-
-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ncurses: 6.1 -> 6.1-20181027 #49859
ncurses: 6.1 -> 6.1-20181027 #49859
Conversation
This includes fixes for CVE-2018-10754. While we're changing things, also set the `--with-manpage-format=normal` configure flag, which prevents the `configure` script from looking in /usr to determine whether to compress manpages. This was already the format on NixOS (where these directories don't exist), but making this explicit makes the build more reproducible on other distros.
The changelog between 20180127 (release 6.1) and 20181027 is quite big. I'm not sure I would rely on the latest dev snapshot for such a system lib. Instead it would be safer to 👍 for the manpage flag |
@c0bw3b - Yeah, I tried to apply just that patch, but the ncurses patches have a
The 11 patches that we'd need to apply are:
|
I personally prefer (and have been using in ALLVM) the simplicity of using ncurses devel snapshots. FWIW there's a new version (the changes are particularly minor: https://invisible-island.net/ncurses/NEWS.html#index-t20181110 ). I think this is different than the usual "developer snapshot" in that:
Personally I think these are safer than many official releases for other projects, but this project is both critical for basic usability and used directly or transitively by basically everything, so maybe that's just the higher baseline professionalism expected from such a project. I certainly appreciate and approve of being conservative here, just where to draw the line seems less clear. If nothing else we can't be updating weekly or we'd never get anything done other than rebuilding last week's upgrade just in time to start building it all again :P. |
Ok thanks for the experience feedback @dtzWill And in Nix/NixOS it has been done before in the 6.0 branch ( #28334 or fea02e3 ) @andrew-d ignore my previous comment, no good reasons to be too conservative here. |
Ok, someone with write access going to merge this now? |
@GrahamcOfBorg build ncurses |
Success on aarch64-linux (full log) Attempted: ncurses Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: ncurses Partial log (click to expand)
|
Motivation for this change
This includes fixes for CVE-2018-10754 (ref #49787).
While we're changing things, also set the
--with-manpage-format=normal
configure flag, which prevents theconfigure
script from looking in/usr
to determine whether to compress manpages. This was already the format on NixOS (where these directories don't exist), but making this explicit makes the build more reproducible on other distros.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)cc @wkennington (ncurses maintainer)