Uncoming ncurses 6.2 -> 6.3 update

TL;DR: please review, test and possibly help fixing packages that will break with ncurses-6.3 update.

The chances are we will have tens of broken packages. Worth doing a hydra run against ncurses-6.3 bump alone?

Long mode:

You might have notices a PR or two dealing with ncurses-6.3 related changes where format string is tweaked: Pull requests · NixOS/nixpkgs · GitHub

ncuses-6.3 added printf-style function attributes and now makes it easier to catch cases when user input is used in place of format string when built with CFLAGS=-Werror=format-security. The typical build failure looks like:

  ui/curses.c:765:42:
    error: format not a string literal and no format arguments [-Werror=format-security]
    765 |         mvprintw(rowstat - 1, startstat, msg);
        |                                          ^~~

And the typical fix (from ui/curses: always use "%s"-style format for printf()-style functions by trofi · Pull Request #411 · traviscross/mtr · GitHub) is:

--- a/ui/curses.c
+++ b/ui/curses.c
@@ -432,7 +432,7 @@ static void mtr_curses_hosts(
                 attron(A_BOLD);
 #ifdef HAVE_IPINFO
             if (is_printii(ctl))
-                printw(fmt_ipinfo(ctl, addr));
+                printw("%s", fmt_ipinfo(ctl, addr));
 #endif
             if (name != NULL) {
                 if (ctl->show_ips)

If you are curious to give it a try you can do a trivial update locally and check what fails for you. Example update: ncurses: 6.2 -> 6.3 by trofi · Pull Request #146685 · NixOS/nixpkgs · GitHub

Thanks!

5 Likes
Hosted by Flying Circus.