Bug#1029525: [pre-approval] unblock: ncurses/6.4-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1029525: [pre-approval] unblock: ncurses/6.4-2
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 23 Jan 2023 20:02:36 +0100
Message-id: <[🔎] 87bkmp846r.fsf@turtle.gmx.de>
Reply-to: Sven Joachim <svenjoac@gmx.de>, 1029525@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ncurses@packages.debian.org
Control: affects -1 + src:ncurses

I would like to fix three bugs[1,2,3] in ncurses for Bookworm.  While
none of them is RC, they have some impact on users, and the changes are
fairly small.

[ Reason ]

1. Pasting in vim is broken on some terminal emulators[1]
   Remedy: Declare versioned Breaks against vim-common in ncurses-{base,term}

2. Stack buffer overflow in "tic -I" on crafted input[2]
   Remedy: Cherry-pick upstream fix

3. On i386 and mips64el, libncurses++w.a is not stripped[3]
   Remedy: Strip the file by hand in debian/rules

[ Impact ]

1. On upgrades from Bullseye to Bookworm, if ncurses-base is upgraded
   before vim (which is rather likely without the Breaks), pasting in
   vim is severely broken for some terminal emulators and values of
   $TERM.  One rather popular combination is using tmux and TERM=tmux
   or TERM=tmux-256color.

   For the gory details see #1027435, #1027674[4] and upstream issue
   11766[5] in vim.
  
2. Potentially a security issue, although it requires some cooperation
   by the victim, and the stack protection should prevent worse things
   than a crash.  Several cases of such crash bugs in tic have been
   fixed via point releases in the past.

3. On the affected architectures, several hundred kilobytes are used,
   and the size of libncurses-dev.deb also increases, wasting bandwith.
   Perhaps more importantly, the build becomes unreproducible, a sad
   regression compared to previous Debian releases.

[ Tests ]

1. No tests have been performed yet.  Once ncurses 6.4-2 is in unstable
   I intend to test upgrades from Bullseye in a chroot, but real world
   examples with 1000+ installed packages will have to be tested by
   users.

2. The reproducer test given by the upstream bug submitter no longer
   crashes.  The terminfo database in the ncurses-{base,term} packages
   is identical with the 6.4-1 version.

3. The offending file is stripped on i386, and two test builds produced
   identical packages.

[ Risks ]

1. On upgrades from Bullseye, the upgrade of ncurses-base and
   ncurses-term will be delayed.  All reverse dependencies in the archive
   are satisfied with the Bullseye versions, so I do not expect problems.

2. Although the fix is small, it might still contain bugs.  Any damage
   will be limited to the usage of "infocmp -u", "tic -I" and "tic -C"
   (or their aliases infotocap and captoinfo), which are not used very
   often.

3. Although the workaround for debhelper bug #875780[6] is not exactly
   pretty, it should not pose any risks.

[ Checklist ]
  [x] all changes are documented in debian/changelog
  [x] I reviewed all changes and I approve them
  [x] attach the patches applied in git, rather than a debdiff

Thanks for your consideration.
Cheers,
       Sven


1. https://bugs.debian.org/1027435
2. https://bugs.debian.org/1029399
3. https://bugs.debian.org/1029404
4. https://bugs.debian.org/1027674
5. https://github.com/vim/vim/issues/11766
6. https://bugs.debian.org/875780

From 12bb87e58cf0ad787b90281452404a9ee1240244 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Sun, 22 Jan 2023 18:02:59 +0100
Subject: [PATCH 1/3] Add versioned Breaks against vim-common to
 ncurses-{base,term}

Pasting text is broken in older vim versions for some rather popular
terminals and values of $TERM, e.g. in tmux if TERM is set to "tmux"
or "tmux-256color".  To avoid nasty surprises on partial upgrades,
ensure that a fixed vim version is installed along the new terminfo
database.

Closes: #1027435
---
 debian/changelog | 7 +++++++
 debian/control   | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3af8f1e5..fdd6f828 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ncurses (6.4-2) UNRELEASED; urgency=medium
+
+  * Add Breaks against vim-common (<< 2:9.0.1000-2) to ncurses-base
+    and ncurses-term (Closes: #1027435).
+
+ -- Sven Joachim <svenjoac@gmx.de>  Sun, 22 Jan 2023 17:59:41 +0100
+
 ncurses (6.4-1) unstable; urgency=medium
 
   * New upstream release.
diff --git a/debian/control b/debian/control
index 0d2f7af0..fc151b97 100644
--- a/debian/control
+++ b/debian/control
@@ -24,7 +24,7 @@ Provides: ncurses-runtime
 Breaks: libtinfo5 (<< 6.1), libslang2 (<< 2.3.1a-3), libunibilium0 (<< 2),
         libunibilium4 (<< 2.0.0-3), bash-static (<< 4.4.18-1.1),
         zsh-static (<< 5.4.2-4), libmono-corlib4.5-cil (<< 4.6.2.7+dfsg-2),
-        neovim (<< 0.6.0)
+        neovim (<< 0.6.0), vim-common (<< 2:9.0.1000-2)
 Description: basic terminal type definitions
  The ncurses library routines are a terminal-independent method of
  updating character screens with reasonable optimization.
@@ -44,7 +44,7 @@ Replaces: dvtm (<< 0.15-3), alacritty (<< 0.3.4~), jfbterm (<< 0.4.7-10),
 Breaks: libtinfo5 (<< 6.1), libslang2 (<< 2.3.1a-3), libunibilium0 (<< 2),
         libunibilium4 (<< 2.0.0-3), bash-static (<< 4.4.18-1.1),
         zsh-static (<< 5.4.2-4), libmono-corlib4.5-cil (<< 4.6.2.7+dfsg-2),
-        dvtm (<< 0.15-3)
+        dvtm (<< 0.15-3), vim-common (<< 2:9.0.1000-2)
 Description: additional terminal type definitions
  The ncurses library routines are a terminal-independent method of
  updating character screens with reasonable optimization.
-- 
2.39.0

From 6a1c9a57de88d7fae451dbc5ae52e9311cfd18a1 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Sun, 22 Jan 2023 18:32:37 +0100
Subject: [PATCH 2/3] Cherry-pick upstream fix for recently reported tic crash

New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked
from the 20230121 upstream patchlevel: correct limit-check when
dumping tc/use clause via tic -I (report by Gabriel Ravier).

Closes: #1029399
---
 debian/changelog                              |  3 ++
 .../fix_crash_on_very_long_tc-use_clause.diff | 44 +++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 48 insertions(+)
 create mode 100644 debian/patches/fix_crash_on_very_long_tc-use_clause.diff

diff --git a/debian/changelog b/debian/changelog
index fdd6f828..a0b2148d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ ncurses (6.4-2) UNRELEASED; urgency=medium
 
   * Add Breaks against vim-common (<< 2:9.0.1000-2) to ncurses-base
     and ncurses-term (Closes: #1027435).
+  * New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked
+    from the 20230121 patchlevel: correct limit-check when dumping tc/use
+    clause via tic -I (report by Gabriel Ravier, Closes: #1029399).
 
  -- Sven Joachim <svenjoac@gmx.de>  Sun, 22 Jan 2023 17:59:41 +0100
 
diff --git a/debian/patches/fix_crash_on_very_long_tc-use_clause.diff b/debian/patches/fix_crash_on_very_long_tc-use_clause.diff
new file mode 100644
index 00000000..53dd2ae6
--- /dev/null
+++ b/debian/patches/fix_crash_on_very_long_tc-use_clause.diff
@@ -0,0 +1,44 @@
+Author: Sven Joachim <svenjoac@gmx.de>
+Description: Fix tic crash on very long tc/use clauses
+ Correct limit-check when dumping tc/use clause via tic -I (report by
+ Gabriel Ravier), fix cherry-picked from the 20230121 upstream patchlevel.
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-01/msg00035.html
+Bug-Debian: https://bugs.debian.org/1029399
+Forwarded: not-needed
+Last-Update: 2023-01-22
+
+---
+ progs/dump_entry.c |   16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/progs/dump_entry.c
++++ b/progs/dump_entry.c
+@@ -1651,15 +1651,25 @@ dump_entry(TERMTYPE2 *tterm,
+ }
+ 
+ void
+-dump_uses(const char *name, bool infodump)
++dump_uses(const char *value, bool infodump)
+ /* dump "use=" clauses in the appropriate format */
+ {
+-    char buffer[MAX_TERMINFO_LENGTH];
++    char buffer[MAX_TERMINFO_LENGTH + EXTRA_CAP];
++    int limit = (VALID_STRING(value) ? (int) strlen(value) : 0);
++    const char *cap = infodump ? "use" : "tc";
+ 
+     if (TcOutput())
+ 	trim_trailing();
++    if (limit == 0) {
++	_nc_warning("empty \"%s\" field", cap);
++	value = "";
++    } else if (limit > MAX_ALIAS) {
++	_nc_warning("\"%s\" field too long (%d), limit to %d",
++		    cap, limit, MAX_ALIAS);
++	limit = MAX_ALIAS;
++    }
+     _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
+-		"%s%s", infodump ? "use=" : "tc=", name);
++		"%s=%.*s", cap, limit, value);
+     wrap_concat1(buffer);
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 1f28dda7..565d676e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02-debian-backspace.diff
 02-debian-xterm.diff
 03-debian-ncursesconfig-omit-L.diff
+fix_crash_on_very_long_tc-use_clause.diff
-- 
2.39.0

From af4606ad8f0ac69e9b6ed3c00f10acfbd103cdb2 Mon Sep 17 00:00:00 2001
From: Sven Joachim <svenjoac@gmx.de>
Date: Sun, 22 Jan 2023 19:37:18 +0100
Subject: [PATCH 3/3] Work around dh_strip bug #875780

Unfortunately perl's -B check fails to recognize libncurses++w.a as a
binary file on at least two architectures.  Work around that by
stripping the file manually, using the same options as dh_strip (as of
debhelper 13.11.4).

Closes: #1029404
---
 debian/changelog | 2 ++
 debian/rules     | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index a0b2148d..2820260f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ ncurses (6.4-2) UNRELEASED; urgency=medium
   * New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked
     from the 20230121 patchlevel: correct limit-check when dumping tc/use
     clause via tic -I (report by Gabriel Ravier, Closes: #1029399).
+  * Work around dh_strip bug #875780 by stripping libncurses++w.a manually
+    (Closes: #1029404).
 
  -- Sven Joachim <svenjoac@gmx.de>  Sun, 22 Jan 2023 17:59:41 +0100
 
diff --git a/debian/rules b/debian/rules
index 2dd9f915..870ff74e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -20,11 +20,18 @@ include /usr/share/dpkg/architecture.mk
 ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
 HOST_CC ?= $(DEB_HOST_GNU_TYPE)-gcc
 HOST_CXX ?= $(DEB_HOST_GNU_TYPE)-g++
+STRIP = $(DEB_HOST_GNU_TYPE)-strip
 else
 HOST_CC ?= gcc
 HOST_CXX ?= g++
+STRIP = strip
 endif
 
+STRIP_OPTIONS = --strip-debug --remove-section=.comment \
+		--remove-section=.note --enable-deterministic-archives \
+		-R .gnu.lto_* -R .gnu.debuglto_* \
+		-N __gnu_lto_slim -N __gnu_lto_v1
+
 # These are important since this is a library package
 soname=6
 sodepver = (>= 6.3+20220423)
@@ -503,6 +510,8 @@ endif
 	# Strip the packages, shipping detached debugging symbols.
 	dh_dwz -a
 	dh_strip -a
+	# Fugly workaround for dh_strip bug #875780
+	$(STRIP) $(STRIP_OPTIONS) debian/libncurses-dev/usr/lib/$(DEB_HOST_MULTIARCH)/libncurses++w.a
 	dh_lintian -a
 	dh_link -a
 	dh_compress -p$(package-examples) usr/libexec/ncurses-examples/README
-- 
2.39.0

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Processed: [pre-approval] unblock: ncurses/6.4-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1029525: [pre-approval] unblock: ncurses/6.4-2
  - From: Paul Gevers <elbrus@debian.org>
- Processed: Re: Bug#1029525: [pre-approval] unblock: ncurses/6.4-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1029525: marked as done ([pre-approval] unblock: ncurses/6.4-2)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: [pre-approval] unblock: ncurses/6.4-2
Next by Date: Bug#1029525: [pre-approval] unblock: ncurses/6.4-2
Previous by thread: Bug#1029491: marked as done (unblock: steam-installer/1:1.0.0.75+ds-4)
Next by thread: Processed: [pre-approval] unblock: ncurses/6.4-2
Index(es):
- Date
- Thread