From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 16 May 2025 18:26:36 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uFxtM-006EMP-2R for lore@lore.pengutronix.de; Fri, 16 May 2025 18:26:36 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1uFxtM-0000X6-IQ; Fri, 16 May 2025 18:26:36 +0200 Received: from mail-db8eur05on2123.outbound.protection.outlook.com ([40.107.20.123] helo=EUR05-DB8-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1uFxt3-0000Uu-3B; Fri, 16 May 2025 18:26:18 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WrCY8SXmccuwgfZw/i+UqpOAga5GpDhPBzETc8AEhWJr+HQxhFV5R33LlTe69R9gQ/2ML67GVCl0bOVOm/lkIHvhwpOUT6Z+h5wSLmvSTwaIsCgY/7ZNuN+VZ6SvKxigWeRao+By2odka3Z4GH/YfCVS5TNdF2i6M4mQJ6HRi2wlPu7WhH7JmSPulNGb3B3vpY3Mdo/WPvKdbJ6h3ouczBEWdVn4kQ74ZXlLSvz75KMNzeahoMiBJxLjzP45CJ4u8FOGdfMhiY+aIgpL0hyTBCLz/WOBxC+RWihoTRG8ch4aE9volKd4rHf4IL+QjpGtgDVRhPPhIUhaVIzWCY36uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ns2Oucu16LY2Q3JIzrcohqn6jWL4bcYgGhc7lX+XIzI=; b=wmCS4omv88h5eOAXqjbUuVt62oqtLFU3VFkwguM6kHvKI5nLsGPNNb64RslSZ7PZzi2nMUPgqOvBtjYDxBUZyyczxA816xB2a0pn6guIQXfPgbtmngue+ERhMmU/9JJbb7tKiOaWTAtgF9IPsF3aVpcWUdQVl/FW8HjBvhCJW4TF3hK6s5Qp2OJ2n1SsyKzilfinmMkcmwyLaliOPouagMwWeQIT/VYcdzE5TQGQYQIPTrfg/lG7AZzcQLm54ZKLTCHnDX+9HP9GRD+03ruR/qSSUWuqcisMejwy52tZADoqOP5pYdqDCrZNI0YYcSAks0WyeScl9BpxA5dhIB3Xiw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ns2Oucu16LY2Q3JIzrcohqn6jWL4bcYgGhc7lX+XIzI=; b=IGjPbFAQX0sdXAFq81cDr1iZWTvf7+uionVjx8ZlI5ehUC8Z14rxCz+b4NHy+1t8c7QvPGtWupiag0zT62glSOJL6LLSmfBMfCTHROMyEMMvXeKxr2g6iqjVaCTp9x//KS5xC4QqFJ4OQnBrErfZbAYM3d6cU1kVa8YgCSvxN4Y= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by PAXP251MB0471.EURP251.PROD.OUTLOOK.COM (2603:10a6:102:280::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8722.33; Fri, 16 May 2025 16:26:14 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::fe8d:f825:5b29:2903]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::fe8d:f825:5b29:2903%4]) with mapi id 15.20.8722.027; Fri, 16 May 2025 16:26:14 +0000 Message-ID: <540fc678-972d-4604-aff5-fce6ae77cce7@t2data.com> Date: Fri, 16 May 2025 18:25:56 +0200 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Michael Olbrich References: <20250515173851.1147261-1-christian.melki@t2data.com> From: Christian Melki In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: GV2PEPF00007564.SWEP280.PROD.OUTLOOK.COM (2603:10a6:158:401::3fc) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|PAXP251MB0471:EE_ X-MS-Office365-Filtering-Correlation-Id: afe3a217-81d3-4681-2b24-08dd9496604e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016; X-Microsoft-Antispam-Message-Info: =?utf-8?B?aFU2UTlTSGFqakxVcXZ5bzUxcy9CMXZmcEZMc1ZaMm1zN3lsRmtWcXpsT21F?= =?utf-8?B?VGR5bkZpNkVGS2E2OHY5b3JmaDVqdVQ2RXZHRWxoOVlIMkdOaElBS0gxeWx5?= =?utf-8?B?REdrTFUwM1BKSDVrWXVwa1dkSE1uSUhDd1VQVVpjbkhnOUp0ZmoyaFNFZDZE?= =?utf-8?B?bFBlZC9wOFF6TDFCbHN3S3huaGF2YmUybURuL1dPYVBmdlRkRlU0TTY4cWlv?= =?utf-8?B?bnY5VE9PT2c1V3JhdWR3UVc4QXBwZlNxWkZudlZlZW5xUDdqYmxiamcwcXg4?= =?utf-8?B?alZKei9lakthS1B6eWRnTGxPN2Z6WnNlL1BZajNxb2hKRUZpZjdUZzJGZVRV?= =?utf-8?B?VS90MFZudkY5U1B5T05mVjFzTHdCcGFybXJ6RVM0aFozMndsc215c294dXNM?= =?utf-8?B?Wlg2WVFuVjBPSDJtTW5YWG5WM0FSN1YxQ1I0cXhZZ2NHU0plT0Q2M09mM1Fm?= =?utf-8?B?L3QzRzVVb2xYSmZTMG5GSmlLSk1uaFhPYWlBc1dzYjc1ajV2WVFmUTZQQlZY?= =?utf-8?B?ejVLc2szTnI3bzVzZXVqVy9nRG1OUVBLSll5aXVmZllOeC9IekFKamdUWG1Z?= =?utf-8?B?ckN5b1ZGVU1MTFA3NzBPUkRvZTZVZ2xkVkE5Q04waGp2Qmg1MGdVTkc3V3hy?= =?utf-8?B?Z1Q0WWM2dXN5WGdyUWZNVXFLUVh5WForU3U3M25XUjlYMkdOZlZPTk12cWRr?= =?utf-8?B?Um5CblpLK3pmWUdHWWE5NDlXL0FxVkhFYkJQSGRadkEzUEZuY0pXQ2gzb1dD?= =?utf-8?B?SlgvSUtmVENLdER1eVlUcmVvS1JKT3BzVDJCZHFWZks5cXFTdGQ3UkEyYVNo?= =?utf-8?B?UVRVQVBad3FBTHIvZzE2SXZkOEJvSTNJWDQwMDlkMk1aV3pVOSs5WURoWHRy?= =?utf-8?B?OWtKbjVwNHQvdUpsYVp3TklMUHdNczk2WjFneWJIMGZKVm5MNlExRUZQS1Bu?= =?utf-8?B?aVVqTkdiTnlNeDRlWWhqSWdKVlFFWXZuZC9DMHc4YmczVzAxVWVvVmt6cHlI?= =?utf-8?B?VDVsQXlxbUJ6aVNuMC9vOEg1V1lNaElNTnc3NGI4dmdUU0tiQlBSdEpDd002?= =?utf-8?B?YWtHQmw5UDAzVW16bVZCVldPQ2xwVGZLdE5xdzdqV0F3OXZoUDJSdnl3SHV2?= =?utf-8?B?SjNHcWhLQTFWMUl4MGpUbEx1My9uUC9IdlRpU0k1aWpDWUR0Q2IvWlNLQXZV?= =?utf-8?B?Wm45SFlFWGpGUC9yZStBZ0s3WUIrd1NNaW5VY3U3b1p1N2NJY0dScTBvNENP?= =?utf-8?B?OEF3NnlxQ0l4RmxWVHZXL3R4bnlzd1czRktia092ZVNNZlZ6VVc1c2NpYWRn?= =?utf-8?B?dy9wVXdERFI0RWQzWG5qSFUxKy9zM3VaNldKUXVDeUttRU5qenEzQjRCcWNo?= =?utf-8?B?UlZ5MlJDckYzVmhycWZxUERQZUdidDlHUUs0S2t2TXI4QzFvaWo0N0U0Um4w?= =?utf-8?B?MWp6bG1NaHdKM0taTDk4bjV4L0c2cGFpYmFGYi9xQ1poVm05MU1XbHRhZ2py?= =?utf-8?B?RjJYV2piTmpwd29iK01idmF3ZThiWlRsbkdxeGpUR2gwR1grTXNXdE84bUg3?= =?utf-8?B?c1NLb1o0RSs4YkUya3hrcmhXY3ljRTQrTzlYTlM4bFJRV3lwNkxkc0lHUFRk?= =?utf-8?B?bXdTYTZ6eW5xbzlCNHViUUdNcmhQRzZqbTN1K3RBKzVYKytoY2NEck0vdFNU?= =?utf-8?B?QUV0a0pCc2I4TEh4Wi9GL3hCYnJPTkwreFJSUDlTemZkZERGMHYwK0g1dVZh?= =?utf-8?B?TlJ4SEloM0JnQnZiaS9PYWFlNmN2VGt1S2grTGU5bjN4ZUFublZKNktsY1Va?= =?utf-8?Q?Z0/ETf5EtDq3wlDwJZAcexEGzIQmQyaN7Wtzs=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(376014)(366016); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NWo1RlpqaU9mUC91RndrQjVtaWNacUUrbCt1OW80TUNkOHgwTGQ1UXZjK3o5?= =?utf-8?B?TWtzakdFSXg2eDNYb28xcjVvY2p6M1BHR0JiWUZjRUQ5N0dacjhkbVowekll?= =?utf-8?B?RTdMUHpKdHFpZkRENEhZYWpDV0RzbHhicmdFS3FjMDRxY05MUzcvN1BSV05E?= =?utf-8?B?M1JQRml2T3JuTGhXQlE4dklXOGFPZTNySzY5eHVHTllYQTFkTUl5TC9MTkhr?= =?utf-8?B?elRvcjZQZGhNNWxDdmxCd0pnNktPVmdZSkw1VDhmL1FDcVd0SGNNNTFmU01k?= =?utf-8?B?SnhXeTJTcWVxNHp1alZnMXRvWEdvQWc4RlRwbW5Ebmx2RGZSaGlCUDNERThx?= =?utf-8?B?QjZ5TnhVTHBTa1I1eHkycWRpTmZJZ1hkN1NIMXN0WFZGS3IyeFhQU2ZxYjd2?= =?utf-8?B?MTJnRTJMcXVRcm1LaUd4bHpwWko0bm9pTTFQMHdJMnRubzcweUpIVjFNNjRt?= =?utf-8?B?dEx4aHJDK2IzS2pQdmdKTmNXb0hvaWMvNEYxVk92QlA1dkJ2Y2tpRzYyQVdF?= =?utf-8?B?N3JpTVEyWjJDdjFOTXRvR283R3lRcDk2bTRxd2tUcmRsRmQ4STV5QmQ3Z2VC?= =?utf-8?B?QkhPNFlCM2N0SjZvUDVheGFQQmhaQjgzTC9YUjZrVURlQTBuckozMzl6b3ZP?= =?utf-8?B?SjdQZXcyYmFIYUdWb2Zjd1dQUSt3NDc2MHV1L2NXRDVJYVlaeUtxNVdlMXY4?= =?utf-8?B?SEk4RVpJSzU0QXU2Z01mZDlzUmZKVzNBQjVFSEFQWWJmMTUybmI4WWdwaVpx?= =?utf-8?B?OXdzV09PSXhOdDBnWlNmZGtCT1BTRTdyYTJMMjMxWUtnbWFsZ0V4ODM1aGJq?= =?utf-8?B?a2dibjZyUDFsL2RGSWtyajAwenBkZUdmOUJZMGlBN2VtOER2NUdaN0ljK0ta?= =?utf-8?B?cVVDODJuNkV4enJ1UEVYQjJYcHVPa3dOSVFhaHllMWdhVi81WU53WUVJeU9V?= =?utf-8?B?Y3h4cHl4VGt0UXRMOGNpU1EzMUlacGhWa0dIY25mWkpNTVExY0tqbFpNc0g3?= =?utf-8?B?Tk9aMVRYMG5pZVBxeWpUWmtyMllPYnlwc1pGTmNqalRhaHRud3c4YkNaYnpB?= =?utf-8?B?eWNuMTlBNXU5UkhjZS9WdFo5NDFYeGVydXVnL3BUdldMbktBZjM0OW9jbXh0?= =?utf-8?B?aWF1dDhMMVQ3empSUGN1WjlGcCt6K0NFS29EZXgzZ0pXdWRKckNZaUx6UWJC?= =?utf-8?B?OU1WcFQ0dUx2bXdSWXVzWjMrcWd6SFd5R1dWc1dIMzArTHd2VVYyM0ZTYkw1?= =?utf-8?B?aW9GTmZpVGJtVlVpa0c0aXFNcy9MQUl3VWlMQjZBZUFaNXJJeXk1SWVia2pO?= =?utf-8?B?bFpsZHRKNkhKWWJxUVpGL1NCSEVObjhFREsrTytyQjdFY3NMcTQ0RTRMZEQy?= =?utf-8?B?ak0rdGJPY2VpYm5INzFCQ0JRL2ZXK3RkalY0Z0dxY3ROV3BTYmlaaVVDeklV?= =?utf-8?B?amVTNVV4ak1YekxnNWdBY3J6MXphbGx0S25kSk5TallPelBieFFGWUdtODY5?= =?utf-8?B?ZERuamxvTVBFVnFBUmM0SVhHbXI2azJ6NjU5bUxSTGlpdU5sOFV2UmtINC80?= =?utf-8?B?YlVRWDB0SXdlZjk2MDhCYW12bldqaC8vMkNuTGpCTUNoWkZ5VXVvaFhRVjNJ?= =?utf-8?B?UWhzQW9rVWI0eElaN0ZtYXFzOWxnbkxIRnVveVo4Z3p0d3RYa29MN256SmpK?= =?utf-8?B?VWgvUXdxeUpqWDN4RWFVMHlaTnVaRlBPdk1Zd3gveTJKSTEyMTQ0Y3dpQ3Ey?= =?utf-8?B?dmFxM3ZxeUpHbEFOb2N2OVJHWk85SnFyNml1TWwrTFNJZTBFLzRBTDdpOHdL?= =?utf-8?B?WUdxdnBSR2tLeFYrQ3R5Q0wvbURtUnhSMytOWWlLc3FxVjBqcW1qdXFlaTlh?= =?utf-8?B?eTJySG00a0htby9aSDlneFpxeUp1Qis2MlZQZkprUUdpN0swdUZNOXZKV2wz?= =?utf-8?B?MFUxUmEwUXIxSGtmVVlzK3NNOCtWZ3JWQTljT0R5QU5BYlphaGpQTVNpeG4v?= =?utf-8?B?SzNEeGxEdWd3NFZCbFQwOGV1cFlxYWZPd1JjeEpGYytVYWw2U21BS01nRGE4?= =?utf-8?B?MTU5K2xJcVZFTUtMZ1c0Z3pYSXNTVjBxWUM1UnY1N2R2SVFCTWNsQjZoeFA4?= =?utf-8?B?cmROb0JlSDV4c1ZHQlBPVkVkVEd6S1ZTRXZzNy90amw0LzBiUjBZVWZXWUgx?= =?utf-8?B?OUE9PQ==?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: afe3a217-81d3-4681-2b24-08dd9496604e X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2025 16:26:14.0870 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9PiRv3WDrzE+c6EuYui4HpzG5qj0AZZ/sksoMsqXAmtOI0AUafnj1Gpo96+jcemTkHCPrex5yIeog3YF8xDla+hAx0eodXw6iHRMkL7M+iE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXP251MB0471 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH] screen: Version bump. 5.0.0 -> 5.0.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de, christian.melki@t2data.com Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Hi Michael. Yeah. Looks like release mishaps. They didn't release the tarball for +72h after the announcement. And it seems that the first one (the one I sent) was botched. You can see the my (and others) complaint in these threads: https://www.phoronix.com/forums/forum/software/general-linux-open-source/1546098-gnu-screen-5-0-1-released-due-to-several-security-vulnerabilities/page2 https://lists.gnu.org/archive/html/screen-devel/2025-05/msg00018.html At this point I'd just update the md5 since they reused the same version number. Do you want me to send a new one? Regards, Christian On 5/16/25 9:46 AM, Michael Olbrich wrote: > On Thu, May 15, 2025 at 07:38:51PM +0200, Christian Melki wrote: >> Security and other fixes. >> https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html >> >> Security fixes: >> CVE-2025-46805: do NOT send signals with root privileges >> CVE-2025-46804: avoid file existence test information leaks >> CVE-2025-46803: apply safe PTY default mode of 0620 >> CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher >> CVE-2025-23395: reintroduce lf_secreopen() for logfile >> >> * Forward patchset, applies cleanly. >> >> Signed-off-by: Christian Melki >> --- >> .../{screen-5.0.0 => screen-5.0.1}/0001-suppress_remap.patch | 0 >> patches/{screen-5.0.0 => screen-5.0.1}/autogen.sh | 0 >> patches/{screen-5.0.0 => screen-5.0.1}/series | 0 >> rules/screen.make | 4 ++-- >> 4 files changed, 2 insertions(+), 2 deletions(-) >> rename patches/{screen-5.0.0 => screen-5.0.1}/0001-suppress_remap.patch (100%) >> rename patches/{screen-5.0.0 => screen-5.0.1}/autogen.sh (100%) >> rename patches/{screen-5.0.0 => screen-5.0.1}/series (100%) >> >> diff --git a/patches/screen-5.0.0/0001-suppress_remap.patch b/patches/screen-5.0.1/0001-suppress_remap.patch >> similarity index 100% >> rename from patches/screen-5.0.0/0001-suppress_remap.patch >> rename to patches/screen-5.0.1/0001-suppress_remap.patch >> diff --git a/patches/screen-5.0.0/autogen.sh b/patches/screen-5.0.1/autogen.sh >> similarity index 100% >> rename from patches/screen-5.0.0/autogen.sh >> rename to patches/screen-5.0.1/autogen.sh >> diff --git a/patches/screen-5.0.0/series b/patches/screen-5.0.1/series >> similarity index 100% >> rename from patches/screen-5.0.0/series >> rename to patches/screen-5.0.1/series >> diff --git a/rules/screen.make b/rules/screen.make >> index 1bac9b8b8..69a65a9b8 100644 >> --- a/rules/screen.make >> +++ b/rules/screen.make >> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) += screen >> # >> # Paths and names >> # >> -SCREEN_VERSION := 5.0.0 >> -SCREEN_MD5 := befc115989242ed4bceeff8d8bfeb4e6 >> +SCREEN_VERSION := 5.0.1 >> +SCREEN_MD5 := 4306c5446abd48b7899a211c4d0456b2 > > Hmm, I'm getting a different md5 here. Can you check what is going on here? > > Michael > >> SCREEN := screen-$(SCREEN_VERSION) >> SCREEN_SUFFIX := tar.gz >> SCREEN_URL := $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_SUFFIX)) >> -- >> 2.34.1 >> >> >> >