From 227b06eefa1044badf471970f56bd7f6b4745117 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Sun, 17 Sep 2023 11:38:56 +0200 Subject: screen: update 4.9.0 -> 4.9.1 * Support stop/parity bits on serial port * Add needed system headers in checks and return values for implicit function declarations * Fixes: - Avoid zombies after shell exit - Missed signal sending permission check on failed query messages (CVE-2023-24626) - manpage fixes - source code fixes during cleanup - UTF-8 encoding can emit invalid UTF-8 sequences for out of range unicode values Remove patches; they are merged upstream or backported. (From OE-Core rev: 224f1929b92b38993e5f50100ce6306f63ee8ade) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 2566f8e51d56848d8b28f37462160e90253b79fc) Signed-off-by: Steve Sakoman --- ...igure-Add-needed-system-headers-in-checks.patch | 151 --------------------- .../screen/screen/signal-permission.patch | 40 ------ meta/recipes-extended/screen/screen_4.9.0.bb | 51 ------- meta/recipes-extended/screen/screen_4.9.1.bb | 49 +++++++ 4 files changed, 49 insertions(+), 242 deletions(-) delete mode 100644 meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch delete mode 100644 meta/recipes-extended/screen/screen/signal-permission.patch delete mode 100644 meta/recipes-extended/screen/screen_4.9.0.bb create mode 100644 meta/recipes-extended/screen/screen_4.9.1.bb diff --git a/meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch b/meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch deleted file mode 100644 index 80659942c7..0000000000 --- a/meta/recipes-extended/screen/screen/0001-configure-Add-needed-system-headers-in-checks.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 4e102de2e6204c1d8e8be00bb5ffd4587e70350c Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 15 Aug 2022 10:35:53 -0700 -Subject: [PATCH] configure: Add needed system headers in checks - -Newer compilers throw warnings when a funciton is used with implicit -declaration and enabling -Werror can silently fail these tests and -result in wrong configure results. Therefore add the needed headers in -the AC_TRY_LINK macros - - * configure.ac: Add missing system headers in AC_TRY_LINK. - -Upstream-Status: Submitted [https://lists.gnu.org/archive/html/screen-devel/2022-08/msg00000.html] -Signed-off-by: Khem Raj ---- - configure.ac | 57 +++++++++++++++++++++++++++++++++++++++------------- - 1 file changed, 43 insertions(+), 14 deletions(-) - -diff --git a/configure.ac b/configure.ac -index c0f02df..d308079 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -233,6 +233,7 @@ AC_CHECKING(BSD job jontrol) - AC_TRY_LINK( - [#include - #include -+#include - ], [ - #ifdef POSIX - tcsetpgrp(0, 0); -@@ -250,12 +251,16 @@ dnl - dnl **** setresuid(), setreuid(), seteuid() **** - dnl - AC_CHECKING(setresuid) --AC_TRY_LINK(,[ --setresuid(0, 0, 0); -+AC_TRY_LINK([ -+#include -+],[ -+return setresuid(0, 0, 0); - ], AC_DEFINE(HAVE_SETRESUID)) - AC_CHECKING(setreuid) --AC_TRY_LINK(,[ --setreuid(0, 0); -+AC_TRY_LINK([ -+#include -+],[ -+return setreuid(0, 0); - ], AC_DEFINE(HAVE_SETREUID)) - dnl - dnl seteuid() check: -@@ -274,7 +279,9 @@ seteuid(0); - - dnl execvpe - AC_CHECKING(execvpe) --AC_TRY_LINK(,[ -+AC_TRY_LINK([ -+ #include -+],[ - execvpe(0, 0, 0); - ], AC_DEFINE(HAVE_EXECVPE) - CFLAGS="$CFLAGS -D_GNU_SOURCE") -@@ -284,10 +291,18 @@ dnl **** select() **** - dnl - - AC_CHECKING(select) --AC_TRY_LINK(,[select(0, 0, 0, 0, 0);],, -+AC_TRY_LINK([ -+ #include -+],[ -+ select(0, 0, 0, 0, 0); -+],, - LIBS="$LIBS -lnet -lnsl" - AC_CHECKING(select with $LIBS) --AC_TRY_LINK(,[select(0, 0, 0, 0, 0);],, -+AC_TRY_LINK([ -+ #include -+],[ -+ select(0, 0, 0, 0, 0); -+],, - AC_MSG_ERROR(!!! no select - no screen)) - ) - dnl -@@ -624,11 +639,19 @@ dnl - dnl **** termcap or terminfo **** - dnl - AC_CHECKING(for tgetent) --AC_TRY_LINK(,tgetent((char *)0, (char *)0);,, -+AC_TRY_LINK([ -+ #include -+ #include -+],[ -+ tgetent((char *)0, (char *)0); -+],, - olibs="$LIBS" - LIBS="-lcurses $olibs" - AC_CHECKING(libcurses) --AC_TRY_LINK(,[ -+AC_TRY_LINK([ -+ #include -+ #include -+],[ - #ifdef __hpux - __sorry_hpux_libcurses_is_totally_broken_in_10_10(); - #else -@@ -871,7 +894,7 @@ test -f /usr/lib/libutil.a && LIBS="$LIBS -lutil" - fi - - AC_CHECKING(getloadavg) --AC_TRY_LINK(,[getloadavg((double *)0, 0);], -+AC_TRY_LINK([#include ],[getloadavg((double *)0, 0);], - AC_DEFINE(LOADAV_GETLOADAVG) load=1, - if test "$cross_compiling" = no && test -f /usr/lib/libkvm.a ; then - olibs="$LIBS" -@@ -1109,10 +1132,10 @@ AC_CHECKING(IRIX sun library) - AC_TRY_LINK(,,,LIBS="$oldlibs") - - AC_CHECKING(syslog) --AC_TRY_LINK(,[closelog();], , [oldlibs="$LIBS" -+AC_TRY_LINK([#include ],[closelog();], , [oldlibs="$LIBS" - LIBS="$LIBS -lbsd" - AC_CHECKING(syslog in libbsd.a) --AC_TRY_LINK(, [closelog();], AC_NOTE(- found.), [LIBS="$oldlibs" -+AC_TRY_LINK([#include ], [closelog();], AC_NOTE(- found.), [LIBS="$oldlibs" - AC_NOTE(- bad news: syslog missing.) AC_DEFINE(NOSYSLOG)])]) - - AC_EGREP_CPP(YES_IS_DEFINED, -@@ -1149,7 +1172,7 @@ AC_CHECKING(getspnam) - AC_TRY_LINK([#include ], [getspnam("x");],AC_DEFINE(SHADOWPW)) - - AC_CHECKING(getttyent) --AC_TRY_LINK(,[getttyent();], AC_DEFINE(GETTTYENT)) -+AC_TRY_LINK([#include ],[getttyent();], AC_DEFINE(GETTTYENT)) - - AC_CHECKING(fdwalk) - AC_TRY_LINK([#include ], [fdwalk(NULL, NULL);],AC_DEFINE(HAVE_FDWALK)) -@@ -1204,7 +1227,13 @@ main() { - AC_SYS_LONG_FILE_NAMES - - AC_MSG_CHECKING(for vsprintf) --AC_TRY_LINK([#include ],[va_list valist; vsprintf(0,0,valist);], AC_MSG_RESULT(yes);AC_DEFINE(USEVARARGS), AC_MSG_RESULT(no)) -+AC_TRY_LINK([ -+ #include -+ #include -+],[ -+ va_list valist; -+ vsprintf(0,0,valist); -+], AC_MSG_RESULT(yes);AC_DEFINE(USEVARARGS), AC_MSG_RESULT(no)) - - AC_HEADER_DIRENT - diff --git a/meta/recipes-extended/screen/screen/signal-permission.patch b/meta/recipes-extended/screen/screen/signal-permission.patch deleted file mode 100644 index 77dc649090..0000000000 --- a/meta/recipes-extended/screen/screen/signal-permission.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001 -From: Alexander Naumov -Date: Mon, 30 Jan 2023 17:22:25 +0200 -Subject: fix: missing signal sending permission check on failed query messages - -Signed-off-by: Alexander Naumov - -CVE: CVE-2023-24626 -Upstream-Status: Backport -Signed-off-by: Ross Burton ---- - src/socket.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/socket.c b/src/socket.c -index 147dc54..54d8cb8 100644 ---- a/socket.c -+++ b/socket.c -@@ -1285,11 +1285,16 @@ ReceiveMsg() - else - queryflag = -1; - -- Kill(m.m.command.apid, -+ if (CheckPid(m.m.command.apid)) { -+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid); -+ } -+ else { -+ Kill(m.m.command.apid, - (queryflag >= 0) - ? SIGCONT - : SIG_BYE); /* Send SIG_BYE if an error happened */ -- queryflag = -1; -+ queryflag = -1; -+ } - } - break; - case MSG_COMMAND: --- -cgit v1.1 - diff --git a/meta/recipes-extended/screen/screen_4.9.0.bb b/meta/recipes-extended/screen/screen_4.9.0.bb deleted file mode 100644 index 235cd8c6cf..0000000000 --- a/meta/recipes-extended/screen/screen_4.9.0.bb +++ /dev/null @@ -1,51 +0,0 @@ -SUMMARY = "Multiplexing terminal manager" -DESCRIPTION = "Screen is a full-screen window manager \ -that multiplexes a physical terminal between several \ -processes, typically interactive shells." -HOMEPAGE = "http://www.gnu.org/software/screen/" -BUGTRACKER = "https://savannah.gnu.org/bugs/?func=additem&group=screen" - -SECTION = "console/utils" - -LICENSE = "GPL-3.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ - file://screen.h;endline=26;md5=b8dc717c9a3dba842ae6c44ca0f73f52 \ - " - -DEPENDS = "ncurses virtual/crypt \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" -RDEPENDS:${PN} = "base-files" - -SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \ - file://0002-comm.h-now-depends-on-term.h.patch \ - file://0001-fix-for-multijob-build.patch \ - file://0001-Remove-more-compatibility-stuff.patch \ - file://0001-configure-Add-needed-system-headers-in-checks.patch \ - file://signal-permission.patch \ - " - -SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4" - -inherit autotools texinfo - -PACKAGECONFIG ??= "" -PACKAGECONFIG[utempter] = "ac_cv_header_utempter_h=yes,ac_cv_header_utempter_h=no,libutempter," - -EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5 --with-sys-screenrc=${sysconfdir}/screenrc \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" - -do_install:append () { - install -D -m 644 ${S}/etc/etcscreenrc ${D}/${sysconfdir}/screenrc - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 644 ${WORKDIR}/screen.pam ${D}/${sysconfdir}/pam.d/screen - fi -} - -pkg_postinst:${PN} () { - grep -q "^${bindir}/screen$" $D${sysconfdir}/shells || echo ${bindir}/screen >> $D${sysconfdir}/shells -} - -pkg_postrm:${PN} () { - printf "$(grep -v "^${bindir}/screen$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells -} diff --git a/meta/recipes-extended/screen/screen_4.9.1.bb b/meta/recipes-extended/screen/screen_4.9.1.bb new file mode 100644 index 0000000000..7b040e6b57 --- /dev/null +++ b/meta/recipes-extended/screen/screen_4.9.1.bb @@ -0,0 +1,49 @@ +SUMMARY = "Multiplexing terminal manager" +DESCRIPTION = "Screen is a full-screen window manager \ +that multiplexes a physical terminal between several \ +processes, typically interactive shells." +HOMEPAGE = "http://www.gnu.org/software/screen/" +BUGTRACKER = "https://savannah.gnu.org/bugs/?func=additem&group=screen" + +SECTION = "console/utils" + +LICENSE = "GPL-3.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ + file://screen.h;endline=26;md5=b8dc717c9a3dba842ae6c44ca0f73f52 \ + " + +DEPENDS = "ncurses virtual/crypt \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" +RDEPENDS:${PN} = "base-files" + +SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \ + file://0002-comm.h-now-depends-on-term.h.patch \ + file://0001-fix-for-multijob-build.patch \ + file://0001-Remove-more-compatibility-stuff.patch \ + " + +SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69" + +inherit autotools texinfo + +PACKAGECONFIG ??= "" +PACKAGECONFIG[utempter] = "ac_cv_header_utempter_h=yes,ac_cv_header_utempter_h=no,libutempter," + +EXTRA_OECONF = "--with-pty-mode=0620 --with-pty-group=5 --with-sys-screenrc=${sysconfdir}/screenrc \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" + +do_install:append () { + install -D -m 644 ${S}/etc/etcscreenrc ${D}/${sysconfdir}/screenrc + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 644 ${WORKDIR}/screen.pam ${D}/${sysconfdir}/pam.d/screen + fi +} + +pkg_postinst:${PN} () { + grep -q "^${bindir}/screen$" $D${sysconfdir}/shells || echo ${bindir}/screen >> $D${sysconfdir}/shells +} + +pkg_postrm:${PN} () { + printf "$(grep -v "^${bindir}/screen$" $D${sysconfdir}/shells)\n" > $D${sysconfdir}/shells +} -- cgit v1.2.3-54-g00ecf