TL;DR: please review, test and possibly help fixing packages that will break with ncurses-6.3
update.
- PRs to review: ncurses: 6.2 -> 6.3 by trofi · Pull Request #146685 · NixOS/nixpkgs · GitHub
- Broken packages to fix: ncurses: 6.2 -> 6.3 by trofi · Pull Request #146685 · NixOS/nixpkgs · GitHub
The chances are we will have tens of broken packages. Worth doing a hydra run against ncurses-6.3
bump alone?
Long mode:
You might have notices a PR or two dealing with ncurses-6.3
related changes where format string is tweaked: Pull requests · NixOS/nixpkgs · GitHub
ncuses-6.3
added printf-style function attributes and now makes it easier to catch cases when user input is used in place of format string when built with CFLAGS=-Werror=format-security
. The typical build failure looks like:
ui/curses.c:765:42:
error: format not a string literal and no format arguments [-Werror=format-security]
765 | mvprintw(rowstat - 1, startstat, msg);
| ^~~
And the typical fix (from ui/curses: always use "%s"-style format for printf()-style functions by trofi · Pull Request #411 · traviscross/mtr · GitHub) is:
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -432,7 +432,7 @@ static void mtr_curses_hosts(
attron(A_BOLD);
#ifdef HAVE_IPINFO
if (is_printii(ctl))
- printw(fmt_ipinfo(ctl, addr));
+ printw("%s", fmt_ipinfo(ctl, addr));
#endif
if (name != NULL) {
if (ctl->show_ips)
If you are curious to give it a try you can do a trivial update locally and check what fails for you. Example update: ncurses: 6.2 -> 6.3 by trofi · Pull Request #146685 · NixOS/nixpkgs · GitHub
Thanks!