From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 07 Jan 2022 12:06:24 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n5n4i-00Dg8f-7T for lore@lore.pengutronix.de; Fri, 07 Jan 2022 12:06:24 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1n5n4h-0005tc-Dz; Fri, 07 Jan 2022 12:06:23 +0100 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1n5n3q-0005tA-N7; Fri, 07 Jan 2022 12:05:30 +0100 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1n5n3p-0006cH-36; Fri, 07 Jan 2022 12:05:29 +0100 Date: Fri, 7 Jan 2022 12:05:29 +0100 From: Michael Olbrich To: Christian Melki Message-ID: <20220107110529.GF1071@pengutronix.de> Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20211222130304.2549154-1-christian.melki@t2data.com> <20211222130304.2549154-18-christian.melki@t2data.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-Uptime: 12:00:06 up 27 days, 19:45, 82 users, load average: 0.05, 0.03, 0.05 User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [ptxdist] [PATCH] screen: Version bump 4.5.0 -> 4.8.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Fri, Jan 07, 2022 at 10:58:13AM +0100, Christian Melki wrote: > On 1/6/22 11:55 AM, Michael Olbrich wrote: > > On Wed, Dec 22, 2021 at 02:02:59PM +0100, Christian Melki wrote: > > > Package maintenance. > > > Fixes CVE-2021-26937, CVE-2020-9366, CVE-2017-5618 > > = > > There are several old patches. Some are cross-compile fixes, others are > > imported from Debian. I think some of them solve the same problem as yo= ur > > patches. Where are yours from? > > = > > This whole thing needs some cleanup. I think you can ignore the Debian > > patches. I can sort that out afterwards. > > = > > Also, if configure.ac is modified, then a autogen.sh link is needed. > > = > > Michael > > = > = > Patches are from Buildroot. > https://github.com/buildroot/buildroot/tree/master/package/screen > = > What do you need from me here? A new one with autogen.sh? > What do I do with the old patches? Actually, let me take care of it. I'll need to touch it anyways. So making you redo the patch ist just a waste of time. So nothing to do for you. Michael > > = > > > Signed-off-by: Christian Melki > > > --- > > > .../0001-no-memcpy-fallback.patch | 126 ++++++++++++++++ > > > .../0002-install-no-backup-binary.patch | 41 +++++ > > > .../0003-install-always-chmod.patch | 29 ++++ > > > .../0004-install-nonversioned-binary.patch | 31 ++++ > > > .../screen-4.8.0/0005-rename-sched_h.patch | 142 +++++++++++++++= +++ > > > .../0006-comm-h-now-depends-on-term-h.patch | 28 ++++ > > > ...-needed-for-list_-display-generic-.o.patch | 35 +++++ > > > .../screen-4.8.0/0008-CVE-2021-26937.patch | 68 +++++++++ > > > patches/screen-4.8.0/series | 9 ++ > > > rules/screen.make | 4 +- > > > 10 files changed, 511 insertions(+), 2 deletions(-) > > > create mode 100644 patches/screen-4.8.0/0001-no-memcpy-fallback.pat= ch > > > create mode 100644 patches/screen-4.8.0/0002-install-no-backup-bina= ry.patch > > > create mode 100644 patches/screen-4.8.0/0003-install-always-chmod.p= atch > > > create mode 100644 patches/screen-4.8.0/0004-install-nonversioned-b= inary.patch > > > create mode 100644 patches/screen-4.8.0/0005-rename-sched_h.patch > > > create mode 100644 patches/screen-4.8.0/0006-comm-h-now-depends-on-= term-h.patch > > > create mode 100644 patches/screen-4.8.0/0007-comm.h-needed-for-list= _-display-generic-.o.patch > > > create mode 100644 patches/screen-4.8.0/0008-CVE-2021-26937.patch > > > create mode 100644 patches/screen-4.8.0/series > > > = > > > diff --git a/patches/screen-4.8.0/0001-no-memcpy-fallback.patch b/pat= ches/screen-4.8.0/0001-no-memcpy-fallback.patch > > > new file mode 100644 > > > index 000000000..213790719 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0001-no-memcpy-fallback.patch > > > @@ -0,0 +1,126 @@ > > > +From: Maarten ter Huurne > > > +Date: Sat, 13 Sep 2014 11:37:59 +0200 > > > +Subject: Do not use memcpy as an alternative for bcopy/memmove > > > + > > > +The configure script runs a small test program to check whether > > > +memcpy can handle overlapping memory areas. However, it is not valid > > > +to conclude that if a single case of overlapping memory is handled > > > +correctly, all cases will be handled correctly. > > > + > > > +Since screen already has its own bcopy implementation as a fallback > > > +for the case that bcopy and memmove are unusable, removing the memcpy > > > +option should not break any systems. > > > + > > > +Signed-off-by: Maarten ter Huurne > > > +[Ricardo: rebase on top of 4.3.1] > > > +Signed-off-by: Ricardo Martincoski > > > +[Bernd: rebase on top of 4.7.0] > > > +Signed-off-by: Bernd Kuhls > > > +--- > > > + acconfig.h | 3 +-- > > > + configure.ac | 18 +----------------- > > > + os.h | 8 ++------ > > > + osdef.h.in | 10 +--------- > > > + 4 files changed, 5 insertions(+), 34 deletions(-) > > > + > > > +diff --git a/acconfig.h b/acconfig.h > > > +index 2e46985..9b0b9d4 100644 > > > +--- a/acconfig.h > > > ++++ b/acconfig.h > > > +@@ -476,7 +476,7 @@ > > > + #undef GETTTYENT > > > + > > > + /* > > > +- * Define USEBCOPY if the bcopy/memcpy from your system's C library > > > ++ * Define USEBCOPY if the bcopy from your system's C library > > > + * supports the overlapping of source and destination blocks. When > > > + * undefined, screen uses its own (probably slower) version of bcop= y(). > > > + * > > > +@@ -487,7 +487,6 @@ > > > + * Their memove fails the test in the configure script. Sigh. (Juer= gen) > > > + */ > > > + #undef USEBCOPY > > > +-#undef USEMEMCPY > > > + #undef USEMEMMOVE > > > + > > > + /* > > > +diff --git a/configure.ac b/configure.ac > > > +index 27690a6..b8e3bec 100644 > > > +--- a/configure.ac > > > ++++ b/configure.ac > > > +@@ -1145,7 +1145,7 @@ AC_TRY_LINK(,[getttyent();], AC_DEFINE(GETTTYE= NT)) > > > + AC_CHECKING(fdwalk) > > > + AC_TRY_LINK([#include ], [fdwalk(NULL, NULL);],AC_DEFINE(= HAVE_FDWALK)) > > > + > > > +-AC_CHECKING(whether memcpy/memmove/bcopy handles overlapping argume= nts) > > > ++AC_CHECKING(whether memmove/bcopy handles overlapping arguments) > > > + AC_TRY_RUN([ > > > + main() { > > > + char buf[10]; > > > +@@ -1175,22 +1175,6 @@ main() { > > > + exit(0); /* libc version works properly. */ > > > + }], AC_DEFINE(USEMEMMOVE)) > > > + > > > +- > > > +-AC_TRY_RUN([ > > > +-#define bcopy(s,d,l) memcpy(d,s,l) > > > +-main() { > > > +- char buf[10]; > > > +- strcpy(buf, "abcdefghi"); > > > +- bcopy(buf, buf + 2, 3); > > > +- if (strncmp(buf, "ababcf", 6)) > > > +- exit(1); > > > +- strcpy(buf, "abcdefghi"); > > > +- bcopy(buf + 2, buf, 3); > > > +- if (strncmp(buf, "cdedef", 6)) > > > +- exit(1); > > > +- exit(0); /* libc version works properly. */ > > > +-}], AC_DEFINE(USEMEMCPY),,:) > > > +- > > > + AC_SYS_LONG_FILE_NAMES > > > + > > > + AC_MSG_CHECKING(for vsprintf) > > > +diff --git a/os.h b/os.h > > > +index e827ac9..0b41fb9 100644 > > > +--- a/os.h > > > ++++ b/os.h > > > +@@ -142,12 +142,8 @@ extern int errno; > > > + # ifdef USEMEMMOVE > > > + # define bcopy(s,d,len) memmove(d,s,len) > > > + # else > > > +-# ifdef USEMEMCPY > > > +-# define bcopy(s,d,len) memcpy(d,s,len) > > > +-# else > > > +-# define NEED_OWN_BCOPY > > > +-# define bcopy xbcopy > > > +-# endif > > > ++# define NEED_OWN_BCOPY > > > ++# define bcopy xbcopy > > > + # endif > > > + #endif > > > + > > > +diff --git a/osdef.h.in b/osdef.h.in > > > +index 8687b60..e4057a0 100644 > > > +--- a/osdef.h.in > > > ++++ b/osdef.h.in > > > +@@ -58,16 +58,8 @@ extern int bcmp __P((char *, char *, int)); > > > + extern int killpg __P((int, int)); > > > + #endif > > > + > > > +-#ifndef USEBCOPY > > > +-# ifdef USEMEMCPY > > > +-extern void memcpy __P((char *, char *, int)); > > > +-# else > > > +-# ifdef USEMEMMOVE > > > ++#if defined(USEMEMMOVE) && !defined(USEBCOPY) > > > + extern void memmove __P((char *, char *, int)); > > > +-# else > > > +-extern void bcopy __P((char *, char *, int)); > > > +-# endif > > > +-# endif > > > + #else > > > + extern void bcopy __P((char *, char *, int)); > > > + #endif > > > +-- > > > +1.8.4.5 > > > + > > > diff --git a/patches/screen-4.8.0/0002-install-no-backup-binary.patch= b/patches/screen-4.8.0/0002-install-no-backup-binary.patch > > > new file mode 100644 > > > index 000000000..7842662b5 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0002-install-no-backup-binary.patch > > > @@ -0,0 +1,41 @@ > > > +From: Maarten ter Huurne > > > +Date: Sun, 14 Sep 2014 23:58:34 +0200 > > > +Subject: Do not create backup of old installed binary > > > + > > > +This is a rather unusual feature that packagers will not expect. > > > + > > > +Signed-off-by: Maarten ter Huurne > > > +[baruch: update for 4.6.2] > > > +Signed-off-by: Baruch Siach > > > +--- > > > + Makefile.in | 4 ---- > > > + 1 file changed, 4 deletions(-) > > > + > > > +diff --git a/Makefile.in b/Makefile.in > > > +index 187a69b..65549e9 100644 > > > +--- a/Makefile.in > > > ++++ b/Makefile.in > > > +@@ -83,12 +83,9 @@ screen: $(OFILES) > > > + $(OPTIONS) $(CFLAGS) $< > > > + > > > + install_bin: .version screen installdirs > > > +- -if [ -f $(DESTDIR)$(bindir)/$(SCREEN) ] && [ ! -f $(DESTDIR)$(bin= dir)/$(SCREEN).old ]; \ > > > +- then mv $(DESTDIR)$(bindir)/$(SCREEN) $(DESTDIR)$(bindir)/$(SCREE= N).old; fi > > > + $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN) > > > + -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)= $(bindir)/$(SCREEN) > > > + # This doesn't work if $(bindir)/screen is a symlink > > > +- -if [ -f $(DESTDIR)$(bindir)/screen ] && [ ! -f $(DESTDIR)$(bindir= )/screen.old ]; then mv $(DESTDIR)$(bindir)/screen $(DESTDIR)$(bindir)/scre= en.old; fi > > > + rm -f $(DESTDIR)$(bindir)/screen > > > + (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen) > > > + cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS) > > > +@@ -113,7 +110,6 @@ installdirs: > > > + uninstall: .version > > > + rm -f $(DESTDIR)$(bindir)/$(SCREEN) > > > + rm -f $(DESTDIR)$(bindir)/screen > > > +- -mv $(DESTDIR)$(bindir)/screen.old $(DESTDIR)$(bindir)/screen > > > + rm -f $(DESTDIR)$(ETCSCREENRC) > > > + cd doc; $(MAKE) uninstall > > > + > > > +-- > > > +1.8.4.5 > > > + > > > diff --git a/patches/screen-4.8.0/0003-install-always-chmod.patch b/p= atches/screen-4.8.0/0003-install-always-chmod.patch > > > new file mode 100644 > > > index 000000000..0aa7690b0 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0003-install-always-chmod.patch > > > @@ -0,0 +1,29 @@ > > > +From: Maarten ter Huurne > > > +Date: Mon, 15 Sep 2014 00:03:05 +0200 > > > +Subject: Change binary permission flags even if chown fails > > > + > > > +Typically when creating a package, the build is not run as root, so > > > +the chown will fail. But the chmod can still be done. > > > + > > > +Signed-off-by: Maarten ter Huurne > > > +--- > > > + Makefile.in | 3 ++- > > > + 1 file changed, 2 insertions(+), 1 deletion(-) > > > + > > > +diff --git a/Makefile.in b/Makefile.in > > > +index 65549e9..3c12fdb 100644 > > > +--- a/Makefile.in > > > ++++ b/Makefile.in > > > +@@ -84,7 +84,8 @@ screen: $(OFILES) > > > + > > > + install_bin: .version screen > > > + $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN) > > > +- -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)= $(bindir)/$(SCREEN) > > > ++ -chown root $(DESTDIR)$(bindir)/$(SCREEN) > > > ++ -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN) > > > + # This doesn't work if $(bindir)/screen is a symlink > > > + rm -f $(DESTDIR)$(bindir)/screen > > > + (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen) > > > +-- > > > +1.8.4.5 > > > + > > > diff --git a/patches/screen-4.8.0/0004-install-nonversioned-binary.pa= tch b/patches/screen-4.8.0/0004-install-nonversioned-binary.patch > > > new file mode 100644 > > > index 000000000..ecbbd6519 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0004-install-nonversioned-binary.patch > > > @@ -0,0 +1,31 @@ > > > +From: Maarten ter Huurne > > > +Date: Mon, 15 Sep 2014 00:06:20 +0200 > > > +Subject: Support overriding SCREEN to get a non-versioned binary > > > + > > > +If a packager runs "make install SCREEN=3Dscreen", do not create > > > +"screen" as a symlink to itself. > > > + > > > +Signed-off-by: Maarten ter Huurne > > > +--- > > > + Makefile.in | 2 ++ > > > + 1 file changed, 2 insertions(+) > > > + > > > +diff --git a/Makefile.in b/Makefile.in > > > +index 3c12fdb..860f351 100644 > > > +--- a/Makefile.in > > > ++++ b/Makefile.in > > > +@@ -86,9 +86,11 @@ install_bin: .version screen > > > + $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN) > > > + -chown root $(DESTDIR)$(bindir)/$(SCREEN) > > > + -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN) > > > ++ifneq (${SCREEN},screen) > > > + # This doesn't work if $(bindir)/screen is a symlink > > > + rm -f $(DESTDIR)$(bindir)/screen > > > + (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen) > > > ++endif > > > + cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS) > > > + > > > + ###################################################################= ############ > > > +-- > > > +1.8.4.5 > > > + > > > diff --git a/patches/screen-4.8.0/0005-rename-sched_h.patch b/patches= /screen-4.8.0/0005-rename-sched_h.patch > > > new file mode 100644 > > > index 000000000..9b29b76e0 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0005-rename-sched_h.patch > > > @@ -0,0 +1,142 @@ > > > +From: Maarten ter Huurne > > > +Date: Mon, 15 Sep 2014 00:24:41 +0200 > > > +Subject: Renamed sched.h to eventqueue.h > > > + > > > +There is a system header that got shadowed by "sched.h". > > > +While Screen itself doesn't include , other system headers > > > +might include it indirectly. This broke the build when using uClibc > > > +with pthread support. > > > + > > > +Signed-off-by: Maarten ter Huurne > > > +--- > > > + eventqueue.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ > > > + sched.h | 48 ------------------------------------------------ > > > + screen.h | 2 +- > > > + 3 files changed, 49 insertions(+), 49 deletions(-) > > > + create mode 100644 eventqueue.h > > > + delete mode 100644 sched.h > > > + > > > +diff --git a/eventqueue.h b/eventqueue.h > > > +new file mode 100644 > > > +index 0000000..fdc3fc4 > > > +--- /dev/null > > > ++++ b/eventqueue.h > > > +@@ -0,0 +1,48 @@ > > > ++/* Copyright (c) 2008, 2009 > > > ++ * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > > > ++ * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.d= e) > > > ++ * Micah Cowan (micah@cowan.name) > > > ++ * Sadrul Habib Chowdhury (sadrul@users.sourceforge.net) > > > ++ * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007 > > > ++ * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > > > ++ * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.d= e) > > > ++ * Copyright (c) 1987 Oliver Laumann > > > ++ * > > > ++ * This program is free software; you can redistribute it and/or mo= dify > > > ++ * it under the terms of the GNU General Public License as publishe= d by > > > ++ * the Free Software Foundation; either version 3, or (at your opti= on) > > > ++ * any later version. > > > ++ * > > > ++ * This program is distributed in the hope that it will be useful, > > > ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of > > > ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > ++ * GNU General Public License for more details. > > > ++ * > > > ++ * You should have received a copy of the GNU General Public License > > > ++ * along with this program (see the file COPYING); if not, see > > > ++ * https://www.gnu.org/licenses/, or contact Free Software Foundati= on, Inc., > > > ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA > > > ++ * > > > ++ **************************************************************** > > > ++ * $Id$ GNU > > > ++ */ > > > ++ > > > ++struct event > > > ++{ > > > ++ struct event *next; > > > ++ void (*handler) __P((struct event *, char *)); > > > ++ char *data; > > > ++ int fd; > > > ++ int type; > > > ++ int pri; > > > ++ struct timeval timeout; > > > ++ int queued; /* in evs queue */ > > > ++ int active; /* in fdset */ > > > ++ int *condpos; /* only active if condpos - condneg > 0 */ > > > ++ int *condneg; > > > ++}; > > > ++ > > > ++#define EV_TIMEOUT 0 > > > ++#define EV_READ 1 > > > ++#define EV_WRITE 2 > > > ++#define EV_ALWAYS 3 > > > +diff --git a/sched.h b/sched.h > > > +deleted file mode 100644 > > > +index fdc3fc4..0000000 > > > +--- a/sched.h > > > ++++ /dev/null > > > +@@ -1,48 +0,0 @@ > > > +-/* Copyright (c) 2008, 2009 > > > +- * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > > > +- * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.d= e) > > > +- * Micah Cowan (micah@cowan.name) > > > +- * Sadrul Habib Chowdhury (sadrul@users.sourceforge.net) > > > +- * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007 > > > +- * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > > > +- * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.d= e) > > > +- * Copyright (c) 1987 Oliver Laumann > > > +- * > > > +- * This program is free software; you can redistribute it and/or mo= dify > > > +- * it under the terms of the GNU General Public License as publishe= d by > > > +- * the Free Software Foundation; either version 3, or (at your opti= on) > > > +- * any later version. > > > +- * > > > +- * This program is distributed in the hope that it will be useful, > > > +- * but WITHOUT ANY WARRANTY; without even the implied warranty of > > > +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > > +- * GNU General Public License for more details. > > > +- * > > > +- * You should have received a copy of the GNU General Public License > > > +- * along with this program (see the file COPYING); if not, see > > > +- * https://www.gnu.org/licenses/, or contact Free Software Foundati= on, Inc., > > > +- * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA > > > +- * > > > +- **************************************************************** > > > +- * $Id$ GNU > > > +- */ > > > +- > > > +-struct event > > > +-{ > > > +- struct event *next; > > > +- void (*handler) __P((struct event *, char *)); > > > +- char *data; > > > +- int fd; > > > +- int type; > > > +- int pri; > > > +- struct timeval timeout; > > > +- int queued; /* in evs queue */ > > > +- int active; /* in fdset */ > > > +- int *condpos; /* only active if condpos - condneg > 0 */ > > > +- int *condneg; > > > +-}; > > > +- > > > +-#define EV_TIMEOUT 0 > > > +-#define EV_READ 1 > > > +-#define EV_WRITE 2 > > > +-#define EV_ALWAYS 3 > > > +diff --git a/screen.h b/screen.h > > > +index 603ca3f..34238c8 100644 > > > +--- a/screen.h > > > ++++ b/screen.h > > > +@@ -43,7 +43,7 @@ > > > + #include "osdef.h" > > > + > > > + #include "ansi.h" > > > +-#include "sched.h" > > > ++#include "eventqueue.h" > > > + #include "acls.h" > > > + #include "comm.h" > > > + #include "layer.h" > > > +-- > > > +1.8.4.5 > > > + > > > diff --git a/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.p= atch b/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch > > > new file mode 100644 > > > index 000000000..6ff6f3da0 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch > > > @@ -0,0 +1,28 @@ > > > +From 39c5f1c76f1fcef4b5958bf828a63f53426b6984 Mon Sep 17 00:00:00 20= 01 > > > +From: Mike Gerwitz > > > +Date: Tue, 24 Dec 2013 22:16:31 -0500 > > > +Subject: comm.h now depends on term.h > > > + > > > +Signed-off-by: Fabrice Fontaine > > > +[Patch retrieved and updated from: > > > +http://git.savannah.gnu.org/cgit/screen.git/commit/?id=3D39c5f1c] > > > +--- > > > + src/Makefile.in | 2 +- > > > + 1 file changed, 1 insertion(+), 1 deletion(-) > > > + > > > +diff --git a/Makefile.in b/Makefile.in > > > +index e791e79..d4f7c0b 100644 > > > +--- a/Makefile.in > > > ++++ b/Makefile.in > > > +@@ -113,7 +113,7 @@ term.h: term.c term.sh > > > + > > > + kmapdef.c: term.h > > > + > > > +-comm.h: comm.c comm.sh config.h > > > ++comm.h: comm.c comm.sh config.h term.h > > > + AWK=3D$(AWK) CC=3D"$(CC) $(CFLAGS)" srcdir=3D${srcdir} sh $(srcdir= )/comm.sh > > > + > > > + docs: > > > +-- > > > +cgit v1.0-41-gc330 > > > + > > > diff --git a/patches/screen-4.8.0/0007-comm.h-needed-for-list_-displa= y-generic-.o.patch b/patches/screen-4.8.0/0007-comm.h-needed-for-list_-disp= lay-generic-.o.patch > > > new file mode 100644 > > > index 000000000..f406a1afa > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-gener= ic-.o.patch > > > @@ -0,0 +1,35 @@ > > > +From b719314d201a3e9e1e57c65746a468c47bfc847f Mon Sep 17 00:00:00 20= 01 > > > +From: Fabrice Fontaine > > > +Date: Wed, 3 Oct 2018 22:29:32 +0200 > > > +Subject: [PATCH] comm.h needed for list_{display,generic}.o > > > + > > > +comm.h is needed to build list_display.o and list_generic.o otherwise > > > +parallel builds will sometimes fail > > > + > > > +Fixes: > > > + - http://autobuild.buildroot.org/results/43105f14857dbe72d8878fc7b3= db67f7bdca93cc > > > + - http://autobuild.buildroot.org/results/47f4ecbec1355285633df287fc= 9c4e7cccde9378 > > > + > > > +Signed-off-by: Fabrice Fontaine > > > +[Upstream status: https://savannah.gnu.org/bugs/index.php?54776] > > > +--- > > > + Makefile.in | 4 ++-- > > > + 1 file changed, 2 insertions(+), 2 deletions(-) > > > + > > > +diff --git a/Makefile.in b/Makefile.in > > > +index af5938b..e6d5247 100644 > > > +--- a/Makefile.in > > > ++++ b/Makefile.in > > > +@@ -265,7 +265,7 @@ braille.h > > > + viewport.o: layout.h viewport.h canvas.h viewport.c config.h screen= .h os.h osdef.h ansi.h acls.h \ > > > + comm.h layer.h term.h image.h display.h window.h extern.h \ > > > + braille.h > > > +-list_generic.o: list_generic.h list_generic.c layer.h screen.h osde= f.h > > > +-list_display.o: list_generic.h list_display.c layer.h screen.h osde= f.h > > > ++list_generic.o: list_generic.h list_generic.c layer.h screen.h osde= f.h comm.h > > > ++list_display.o: list_generic.h list_display.c layer.h screen.h osde= f.h comm.h > > > + list_window.o: list_generic.h list_window.c window.h layer.h screen= .h osdef.h comm.h > > > + > > > +-- > > > +2.17.1 > > > + > > > diff --git a/patches/screen-4.8.0/0008-CVE-2021-26937.patch b/patches= /screen-4.8.0/0008-CVE-2021-26937.patch > > > new file mode 100644 > > > index 000000000..df7efa029 > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/0008-CVE-2021-26937.patch > > > @@ -0,0 +1,68 @@ > > > +Description: [CVE-2021-26937] Fix out of bounds array access > > > +Author: Michael Schr=F6der > > > +Bug-Debian: https://bugs.debian.org/982435 > > > +Bug: https://savannah.gnu.org/bugs/?60030 > > > +Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg0000= 0.html > > > +Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/0= 2/09/3 > > > +Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg0= 0010.html > > > + > > > +Downloaded from Debian: > > > +https://sources.debian.org/data/main/s/screen/4.8.0-5/debian/patches= /99_CVE-2021-26937.patch > > > + > > > +Signed-off-by: Peter Korsgaard > > > +--- a/encoding.c > > > ++++ b/encoding.c > > > +@@ -43,7 +43,7 @@ > > > + # ifdef UTF8 > > > + static int recode_char __P((int, int, int)); > > > + static int recode_char_to_encoding __P((int, int)); > > > +-static void comb_tofront __P((int, int)); > > > ++static void comb_tofront __P((int)); > > > + # ifdef DW_CHARS > > > + static int recode_char_dw __P((int, int *, int, int)); > > > + static int recode_char_dw_to_encoding __P((int, int *, int)); > > > +@@ -1263,6 +1263,8 @@ > > > + {0x30000, 0x3FFFD}, > > > + }; > > > + > > > ++ if (c >=3D 0xdf00 && c <=3D 0xdfff) > > > ++ return 1; /* dw combining sequence */ > > > + return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval)= - 1)) || > > > + (cjkwidth && > > > + bisearch(c, ambiguous, > > > +@@ -1330,11 +1332,12 @@ > > > + } > > > + > > > + static void > > > +-comb_tofront(root, i) > > > +-int root, i; > > > ++comb_tofront(i) > > > ++int i; > > > + { > > > + for (;;) > > > + { > > > ++ int root =3D i >=3D 0x700 ? 0x801 : 0x800; > > > + debug1("bring to front: %x\n", i); > > > + combchars[combchars[i]->prev]->next =3D combchars[i]->next; > > > + combchars[combchars[i]->next]->prev =3D combchars[i]->prev; > > > +@@ -1396,9 +1399,9 @@ > > > + { > > > + /* full, recycle old entry */ > > > + if (c1 >=3D 0xd800 && c1 < 0xe000) > > > +- comb_tofront(root, c1 - 0xd800); > > > ++ comb_tofront(c1 - 0xd800); > > > + i =3D combchars[root]->prev; > > > +- if (c1 =3D=3D i + 0xd800) > > > ++ if (i =3D=3D 0x800 || i =3D=3D 0x801 || c1 =3D=3D i + 0xd800) > > > + { > > > + /* completely full, can't recycle */ > > > + debug("utf8_handle_comp: completely full!\n"); > > > +@@ -1422,7 +1425,7 @@ > > > + mc->font =3D (i >> 8) + 0xd8; > > > + mc->fontx =3D 0; > > > + debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); > > > +- comb_tofront(root, i); > > > ++ comb_tofront(i); > > > + } > > > + > > > + #else /* !UTF8 */ > > > diff --git a/patches/screen-4.8.0/series b/patches/screen-4.8.0/series > > > new file mode 100644 > > > index 000000000..c72b2fd5f > > > --- /dev/null > > > +++ b/patches/screen-4.8.0/series > > > @@ -0,0 +1,9 @@ > > > +0001-no-memcpy-fallback.patch > > > +0002-install-no-backup-binary.patch > > > +0003-install-always-chmod.patch > > > +0004-install-nonversioned-binary.patch > > > +0005-rename-sched_h.patch > > > +0006-comm-h-now-depends-on-term-h.patch > > > +0007-comm.h-needed-for-list_-display-generic-.o.patch > > > +0008-CVE-2021-26937.patch > > > + > > > diff --git a/rules/screen.make b/rules/screen.make > > > index 39a96dae2..1087dfc9d 100644 > > > --- a/rules/screen.make > > > +++ b/rules/screen.make > > > @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) +=3D screen > > > # > > > # Paths and names > > > # > > > -SCREEN_VERSION :=3D 4.5.0 > > > -SCREEN_MD5 :=3D a32105a91359afab1a4349209a028e31 > > > +SCREEN_VERSION :=3D 4.8.0 > > > +SCREEN_MD5 :=3D d276213d3acd10339cd37848b8c4ab1e > > > SCREEN :=3D screen-$(SCREEN_VERSION) > > > SCREEN_SUFFIX :=3D tar.gz > > > SCREEN_URL :=3D $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_S= UFFIX)) > > > -- = > > > 2.30.2 > > > = > > > = > > > _______________________________________________ > > > ptxdist mailing list > > > ptxdist@pengutronix.de > > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-req= uest@pengutronix.de > > = > = -- = Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@p= engutronix.de