* [ptxdist] [PATCH] screen: Version bump. 4.9.0 -> 4.9.1
@ 2023-08-18 17:09 Christian Melki
2023-09-04 6:30 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2023-08-18 17:09 UTC (permalink / raw)
To: ptxdist
Bugfixes.
https://git.savannah.gnu.org/cgit/screen.git/log/?h=v.4.9.1
Plugs CVE:
CVE-2023-24626: Missed signal sending permission check on failed query messages
* Forward patchset, but remove the CVE patch, as it included in the release.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
...al-sending-permission-check-on-faile.patch | 33 -------------------
.../0001-comm.h-now-depends-on-term.h.patch | 2 +-
...-needed-for-list_-display-generic-.o.patch | 2 +-
.../0003-suppress_remap.patch | 0
.../{screen-4.9.0 => screen-4.9.1}/autogen.sh | 0
patches/{screen-4.9.0 => screen-4.9.1}/series | 3 +-
rules/screen.make | 4 +--
7 files changed, 5 insertions(+), 39 deletions(-)
delete mode 100644 patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
rename patches/{screen-4.9.0 => screen-4.9.1}/0001-comm.h-now-depends-on-term.h.patch (94%)
rename patches/{screen-4.9.0 => screen-4.9.1}/0002-comm.h-needed-for-list_-display-generic-.o.patch (97%)
rename patches/{screen-4.9.0 => screen-4.9.1}/0003-suppress_remap.patch (100%)
rename patches/{screen-4.9.0 => screen-4.9.1}/autogen.sh (100%)
rename patches/{screen-4.9.0 => screen-4.9.1}/series (58%)
diff --git a/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch b/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
deleted file mode 100644
index 1acd66a19..000000000
--- a/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From: Alexander Naumov <alexander_naumov@opensuse.org>
-Date: Mon, 30 Jan 2023 17:22:25 +0200
-Subject: [PATCH] fix: missing signal sending permission check on failed query
- messages
-
-Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
----
- socket.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/socket.c b/socket.c
-index bb68b35353b9..9d874457dfce 100644
---- a/socket.c
-+++ b/socket.c
-@@ -1285,11 +1285,16 @@ ReceiveMsg()
- else
- queryflag = -1;
-
-- Kill(m.m.command.apid,
-+ if (CheckPid(m.m.command.apid)) {
-+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
-+ }
-+ else {
-+ Kill(m.m.command.apid,
- (queryflag >= 0)
- ? SIGCONT
- : SIG_BYE); /* Send SIG_BYE if an error happened */
-- queryflag = -1;
-+ queryflag = -1;
-+ }
- }
- break;
- case MSG_COMMAND:
diff --git a/patches/screen-4.9.0/0001-comm.h-now-depends-on-term.h.patch b/patches/screen-4.9.1/0001-comm.h-now-depends-on-term.h.patch
similarity index 94%
rename from patches/screen-4.9.0/0001-comm.h-now-depends-on-term.h.patch
rename to patches/screen-4.9.1/0001-comm.h-now-depends-on-term.h.patch
index 6a6fbb867..6b364c26d 100644
--- a/patches/screen-4.9.0/0001-comm.h-now-depends-on-term.h.patch
+++ b/patches/screen-4.9.1/0001-comm.h-now-depends-on-term.h.patch
@@ -10,7 +10,7 @@ http://git.savannah.gnu.org/cgit/screen.git/commit/?id=39c5f1c]
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.in b/Makefile.in
-index 08b44d3a8cda..53a8c874fdae 100644
+index 26ec40450bdb..4bc364671904 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -133,7 +133,7 @@ kmapdef.c: term.h
diff --git a/patches/screen-4.9.0/0002-comm.h-needed-for-list_-display-generic-.o.patch b/patches/screen-4.9.1/0002-comm.h-needed-for-list_-display-generic-.o.patch
similarity index 97%
rename from patches/screen-4.9.0/0002-comm.h-needed-for-list_-display-generic-.o.patch
rename to patches/screen-4.9.1/0002-comm.h-needed-for-list_-display-generic-.o.patch
index 12e551a7d..f51639ef1 100644
--- a/patches/screen-4.9.0/0002-comm.h-needed-for-list_-display-generic-.o.patch
+++ b/patches/screen-4.9.1/0002-comm.h-needed-for-list_-display-generic-.o.patch
@@ -16,7 +16,7 @@ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile.in b/Makefile.in
-index 53a8c874fdae..398539feba41 100644
+index 4bc364671904..8bfcac6f8412 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -350,7 +350,7 @@ layout.o: layout.h viewport.h canvas.h layout.c config.h screen.h os.h osdef.h a
diff --git a/patches/screen-4.9.0/0003-suppress_remap.patch b/patches/screen-4.9.1/0003-suppress_remap.patch
similarity index 100%
rename from patches/screen-4.9.0/0003-suppress_remap.patch
rename to patches/screen-4.9.1/0003-suppress_remap.patch
diff --git a/patches/screen-4.9.0/autogen.sh b/patches/screen-4.9.1/autogen.sh
similarity index 100%
rename from patches/screen-4.9.0/autogen.sh
rename to patches/screen-4.9.1/autogen.sh
diff --git a/patches/screen-4.9.0/series b/patches/screen-4.9.1/series
similarity index 58%
rename from patches/screen-4.9.0/series
rename to patches/screen-4.9.1/series
index 11f49d58e..bf7060df3 100644
--- a/patches/screen-4.9.0/series
+++ b/patches/screen-4.9.1/series
@@ -3,5 +3,4 @@
0001-comm.h-now-depends-on-term.h.patch
0002-comm.h-needed-for-list_-display-generic-.o.patch
0003-suppress_remap.patch
-0004-fix-missing-signal-sending-permission-check-on-faile.patch
-# d9101cb0610499bee9be456b4dc83845 - git-ptx-patches magic
+# 086ac9b43abed5bb61eef564f1ac00d9 - git-ptx-patches magic
diff --git a/rules/screen.make b/rules/screen.make
index 385969525..d446b794a 100644
--- a/rules/screen.make
+++ b/rules/screen.make
@@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) += screen
#
# Paths and names
#
-SCREEN_VERSION := 4.9.0
-SCREEN_MD5 := b1ef8ed89134d335e614016634982b6d
+SCREEN_VERSION := 4.9.1
+SCREEN_MD5 := 9a9bdc956bd93e4f0cb9e48678889e26
SCREEN := screen-$(SCREEN_VERSION)
SCREEN_SUFFIX := tar.gz
SCREEN_URL := $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_SUFFIX))
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] screen: Version bump. 4.9.0 -> 4.9.1
2023-08-18 17:09 [ptxdist] [PATCH] screen: Version bump. 4.9.0 -> 4.9.1 Christian Melki
@ 2023-09-04 6:30 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2023-09-04 6:30 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 6d257e37c8e0b66663a838cefdcf6de84903c207.
Michael
[sent from post-receive hook]
On Mon, 04 Sep 2023 08:30:01 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Bugfixes.
> https://git.savannah.gnu.org/cgit/screen.git/log/?h=v.4.9.1
>
> Plugs CVE:
> CVE-2023-24626: Missed signal sending permission check on failed query messages
>
> * Forward patchset, but remove the CVE patch, as it included in the release.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20230818170939.2554224-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch b/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
> deleted file mode 100644
> index 1acd66a1902d..000000000000
> --- a/patches/screen-4.9.0/0004-fix-missing-signal-sending-permission-check-on-faile.patch
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -From: Alexander Naumov <alexander_naumov@opensuse.org>
> -Date: Mon, 30 Jan 2023 17:22:25 +0200
> -Subject: [PATCH] fix: missing signal sending permission check on failed query
> - messages
> -
> -Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
> ----
> - socket.c | 9 +++++++--
> - 1 file changed, 7 insertions(+), 2 deletions(-)
> -
> -diff --git a/socket.c b/socket.c
> -index bb68b35353b9..9d874457dfce 100644
> ---- a/socket.c
> -+++ b/socket.c
> -@@ -1285,11 +1285,16 @@ ReceiveMsg()
> - else
> - queryflag = -1;
> -
> -- Kill(m.m.command.apid,
> -+ if (CheckPid(m.m.command.apid)) {
> -+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
> -+ }
> -+ else {
> -+ Kill(m.m.command.apid,
> - (queryflag >= 0)
> - ? SIGCONT
> - : SIG_BYE); /* Send SIG_BYE if an error happened */
> -- queryflag = -1;
> -+ queryflag = -1;
> -+ }
> - }
> - break;
> - case MSG_COMMAND:
> diff --git a/patches/screen-4.9.0/0001-comm.h-now-depends-on-term.h.patch b/patches/screen-4.9.1/0001-comm.h-now-depends-on-term.h.patch
> similarity index 94%
> rename from patches/screen-4.9.0/0001-comm.h-now-depends-on-term.h.patch
> rename to patches/screen-4.9.1/0001-comm.h-now-depends-on-term.h.patch
> index 6a6fbb867282..6b364c26d1d6 100644
> --- a/patches/screen-4.9.0/0001-comm.h-now-depends-on-term.h.patch
> +++ b/patches/screen-4.9.1/0001-comm.h-now-depends-on-term.h.patch
> @@ -10,7 +10,7 @@ http://git.savannah.gnu.org/cgit/screen.git/commit/?id=39c5f1c]
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/Makefile.in b/Makefile.in
> -index 08b44d3a8cda..53a8c874fdae 100644
> +index 26ec40450bdb..4bc364671904 100644
> --- a/Makefile.in
> +++ b/Makefile.in
> @@ -133,7 +133,7 @@ kmapdef.c: term.h
> diff --git a/patches/screen-4.9.0/0002-comm.h-needed-for-list_-display-generic-.o.patch b/patches/screen-4.9.1/0002-comm.h-needed-for-list_-display-generic-.o.patch
> similarity index 97%
> rename from patches/screen-4.9.0/0002-comm.h-needed-for-list_-display-generic-.o.patch
> rename to patches/screen-4.9.1/0002-comm.h-needed-for-list_-display-generic-.o.patch
> index 12e551a7dd89..f51639ef1703 100644
> --- a/patches/screen-4.9.0/0002-comm.h-needed-for-list_-display-generic-.o.patch
> +++ b/patches/screen-4.9.1/0002-comm.h-needed-for-list_-display-generic-.o.patch
> @@ -16,7 +16,7 @@ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/Makefile.in b/Makefile.in
> -index 53a8c874fdae..398539feba41 100644
> +index 4bc364671904..8bfcac6f8412 100644
> --- a/Makefile.in
> +++ b/Makefile.in
> @@ -350,7 +350,7 @@ layout.o: layout.h viewport.h canvas.h layout.c config.h screen.h os.h osdef.h a
> diff --git a/patches/screen-4.9.0/0003-suppress_remap.patch b/patches/screen-4.9.1/0003-suppress_remap.patch
> similarity index 100%
> rename from patches/screen-4.9.0/0003-suppress_remap.patch
> rename to patches/screen-4.9.1/0003-suppress_remap.patch
> diff --git a/patches/screen-4.9.0/autogen.sh b/patches/screen-4.9.1/autogen.sh
> similarity index 100%
> rename from patches/screen-4.9.0/autogen.sh
> rename to patches/screen-4.9.1/autogen.sh
> diff --git a/patches/screen-4.9.0/series b/patches/screen-4.9.1/series
> similarity index 58%
> rename from patches/screen-4.9.0/series
> rename to patches/screen-4.9.1/series
> index 11f49d58ec56..bf7060df3881 100644
> --- a/patches/screen-4.9.0/series
> +++ b/patches/screen-4.9.1/series
> @@ -3,5 +3,4 @@
> 0001-comm.h-now-depends-on-term.h.patch
> 0002-comm.h-needed-for-list_-display-generic-.o.patch
> 0003-suppress_remap.patch
> -0004-fix-missing-signal-sending-permission-check-on-faile.patch
> -# d9101cb0610499bee9be456b4dc83845 - git-ptx-patches magic
> +# 086ac9b43abed5bb61eef564f1ac00d9 - git-ptx-patches magic
> diff --git a/rules/screen.make b/rules/screen.make
> index 385969525b00..d446b794a785 100644
> --- a/rules/screen.make
> +++ b/rules/screen.make
> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) += screen
> #
> # Paths and names
> #
> -SCREEN_VERSION := 4.9.0
> -SCREEN_MD5 := b1ef8ed89134d335e614016634982b6d
> +SCREEN_VERSION := 4.9.1
> +SCREEN_MD5 := 9a9bdc956bd93e4f0cb9e48678889e26
> SCREEN := screen-$(SCREEN_VERSION)
> SCREEN_SUFFIX := tar.gz
> SCREEN_URL := $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_SUFFIX))
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-09-04 6:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-18 17:09 [ptxdist] [PATCH] screen: Version bump. 4.9.0 -> 4.9.1 Christian Melki
2023-09-04 6:30 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox