From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 16 May 2025 19:55:53 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uFzHl-006FfT-2E for lore@lore.pengutronix.de; Fri, 16 May 2025 19:55:53 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uFzHl-0005RP-G5; Fri, 16 May 2025 19:55:53 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1uFzHV-0005RE-Pq; Fri, 16 May 2025 19:55:37 +0200 Received: from pty.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::c5]) by drehscheibe.grey.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uFzHU-0034hf-3D; Fri, 16 May 2025 19:55:37 +0200 Received: from mol by pty.whiteo.stw.pengutronix.de with local (Exim 4.96) (envelope-from ) id 1uFzHV-008ZLV-13; Fri, 16 May 2025 19:55:37 +0200 Date: Fri, 16 May 2025 19:55:37 +0200 From: Michael Olbrich To: Christian Melki Message-ID: <20250516175537.GD1537051@pengutronix.de> Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20250515173851.1147261-1-christian.melki@t2data.com> <540fc678-972d-4604-aff5-fce6ae77cce7@t2data.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <540fc678-972d-4604-aff5-fce6ae77cce7@t2data.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-IRC: #ptxdist @freenode Subject: Re: [ptxdist] [PATCH] screen: Version bump. 5.0.0 -> 5.0.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false On Fri, May 16, 2025 at 06:25:56PM +0200, Christian Melki wrote: > Hi Michael. > > Yeah. Looks like release mishaps. > They didn't release the tarball for +72h after the announcement. > And it seems that the first one (the one I sent) was botched. > You can see the my (and others) complaint in these threads: > > https://www.phoronix.com/forums/forum/software/general-linux-open-source/1546098-gnu-screen-5-0-1-released-due-to-several-security-vulnerabilities/page2 > > https://lists.gnu.org/archive/html/screen-devel/2025-05/msg00018.html > > At this point I'd just update the md5 since they reused the same version > number. Do you want me to send a new one? I'll modify the commit, not need to send a new version. Michael > Regards, > Christian > > > On 5/16/25 9:46 AM, Michael Olbrich wrote: > > On Thu, May 15, 2025 at 07:38:51PM +0200, Christian Melki wrote: > >> Security and other fixes. > >> https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html > >> > >> Security fixes: > >> CVE-2025-46805: do NOT send signals with root privileges > >> CVE-2025-46804: avoid file existence test information leaks > >> CVE-2025-46803: apply safe PTY default mode of 0620 > >> CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher > >> CVE-2025-23395: reintroduce lf_secreopen() for logfile > >> > >> * Forward patchset, applies cleanly. > >> > >> Signed-off-by: Christian Melki > >> --- > >> .../{screen-5.0.0 => screen-5.0.1}/0001-suppress_remap.patch | 0 > >> patches/{screen-5.0.0 => screen-5.0.1}/autogen.sh | 0 > >> patches/{screen-5.0.0 => screen-5.0.1}/series | 0 > >> rules/screen.make | 4 ++-- > >> 4 files changed, 2 insertions(+), 2 deletions(-) > >> rename patches/{screen-5.0.0 => screen-5.0.1}/0001-suppress_remap.patch (100%) > >> rename patches/{screen-5.0.0 => screen-5.0.1}/autogen.sh (100%) > >> rename patches/{screen-5.0.0 => screen-5.0.1}/series (100%) > >> > >> diff --git a/patches/screen-5.0.0/0001-suppress_remap.patch b/patches/screen-5.0.1/0001-suppress_remap.patch > >> similarity index 100% > >> rename from patches/screen-5.0.0/0001-suppress_remap.patch > >> rename to patches/screen-5.0.1/0001-suppress_remap.patch > >> diff --git a/patches/screen-5.0.0/autogen.sh b/patches/screen-5.0.1/autogen.sh > >> similarity index 100% > >> rename from patches/screen-5.0.0/autogen.sh > >> rename to patches/screen-5.0.1/autogen.sh > >> diff --git a/patches/screen-5.0.0/series b/patches/screen-5.0.1/series > >> similarity index 100% > >> rename from patches/screen-5.0.0/series > >> rename to patches/screen-5.0.1/series > >> diff --git a/rules/screen.make b/rules/screen.make > >> index 1bac9b8b8..69a65a9b8 100644 > >> --- a/rules/screen.make > >> +++ b/rules/screen.make > >> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) += screen > >> # > >> # Paths and names > >> # > >> -SCREEN_VERSION := 5.0.0 > >> -SCREEN_MD5 := befc115989242ed4bceeff8d8bfeb4e6 > >> +SCREEN_VERSION := 5.0.1 > >> +SCREEN_MD5 := 4306c5446abd48b7899a211c4d0456b2 > > > > Hmm, I'm getting a different md5 here. Can you check what is going on here? > > > > Michael > > > >> SCREEN := screen-$(SCREEN_VERSION) > >> SCREEN_SUFFIX := tar.gz > >> SCREEN_URL := $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_SUFFIX)) > >> -- > >> 2.34.1 > >> > >> > >> > > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |