Upgrade screen 4.9.0 -> 4.9.1 to address CVE-2023-24626 (#6147)
- screen: refresh patches - screen: lint spec Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
This commit is contained in:
parent
bd5afe0c94
commit
6d9a611aed
|
@ -1,15 +1,35 @@
|
|||
check crypt output (rhbz#815605)
|
||||
From de1b63fabfb353f24910da2673e348c731c623b5 Mon Sep 17 00:00:00 2001
|
||||
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
Date: Sat, 2 Sep 2023 10:32:36 +0530
|
||||
Subject: [PATCH 5/5] check crypt output (rhbz#815605)
|
||||
|
||||
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
---
|
||||
misc.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/misc.c b/misc.c
|
||||
index 2022a06..235c82f 100644
|
||||
index 95093a9..bd5a050 100644
|
||||
--- a/misc.c
|
||||
+++ b/misc.c
|
||||
@@ -57,6 +57,8 @@ register const char *str;
|
||||
@@ -68,11 +68,13 @@ SaveStr(register const char *str)
|
||||
char *
|
||||
SaveStrn(register const char *str, int n)
|
||||
{
|
||||
register char *cp;
|
||||
- register char *cp;
|
||||
+ register char *cp;
|
||||
|
||||
- if ((cp = malloc(n + 1)) == NULL)
|
||||
- Panic(0, "%s", strnomem);
|
||||
- else {
|
||||
+ if(str == NULL)
|
||||
+ Panic(0, "SaveStr() received NULL - possibly failed crypt()");
|
||||
if ((cp = malloc(strlen(str) + 1)) == NULL)
|
||||
Panic(0, "%s", strnomem);
|
||||
else
|
||||
+ if ((cp = malloc(strlen(str) + 1)) == NULL)
|
||||
+ Panic(0, "%s", strnomem);
|
||||
+ else {
|
||||
bcopy((char *)str, cp, n);
|
||||
cp[n] = 0;
|
||||
}
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
|
|
@ -1,8 +1,18 @@
|
|||
From 6ec99107916b9d7b6486ea5fadbd8071eef1388f Mon Sep 17 00:00:00 2001
|
||||
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
Date: Sat, 2 Sep 2023 10:26:24 +0530
|
||||
Subject: [PATCH 1/5] patch1
|
||||
|
||||
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
---
|
||||
configure.ac | 18 +++++-------------
|
||||
1 file changed, 5 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index c0f02df..b76c8f5 100644
|
||||
index 1a12c04..5b3a883 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -188,7 +188,8 @@ AC_EGREP_CPP(yes,
|
||||
@@ -189,7 +189,8 @@ AC_EGREP_CPP(yes,
|
||||
], AC_NOTE(- you have a SVR4 system) AC_DEFINE(SVR4) svr4=1)
|
||||
if test -n "$svr4" ; then
|
||||
oldlibs="$LIBS"
|
||||
|
@ -10,17 +20,20 @@ index c0f02df..b76c8f5 100644
|
|||
+# Humm we don't actually need to link against libelf for Linux
|
||||
+LIBS="$LIBS"
|
||||
AC_CHECKING(SVR4)
|
||||
AC_TRY_LINK([#include <utmpx.h>
|
||||
AC_TRY_LINK([
|
||||
#include <utmpx.h>
|
||||
@@ -669,17 +670,13 @@ AC_TRY_LINK([
|
||||
tgetent((char *)0, (char *)0);
|
||||
],,
|
||||
@@ -626,14 +627,10 @@ dnl
|
||||
AC_CHECKING(for tgetent)
|
||||
AC_TRY_LINK(,tgetent((char *)0, (char *)0);,,
|
||||
olibs="$LIBS"
|
||||
-LIBS="-lcurses $olibs"
|
||||
-AC_CHECKING(libcurses)
|
||||
+LIBS="-ltinfo $olibs"
|
||||
+AC_CHECKING(libtinfo)
|
||||
AC_TRY_LINK(,[
|
||||
AC_TRY_LINK([
|
||||
#include <curses.h>
|
||||
#include <term.h>
|
||||
],[
|
||||
-#ifdef __hpux
|
||||
-__sorry_hpux_libcurses_is_totally_broken_in_10_10();
|
||||
-#else
|
||||
|
@ -29,16 +42,16 @@ index c0f02df..b76c8f5 100644
|
|||
],,
|
||||
LIBS="-ltermcap $olibs"
|
||||
AC_CHECKING(libtermcap)
|
||||
@@ -658,7 +655,7 @@ AC_MSG_ERROR(!!! no tgetent - no screen)))))))))
|
||||
AC_TRY_RUN([
|
||||
@@ -739,7 +736,7 @@ AC_TRY_RUN([
|
||||
int
|
||||
main()
|
||||
{
|
||||
- exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
|
||||
- return(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
|
||||
+ return 1;
|
||||
}], AC_NOTE(- you use the termcap database),
|
||||
AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO),
|
||||
AC_NOTE(- skipping check because we are cross compiling; assuming terminfo database is used) AC_DEFINE(TERMINFO))
|
||||
@@ -864,11 +861,6 @@ fi
|
||||
@@ -953,11 +950,6 @@ fi
|
||||
dnl
|
||||
dnl **** loadav ****
|
||||
dnl
|
||||
|
@ -49,4 +62,8 @@ index c0f02df..b76c8f5 100644
|
|||
-fi
|
||||
|
||||
AC_CHECKING(getloadavg)
|
||||
AC_TRY_LINK(,[getloadavg((double *)0, 0);],
|
||||
AC_TRY_LINK([
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,18 @@
|
|||
diff -up screen-4.0.3/etc/etcscreenrc.screenrc screen-4.0.3/etc/etcscreenrc
|
||||
--- screen-4.0.3/etc/etcscreenrc.screenrc 2003-12-05 14:46:13.000000000 +0100
|
||||
+++ screen-4.0.3/etc/etcscreenrc 2009-09-25 14:20:31.000000000 +0200
|
||||
From 6470f541ed0877c0f82d59da351e636cfdf94c74 Mon Sep 17 00:00:00 2001
|
||||
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
Date: Sat, 2 Sep 2023 10:27:42 +0530
|
||||
Subject: [PATCH 2/5] patch2
|
||||
|
||||
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
---
|
||||
etc/etcscreenrc | 12 ++++-----
|
||||
etc/screenrc | 65 +++++++++++++------------------------------------
|
||||
2 files changed, 23 insertions(+), 54 deletions(-)
|
||||
|
||||
diff --git a/etc/etcscreenrc b/etc/etcscreenrc
|
||||
index a51d64a..9235e27 100644
|
||||
--- a/etc/etcscreenrc
|
||||
+++ b/etc/etcscreenrc
|
||||
@@ -36,8 +36,8 @@ vbell_msg " Wuff ---- Wuff!! "
|
||||
# IC insert multiple chars
|
||||
# nx terminal uses xon/xoff
|
||||
|
@ -12,7 +24,7 @@ diff -up screen-4.0.3/etc/etcscreenrc.screenrc screen-4.0.3/etc/etcscreenrc
|
|||
|
||||
#the vt100 description does not mention "dl". *sigh*
|
||||
termcap vt100 dl=5\E[M
|
||||
@@ -55,15 +55,15 @@ terminfo sun 'up=^K:AL=\E[%p1%dL:DL=\E[%
|
||||
@@ -55,15 +55,15 @@ terminfo sun 'up=^K:AL=\E[%p1%dL:DL=\E[%p1%dM:UP=\E[%p1%dA:DO=\E[%p1%dB:LE=\E[%p
|
||||
#xterm understands both im/ic and doesn't have a status line.
|
||||
#Note: Do not specify im and ic in the real termcap/info file as
|
||||
#some programs (e.g. vi) will (no,no, may (jw)) not work anymore.
|
||||
|
@ -32,9 +44,10 @@ diff -up screen-4.0.3/etc/etcscreenrc.screenrc screen-4.0.3/etc/etcscreenrc
|
|||
|
||||
#
|
||||
# Do not use xterms alternate window buffer.
|
||||
diff -up screen-4.0.3/etc/screenrc.screenrc screen-4.0.3/etc/screenrc
|
||||
--- screen-4.0.3/etc/screenrc.screenrc 2006-10-23 15:06:32.000000000 +0200
|
||||
+++ screen-4.0.3/etc/screenrc 2009-09-25 14:31:30.000000000 +0200
|
||||
diff --git a/etc/screenrc b/etc/screenrc
|
||||
index ca6561d..2dffb38 100644
|
||||
--- a/etc/screenrc
|
||||
+++ b/etc/screenrc
|
||||
@@ -1,21 +1,11 @@
|
||||
-#
|
||||
-# Example of a user's .screenrc file
|
||||
|
@ -155,3 +168,6 @@ diff -up screen-4.0.3/etc/screenrc.screenrc screen-4.0.3/etc/screenrc
|
|||
# bind = resize =
|
||||
# bind + resize +1
|
||||
# bind - resize -1
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
|
|
@ -1,10 +1,17 @@
|
|||
Author: Loic Minier <lool@dooz.org>
|
||||
Description: Unbreak several useful keybindings.
|
||||
From 729f1df0fcf8165dfc557b00c06fd47e57955149 Mon Sep 17 00:00:00 2001
|
||||
From: Loic Minier <lool@dooz.org>
|
||||
Date: Sat, 2 Sep 2023 10:29:02 +0530
|
||||
Subject: [PATCH 4/5] Unbreak several useful keybindings.
|
||||
|
||||
fix for nonworking ^a backspace (rhbz#708698)
|
||||
|
||||
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
---
|
||||
termcap.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/termcap.c b/termcap.c
|
||||
index 26cba62..ed9e838 100644
|
||||
index 26c8f5a..29684cf 100644
|
||||
--- a/termcap.c
|
||||
+++ b/termcap.c
|
||||
@@ -553,8 +553,6 @@ int map;
|
||||
|
@ -16,3 +23,6 @@ index 26cba62..ed9e838 100644
|
|||
if (map == 0 && domap)
|
||||
return 0;
|
||||
if (map && !domap)
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
diff -urNp a/braille_tsi.c b/braille_tsi.c
|
||||
--- a/braille_tsi.c 2022-03-08 13:31:31.054957126 +0100
|
||||
+++ b/braille_tsi.c 2022-03-08 13:32:02.888173116 +0100
|
||||
@@ -49,7 +49,7 @@ static int tsi_line_type; /* indicates
|
||||
|
||||
static int display_status_tsi __P((void));
|
||||
static int write_line_tsi __P((char*, int, int));
|
||||
-static void buttonpress_tsi __P((structkey2rc*));
|
||||
+static void buttonpress_tsi __P((struct key2rc*));
|
||||
static void buttonpress_navigator_40 __P((void));
|
||||
static void buttonpress_powerbraille_40 __P((void));
|
||||
static void buttonpress_powerbraille_80 __P((void));
|
|
@ -1,15 +1,27 @@
|
|||
Clear scrollback buffer when locking terminal
|
||||
From 036bf692ea8c4e821a8af8bff8304e683c06ffa4 Mon Sep 17 00:00:00 2001
|
||||
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
Date: Sat, 2 Sep 2023 10:28:37 +0530
|
||||
Subject: [PATCH 3/5] Clear scrollback buffer when locking terminal
|
||||
|
||||
Linux kernel 3.0 adds a new command to clear the scrollback buffer in
|
||||
the linux console. It's available in the ncurses terminfo entry as
|
||||
extended capability E3. This is useful to prevent an attacker to read
|
||||
content of a locked terminal via Shift-PgUp key.
|
||||
|
||||
|
||||
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
---
|
||||
display.c | 6 ++++++
|
||||
extern.h | 1 +
|
||||
screen.c | 1 +
|
||||
term.c | 1 +
|
||||
4 files changed, 9 insertions(+)
|
||||
|
||||
diff --git a/display.c b/display.c
|
||||
index d0ed6a4..7b534c0 100644
|
||||
index a1afbe6..1c56b3e 100644
|
||||
--- a/display.c
|
||||
+++ b/display.c
|
||||
@@ -4079,4 +4079,10 @@ char **cmdv;
|
||||
@@ -4080,4 +4080,10 @@ char **cmdv;
|
||||
|
||||
#endif /* BLANKER_PRG */
|
||||
|
||||
|
@ -33,10 +45,10 @@ index d4e57df..4564581 100644
|
|||
/* resize.c */
|
||||
extern int ChangeWindowSize __P((struct win *, int, int, int));
|
||||
diff --git a/screen.c b/screen.c
|
||||
index 7dcb9af..c934d75 100644
|
||||
index 7653cd1..85d52ac 100644
|
||||
--- a/screen.c
|
||||
+++ b/screen.c
|
||||
@@ -1952,6 +1952,7 @@ void Detach(int mode)
|
||||
@@ -1970,6 +1970,7 @@ void Detach(int mode)
|
||||
|
||||
case D_LOCK:
|
||||
ClearAll();
|
||||
|
@ -56,3 +68,6 @@ index c7a13c9..f49b3a7 100644
|
|||
|
||||
/* initialise */
|
||||
{ "is", T_STR },
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"Signatures": {
|
||||
"screen.pam": "0efded3536f5803b583f9101ced3d5e9987476c0cb3596fe19d8c8084553ba3f",
|
||||
"screen-4.9.0.tar.gz": "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"
|
||||
"screen-4.9.1.tar.gz": "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
|
||||
}
|
||||
}
|
|
@ -1,29 +1,31 @@
|
|||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
%bcond_with multiuser
|
||||
%global _hardened_build 1
|
||||
|
||||
Summary: A screen manager that supports multiple logins on one terminal
|
||||
Name: screen
|
||||
Version: 4.9.0
|
||||
Version: 4.9.1
|
||||
Release: 1%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/screen
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
BuildRequires: ncurses-devel pam-devel libutempter-devel autoconf texinfo
|
||||
BuildRequires: automake gcc
|
||||
# for %%_tmpfilesdir macro
|
||||
BuildRequires: systemd
|
||||
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
URL: https://www.gnu.org/software/screen
|
||||
Source0: https://ftp.gnu.org/gnu/screen/screen-%{version}.tar.gz
|
||||
Source1: screen.pam
|
||||
|
||||
Patch1: screen-4.3.1-libs.patch
|
||||
Patch2: screen-4.3.1-screenrc.patch
|
||||
Patch3: screen-E3.patch
|
||||
Patch4: screen-4.3.1-suppress_remap.patch
|
||||
Patch5: screen-4.3.1-crypt.patch
|
||||
Patch6: screen-4.9.0-braille.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libutempter-devel
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: pam-devel
|
||||
# for %%_tmpfilesdir macro
|
||||
BuildRequires: systemd
|
||||
BuildRequires: texinfo
|
||||
Requires(pre): %{_sbindir}/groupadd
|
||||
|
||||
%description
|
||||
The screen utility allows you to have multiple logins on just one
|
||||
|
@ -34,7 +36,6 @@ login.
|
|||
Install the screen package if you need a screen manager that can
|
||||
support multiple logins on one terminal.
|
||||
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
|
@ -55,7 +56,7 @@ autoreconf -i
|
|||
# We would like to have braille support.
|
||||
sed -i -e 's/.*#.*undef.*HAVE_BRAILLE.*/#define HAVE_BRAILLE 1/;' config.h
|
||||
|
||||
sed -i -e 's/\(\/usr\)\?\/local\/etc/\/etc/g;' doc/screen.{1,texinfo}
|
||||
sed -i -e 's/\(\/usr\)\?\/local\%{_sysconfdir}/\%{_sysconfdir}/g;' doc/screen.{1,texinfo}
|
||||
|
||||
for i in doc/screen.texinfo; do
|
||||
iconv -f iso8859-1 -t utf-8 < $i > $i.utf8 && mv -f ${i}{.utf8,}
|
||||
|
@ -67,23 +68,23 @@ rm -f doc/screen.info*
|
|||
make
|
||||
|
||||
%install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
mv -f $RPM_BUILD_ROOT%{_bindir}/screen{-%{version},}
|
||||
make install DESTDIR=%{buildroot}
|
||||
mv -f %{buildroot}%{_bindir}/screen{-%{version},}
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
|
||||
install -m 0644 etc/etcscreenrc $RPM_BUILD_ROOT%{_sysconfdir}/screenrc
|
||||
cat etc/screenrc >> $RPM_BUILD_ROOT%{_sysconfdir}/screenrc
|
||||
mkdir -p %{buildroot}%{_sysconfdir}
|
||||
install -m 0644 etc/etcscreenrc %{buildroot}%{_sysconfdir}/screenrc
|
||||
cat etc/screenrc >> %{buildroot}%{_sysconfdir}/screenrc
|
||||
|
||||
# Better not forget to copy the pam file around
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
|
||||
install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/screen
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
|
||||
install -p -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/screen
|
||||
|
||||
# Create the socket dir
|
||||
mkdir -p $RPM_BUILD_ROOT%{_rundir}/screen
|
||||
mkdir -p %{buildroot}%{_rundir}/screen
|
||||
|
||||
# And tell systemd to recreate it on start with tmpfs
|
||||
mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir}
|
||||
cat <<EOF > $RPM_BUILD_ROOT%{_tmpfilesdir}/screen.conf
|
||||
mkdir -p %{buildroot}%{_tmpfilesdir}
|
||||
cat <<EOF > %{buildroot}%{_tmpfilesdir}/screen.conf
|
||||
# screen needs directory in /run
|
||||
%if %{with multiuser}
|
||||
d %{_rundir}/screen 0755 root root
|
||||
|
@ -93,10 +94,10 @@ d %{_rundir}/screen 0775 root screen
|
|||
EOF
|
||||
|
||||
# Remove files from the buildroot which we don't want packaged
|
||||
rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
||||
rm -f %{buildroot}%{_infodir}/dir
|
||||
|
||||
%pre
|
||||
/usr/sbin/groupadd -g 84 -r -f screen
|
||||
%{_sbindir}/groupadd -g 84 -r -f screen
|
||||
:
|
||||
|
||||
%files
|
||||
|
@ -117,6 +118,10 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Aug 31 2023 Muhammad Falak <mwani@microsoft.com> - 4.9.1-1
|
||||
- Upgrade version to adress CVE-2021-20230
|
||||
- Lint spec
|
||||
|
||||
* Wed Nov 09 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 4.9.0-1
|
||||
- Auto-upgrade to 4.9.0 - CVE-2021-26937
|
||||
|
||||
|
|
|
@ -27335,8 +27335,8 @@
|
|||
"type": "other",
|
||||
"other": {
|
||||
"name": "screen",
|
||||
"version": "4.9.0",
|
||||
"downloadUrl": "https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz"
|
||||
"version": "4.9.1",
|
||||
"downloadUrl": "https://ftp.gnu.org/gnu/screen/screen-4.9.1.tar.gz"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -30807,4 +30807,4 @@
|
|||
}
|
||||
],
|
||||
"Version": 1
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue