From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Mon, 24 Apr 2023 19:54:01 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1pr0Nz-00Fr5J-Jm
	for lore@lore.pengutronix.de; Mon, 24 Apr 2023 19:54:01 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1pr0Nz-000141-Rp; Mon, 24 Apr 2023 19:53:59 +0200
Received: from mail-am7eur03on2078.outbound.protection.outlook.com
 ([40.107.105.78] helo=EUR03-AM7-obe.outbound.protection.outlook.com)
 by metis.ext.pengutronix.de with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <christian.melki@t2data.com>) id 1pr0NP-00013l-0g
 for ptxdist@pengutronix.de; Mon, 24 Apr 2023 19:53:24 +0200
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=AfLiGYkMz2t/NR/J4hT1PN7TYn8SFoZv7IvrXDZ+cbde5SN5HdTIqw5h2Z5XyeFcLTfDMS8vtcvuhivcz5eLXT+2w2wx+T3CFgqDxjYyiktplS51XOACqH+bwOgN4UvkyI2QnUWQmpXfHvNukerAc9Yy3LTUQWdsCVM3DViD/9i4qXGv5sHRLUe6qQ0l+s0MO4/+shuuhQP3vFv4yqZ/hjOnlbK+UIAVh5UQbVQ8RdxJCEMTWj2avzKwBQTt54YaU6JnZV+QqvJNeEQVW5tAdKHEYKigZQ156ZsK4vlAVQ0I6GVirzf7KLjhoSZRPftiezHpaOq9Zm+kxTx6oxvz3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=LjNsAdXKa+NZNZxp6JPUf82cfs6OPpeBWzR8wNusUVY=;
 b=M5TPjA7w1QCvAF186I8y3+GY4qZgjP6l/ZlOQunCiYCZinSoO4gJ+sYZBzoDJTZpadAdZBY2j8u9iQKfyDmV03hBmom2JnfXM3vczS1L6iZZjNDIugZ56IbRuSJQXFDM1zHKUQFPNgpT6HhGPJqeed8DKkMCNgJox+m/nuEnBTBpuckwqDJx8dw4vGV9gm+XrENCZnjVSDLG5tGAHcK0gaGo05Vh5H+lXG0FWwc4jfTL6uM2U2kSqcIfQlvxK9mJRxqWStBSesduKJaSFYYdLB0+DndcPNTUpi7/jncZxAivxpLhURhFpM0ql77AaiE7i/cHww+w0VoET9TH1+dErQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com;
 dkim=pass header.d=t2data.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=LjNsAdXKa+NZNZxp6JPUf82cfs6OPpeBWzR8wNusUVY=;
 b=Njk5ZO2PhLy2B4Sbam9Cn1UW2LbPlEdLOtlBz5T7pmrebMdw0DGumhMUX7s8ri/z+p6+k9J+vscxYNhtQt3iOQAS+UGgQ6kZSpOTv8OK9J2ODOJrvaMA9C1xgxMl0AJB4u5SVlFbBl7tL4WDo921fRjlb1drfkqmJG0/sUoQ9pY=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=t2data.com;
Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22)
 by PAXP251MB0623.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:284::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Mon, 24 Apr
 2023 17:53:19 +0000
Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
 ([fe80::8870:34db:67db:6e1f]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
 ([fe80::8870:34db:67db:6e1f%6]) with mapi id 15.20.6319.033; Mon, 24 Apr 2023
 17:53:19 +0000
From: Christian Melki <christian.melki@t2data.com>
To: ptxdist@pengutronix.de
Date: Mon, 24 Apr 2023 19:52:13 +0200
Message-Id: <20230424175213.1378743-1-christian.melki@t2data.com>
X-Mailer: git-send-email 2.34.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: GVX0EPF000013D4.SWEP280.PROD.OUTLOOK.COM
 (2603:10a6:144:1::10) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
 (2603:10a6:10:334::22)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|PAXP251MB0623:EE_
X-MS-Office365-Filtering-Correlation-Id: cca699b1-0fea-4353-2046-08db44ecc9b6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 8/gS5z3PF61VQAmsSYRcmnOY/HzCNDE7ST5xSL0RClX8zSt9kMWygrLrF/TLwLsJUq00eC2OWjbQWBpgZRWijU81QMZXhcSsWgd37KxpfIaPID9kvYt3xGpHQbn4IgmoboAxujH5zD66A4t0Qt7M018Ijbiotw1cJkcopE89K5hRMGYOnYomOMWvd5FzYHUSIENLfpWBJ1LayGTOvBF66BEKFnDhMEKFTth5+EdNfcjgO/iepxPtzBPj+e/YWgNvMoKCz10YsAuJAaRuFXzMBB1/k/d0rc9dx2tRHvpO22H49m/LAElgn/1kUj9UjciENL1sEANm+Xmw92twmXlSRzxPXiMm5dSrq2MeW8mqpCkLoVFEUTp6B51eqgsr01s2RroFOcqosvVrKOSLpOJYM8tcTXC+Iux7BOaDROxKjwQD+5osO5tmJsDh+wVMTEK4LUl0qEkzaXqZRmZov0UEGgaFAqrMADvK21D1H6S6uQfekPsH2AhWIydzFguyY6PBvTicfiwveVbEsZ49lPtGmWcpqwNmPjbPccpOwiyjdr03rmokykRf6gilW8+B6d/q/7F2rPmkzJwdL+cC5k/DC/cT4lQSvZnhVZukgFmDPys=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
 SFS:(13230028)(396003)(366004)(346002)(376002)(136003)(39830400003)(451199021)(38350700002)(36756003)(8676002)(8936002)(478600001)(66476007)(66556008)(6916009)(66946007)(44832011)(316002)(41300700001)(2906002)(38100700002)(5660300002)(2616005)(86362001)(186003)(966005)(26005)(6506007)(6512007)(1076003)(52116002)(6486002)(6666004)(83380400001);
 DIR:OUT; SFP:1101; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?W972+cMY2uXVGxnk9R20ajLolBInYDFrIv4y6K++2aIM0LoRIm43OeMxDdY/?=
 =?us-ascii?Q?wMA86723prpWaKo2fpqD4NBypjv6GsCq8QKuytOZ9cNqRC7uozBKASIaPN0r?=
 =?us-ascii?Q?SV7ZfT00VLWRZ2rYNngB4WpdEUXHnoKpdHDprSgvbSRvINL4HjvL7skiUPWc?=
 =?us-ascii?Q?nxHLB4qrSsX6AFd6F6ESRW8MxQ7f8SjfD/VgZH6gDFWJg5ow9Wl9W/8VCAqV?=
 =?us-ascii?Q?IxinhXwnkoTofQ+9SG4q1CovgUqdPtVGotaUx91B9gbzoXw2c16qaJ9GjBd4?=
 =?us-ascii?Q?w7PkHoLDl1H93MNEjt6bsFfsLpaJ/dm0mX+88deURU5q3w+Ht/rXEgX4nUyd?=
 =?us-ascii?Q?RjPR4vnmpxw6zeg5qyCQSiHd/lVWjPFLwzq32mXZEWyB8L78WMOKcaoHzmTa?=
 =?us-ascii?Q?de04Bkfq5T/ekSDWAiBWlA/bUURexph1sn/ypV+Sm35sLPnAetd1JjM4k4bM?=
 =?us-ascii?Q?dbBma3aDI3rxP3nb3slRYhhPGhoiQVgW7uVJHBGrsoFU/Gc23k3SVvWRLo7X?=
 =?us-ascii?Q?5pH++abNyaYA1av6prXoOWLYMYNxcny3ZjXqQWHNTGpLicFxweUu0ntS+lmW?=
 =?us-ascii?Q?zVJ9IODHJfXHIIO6FxY+lkAWHtHttzMowvFcgcmadFas5kX++svqrdZ3ORaz?=
 =?us-ascii?Q?iuzqhkewNoYTOvZ0KKJoqyI58HHjGt6TI0dEcCSA0G2A8bAJ3/mwaytsDxhs?=
 =?us-ascii?Q?MBFa2hWdloNXAuB8Vn5GEf4pzq7PWVJ5/X4HK61/flv1LAU2UPCAvay/twLU?=
 =?us-ascii?Q?OCfXAxtfQ6t0kT5UEotmNnq/nF60Rd0I9qWSPBXgRbWwYhdgEdOwaaA+lzKv?=
 =?us-ascii?Q?ERWrorJv4B7SgyAeZAL2VWuHt4/pg3g93yqCx0lfgH8fq3wq696dAxf7utJz?=
 =?us-ascii?Q?X58TLa16MPnIvhfvCr3SLaawQPqbymhV8btTVUwMvTfJl0nkCWOaQL1rZrQl?=
 =?us-ascii?Q?w5PSBQBFJpgEHEYIYR0Ch4NOApQKZCS+IfizxZYSMT7ojSxYM0SwP3QPlE2O?=
 =?us-ascii?Q?lAZ5PDBK8yKgsPbZa29PNXZ1oJwLDIJyRPpGHHd4acscF+KEabKssl5Bwv7L?=
 =?us-ascii?Q?ZqiQgqdddwg3/445tnOfy/eDfjc40pir6GXHpo3VdRaRI5l2ZjFIoFGoXxOD?=
 =?us-ascii?Q?jAyabGV6U02xK9KUxo8twNhoCfrKhve9uZnYHwHoh8rzpY3MaXbNowob3DOw?=
 =?us-ascii?Q?LmreVpr0unQPzIXHJNpK4PaBovqxp8tWRhTLDLVrbc11k3+BrDYvcq12faQW?=
 =?us-ascii?Q?DhtKB6u75LojXcv7zqLudCpfkdjV+Pg+gb4gETDkvwHL9yOWy5ncnKRhFPL4?=
 =?us-ascii?Q?xnYO5+ysBImmci697gJ1/kk0jEzWPIrEmkRi5L8IoY+Vg5smzHJYyz9vNocU?=
 =?us-ascii?Q?zduVqojBw9aksIbo8X2iVFAlObVKTgzm0e0i51oABFbHUKwankzOIoSzVjbI?=
 =?us-ascii?Q?7ia8fZae1jezOZkcYlrF68t7Pb7WaL/pahExHkGEZGCiPwg1+NRyu+or5d00?=
 =?us-ascii?Q?EM+K43drpspYm9bpoGfw8Bv+N0TIKeKcqaQSLcFsKjU3fNZ+xnllQhxrAR08?=
 =?us-ascii?Q?7BcDSmObs9cizSMJEKFrPPHCaOxx9DaGNrx9BQq/j0Ld2VQjo8ByU/OSLnQR?=
 =?us-ascii?Q?DA=3D=3D?=
X-OriginatorOrg: t2data.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cca699b1-0fea-4353-2046-08db44ecc9b6
X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2023 17:53:19.1444 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: /IRdUskjHEMjjc/3t/5wL5cB/6+LY+rQZuv5YrL9uFRzsUJCtUCEAe3LG91cMIijyA91fjheVSqa90JRFT5+Qhf+UUBm2hWVp++8/NAHbo0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP251MB0623
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.ext.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED,
 DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2
Subject: [ptxdist] [PATCH] screen: Plug CVE-2023-24626.
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Mishap with priviliged signal handling.
https://nvd.nist.gov/vuln/detail/CVE-2023-24626

* Provide patch as is for 4.9.0, including the whitespace touchup.

Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
 ...al-sending-permission-check-on-faile.patch | 33 +++++++++++++++++++
 patches/screen-4.9.0/series                   |  3 +-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch

diff --git a/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch b/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
new file mode 100644
index 000000000..1acd66a19
--- /dev/null
+++ b/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
@@ -0,0 +1,33 @@
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: [PATCH] fix: missing signal sending permission check on failed query
+ messages
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+---
+ socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/socket.c b/socket.c
+index bb68b35353b9..9d874457dfce 100644
+--- a/socket.c
++++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+           else
+             queryflag = -1;
+ 
+-          Kill(m.m.command.apid,
++          if (CheckPid(m.m.command.apid)) {
++            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
++          }
++          else {
++            Kill(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-          queryflag = -1;
++            queryflag = -1;
++          }
+         }
+         break;
+       case MSG_COMMAND:
diff --git a/patches/screen-4.9.0/series b/patches/screen-4.9.0/series
index bf7060df3..11f49d58e 100644
--- a/patches/screen-4.9.0/series
+++ b/patches/screen-4.9.0/series
@@ -3,4 +3,5 @@
 0001-comm.h-now-depends-on-term.h.patch
 0002-comm.h-needed-for-list_-display-generic-.o.patch
 0003-suppress_remap.patch
-# 086ac9b43abed5bb61eef564f1ac00d9  - git-ptx-patches magic
+0004-fix-missing-signal-sending-permission-check-on-faile.patch
+# d9101cb0610499bee9be456b4dc83845  - git-ptx-patches magic
-- 
2.34.1