summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHitendra Prajapati <hprajapati@mvista.com>2023-04-20 12:25:02 +0530
committerSteve Sakoman <steve@sakoman.com>2023-04-26 04:19:06 -1000
commit51a1d78e2af26be39587f29c3d169a35a7ae150e (patch)
treee1928e0d33c1383315811e4408ba7ca1e4d92dfd
parente610a24db73225d039ac7140cb7d58835cc6b2fd (diff)
downloadpoky-51a1d78e2af26be39587f29c3d169a35a7ae150e.tar.gz
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 (From OE-Core rev: d1f99b928b0a57bec879dde1b1b94c3c09286ea0) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-extended/screen/screen/CVE-2023-24626.patch40
-rw-r--r--meta/recipes-extended/screen/screen_4.8.0.bb1
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-extended/screen/screen/CVE-2023-24626.patch b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch
new file mode 100644
index 0000000000..73caf9d81b
--- /dev/null
+++ b/meta/recipes-extended/screen/screen/CVE-2023-24626.patch
@@ -0,0 +1,40 @@
1From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
2From: Alexander Naumov <alexander_naumov@opensuse.org>
3Date: Mon, 30 Jan 2023 17:22:25 +0200
4Subject: fix: missing signal sending permission check on failed query messages
5
6Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
7
8CVE: CVE-2023-24626
9Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7]
10Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
11---
12 socket.c | 9 +++++++--
13 1 file changed, 7 insertions(+), 2 deletions(-)
14
15diff --git a/socket.c b/socket.c
16index bb68b35..9d87445 100644
17--- a/socket.c
18+++ b/socket.c
19@@ -1285,11 +1285,16 @@ ReceiveMsg()
20 else
21 queryflag = -1;
22
23- Kill(m.m.command.apid,
24+ if (CheckPid(m.m.command.apid)) {
25+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
26+ }
27+ else {
28+ Kill(m.m.command.apid,
29 (queryflag >= 0)
30 ? SIGCONT
31 : SIG_BYE); /* Send SIG_BYE if an error happened */
32- queryflag = -1;
33+ queryflag = -1;
34+ }
35 }
36 break;
37 case MSG_COMMAND:
38--
392.25.1
40
diff --git a/meta/recipes-extended/screen/screen_4.8.0.bb b/meta/recipes-extended/screen/screen_4.8.0.bb
index fe640c262b..c4faa27023 100644
--- a/meta/recipes-extended/screen/screen_4.8.0.bb
+++ b/meta/recipes-extended/screen/screen_4.8.0.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
22 file://0001-fix-for-multijob-build.patch \ 22 file://0001-fix-for-multijob-build.patch \
23 file://0001-Remove-more-compatibility-stuff.patch \ 23 file://0001-Remove-more-compatibility-stuff.patch \
24 file://CVE-2021-26937.patch \ 24 file://CVE-2021-26937.patch \
25 file://CVE-2023-24626.patch \
25 " 26 "
26 27
27SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e" 28SRC_URI[md5sum] = "d276213d3acd10339cd37848b8c4ab1e"