delete trailing whitespace in debian/changelog.
* Bump debhelper compatibility level to 10.
* Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config
and drop the explicit autotools-dev build dependency.
* Drop dpkg-dev build dependency, already fulfilled in oldstable.
* Do not require (fake)root for building the packages.
* Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt.
-- Sven Joachim <email address hidden> Mon, 27 Nov 2017 17:56:51 +0100
-
ncurses (6.0+20170902-1) unstable; urgency=medium
* New upstream patchlevel.
- Modify check in fmt_entry() to handle a cancelled reset string
(CVE-2017-13733, Closes: #873746).
-- Sven Joachim <email address hidden> Sun, 03 Sep 2017 19:25:01 +0200
-
ncurses (6.0+20170715-2) unstable; urgency=medium
* Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial
upgrades from testing.
-- Sven Joachim <email address hidden> Sun, 16 Jul 2017 18:23:24 +0200
-
ncurses (6.0+20170708-1) unstable; urgency=high
* New upstream patchlevel.
- Correct a limit-check in fixes from CVE-2017-10684
(report by Sven Joachim).
* Amend the previous Debian changelog entry with CVE references.
-- Sven Joachim <email address hidden> Sun, 09 Jul 2017 11:50:10 +0200
-
ncurses (6.0+20161126-1+deb9u2) stretch; urgency=medium
* Cherry-pick upstream fix from the 20171125 patchlevel to fix
a buffer overflow in the _nc_write_entry function
(CVE-2017-16879, Closes: #882620).
-- Sven Joachim <email address hidden> Thu, 28 Dec 2017 10:47:33 +0100
-
ncurses (6.0+20161126-1+deb9u1) stretch; urgency=medium
* Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels
for various crash bugs in the tic library and the tic binary
(CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113).
* Backport termcap-format fix from the 20170715 patchlevel, repairing a
regression from the above security fixes (see #868266).
* Cherry-pick upstream fixes from the 20170826 patchlevel for more
crash bugs in the tic library (CVE-2017-13728, CVE-2017-13729,
CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734,
Closes: #873723).
* Cherry-pick upstream fixes from the 20170902 patchlevel to fix
another crash bug in the tic program (CVE-2017-13733, Closes: #873746).
-- Sven Joachim <email address hidden> Thu, 07 Sep 2017 19:05:43 +0200
-
ncurses (6.0+20161126-1) unstable; urgency=low
* New upstream patchlevel.
- Omit selection of ISO-8859-1 for G0 in enacs capability from
linux2.6 entry, to avoid conflict with the user-defined mapping
(Closes: #830694).
* Update symbols files for new symbol unfocus_current_field.
-- Sven Joachim <email address hidden> Tue, 29 Nov 2016 21:19:08 +0100
