From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 06 Jan 2022 11:55:56 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n5QR2-00CjFU-3i for lore@lore.pengutronix.de; Thu, 06 Jan 2022 11:55:56 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1n5QR1-0005ZR-7d; Thu, 06 Jan 2022 11:55:55 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1n5QQj-0005Z4-EL; Thu, 06 Jan 2022 11:55:37 +0100 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1n5QQj-008lXo-7n; Thu, 06 Jan 2022 11:55:36 +0100 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1n5QQh-006hmQ-I9; Thu, 06 Jan 2022 11:55:35 +0100 Date: Thu, 6 Jan 2022 11:55:35 +0100 From: Michael Olbrich To: Christian Melki Message-ID: Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20211222130304.2549154-1-christian.melki@t2data.com> <20211222130304.2549154-18-christian.melki@t2data.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20211222130304.2549154-18-christian.melki@t2data.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH] screen: Version bump 4.5.0 -> 4.8.0 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Wed, Dec 22, 2021 at 02:02:59PM +0100, Christian Melki wrote: > Package maintenance. > Fixes CVE-2021-26937, CVE-2020-9366, CVE-2017-5618 There are several old patches. Some are cross-compile fixes, others are imported from Debian. I think some of them solve the same problem as your patches. Where are yours from? This whole thing needs some cleanup. I think you can ignore the Debian patches. I can sort that out afterwards. Also, if configure.ac is modified, then a autogen.sh link is needed. Michael > Signed-off-by: Christian Melki > --- > .../0001-no-memcpy-fallback.patch | 126 ++++++++++++++++ > .../0002-install-no-backup-binary.patch | 41 +++++ > .../0003-install-always-chmod.patch | 29 ++++ > .../0004-install-nonversioned-binary.patch | 31 ++++ > .../screen-4.8.0/0005-rename-sched_h.patch | 142 ++++++++++++++++++ > .../0006-comm-h-now-depends-on-term-h.patch | 28 ++++ > ...-needed-for-list_-display-generic-.o.patch | 35 +++++ > .../screen-4.8.0/0008-CVE-2021-26937.patch | 68 +++++++++ > patches/screen-4.8.0/series | 9 ++ > rules/screen.make | 4 +- > 10 files changed, 511 insertions(+), 2 deletions(-) > create mode 100644 patches/screen-4.8.0/0001-no-memcpy-fallback.patch > create mode 100644 patches/screen-4.8.0/0002-install-no-backup-binary.pa= tch > create mode 100644 patches/screen-4.8.0/0003-install-always-chmod.patch > create mode 100644 patches/screen-4.8.0/0004-install-nonversioned-binary= .patch > create mode 100644 patches/screen-4.8.0/0005-rename-sched_h.patch > create mode 100644 patches/screen-4.8.0/0006-comm-h-now-depends-on-term-= h.patch > create mode 100644 patches/screen-4.8.0/0007-comm.h-needed-for-list_-dis= play-generic-.o.patch > create mode 100644 patches/screen-4.8.0/0008-CVE-2021-26937.patch > create mode 100644 patches/screen-4.8.0/series > = > diff --git a/patches/screen-4.8.0/0001-no-memcpy-fallback.patch b/patches= /screen-4.8.0/0001-no-memcpy-fallback.patch > new file mode 100644 > index 000000000..213790719 > --- /dev/null > +++ b/patches/screen-4.8.0/0001-no-memcpy-fallback.patch > @@ -0,0 +1,126 @@ > +From: Maarten ter Huurne > +Date: Sat, 13 Sep 2014 11:37:59 +0200 > +Subject: Do not use memcpy as an alternative for bcopy/memmove > + > +The configure script runs a small test program to check whether > +memcpy can handle overlapping memory areas. However, it is not valid > +to conclude that if a single case of overlapping memory is handled > +correctly, all cases will be handled correctly. > + > +Since screen already has its own bcopy implementation as a fallback > +for the case that bcopy and memmove are unusable, removing the memcpy > +option should not break any systems. > + > +Signed-off-by: Maarten ter Huurne > +[Ricardo: rebase on top of 4.3.1] > +Signed-off-by: Ricardo Martincoski > +[Bernd: rebase on top of 4.7.0] > +Signed-off-by: Bernd Kuhls > +--- > + acconfig.h | 3 +-- > + configure.ac | 18 +----------------- > + os.h | 8 ++------ > + osdef.h.in | 10 +--------- > + 4 files changed, 5 insertions(+), 34 deletions(-) > + > +diff --git a/acconfig.h b/acconfig.h > +index 2e46985..9b0b9d4 100644 > +--- a/acconfig.h > ++++ b/acconfig.h > +@@ -476,7 +476,7 @@ > + #undef GETTTYENT > + = > + /* > +- * Define USEBCOPY if the bcopy/memcpy from your system's C library > ++ * Define USEBCOPY if the bcopy from your system's C library > + * supports the overlapping of source and destination blocks. When > + * undefined, screen uses its own (probably slower) version of bcopy(). > + * = > +@@ -487,7 +487,6 @@ > + * Their memove fails the test in the configure script. Sigh. (Juergen) > + */ > + #undef USEBCOPY > +-#undef USEMEMCPY > + #undef USEMEMMOVE > + = > + /* > +diff --git a/configure.ac b/configure.ac > +index 27690a6..b8e3bec 100644 > +--- a/configure.ac > ++++ b/configure.ac > +@@ -1145,7 +1145,7 @@ AC_TRY_LINK(,[getttyent();], AC_DEFINE(GETTTYENT)) > + AC_CHECKING(fdwalk) > + AC_TRY_LINK([#include ], [fdwalk(NULL, NULL);],AC_DEFINE(HAVE= _FDWALK)) > + = > +-AC_CHECKING(whether memcpy/memmove/bcopy handles overlapping arguments) > ++AC_CHECKING(whether memmove/bcopy handles overlapping arguments) > + AC_TRY_RUN([ > + main() { > + char buf[10]; > +@@ -1175,22 +1175,6 @@ main() { > + exit(0); /* libc version works properly. */ > + }], AC_DEFINE(USEMEMMOVE)) > + = > +- > +-AC_TRY_RUN([ > +-#define bcopy(s,d,l) memcpy(d,s,l) > +-main() { > +- char buf[10]; > +- strcpy(buf, "abcdefghi"); > +- bcopy(buf, buf + 2, 3); > +- if (strncmp(buf, "ababcf", 6)) > +- exit(1); > +- strcpy(buf, "abcdefghi"); > +- bcopy(buf + 2, buf, 3); > +- if (strncmp(buf, "cdedef", 6)) > +- exit(1); > +- exit(0); /* libc version works properly. */ > +-}], AC_DEFINE(USEMEMCPY),,:) > +- > + AC_SYS_LONG_FILE_NAMES > + = > + AC_MSG_CHECKING(for vsprintf) > +diff --git a/os.h b/os.h > +index e827ac9..0b41fb9 100644 > +--- a/os.h > ++++ b/os.h > +@@ -142,12 +142,8 @@ extern int errno; > + # ifdef USEMEMMOVE > + # define bcopy(s,d,len) memmove(d,s,len) > + # else > +-# ifdef USEMEMCPY > +-# define bcopy(s,d,len) memcpy(d,s,len) > +-# else > +-# define NEED_OWN_BCOPY > +-# define bcopy xbcopy > +-# endif > ++# define NEED_OWN_BCOPY > ++# define bcopy xbcopy > + # endif > + #endif > + = > +diff --git a/osdef.h.in b/osdef.h.in > +index 8687b60..e4057a0 100644 > +--- a/osdef.h.in > ++++ b/osdef.h.in > +@@ -58,16 +58,8 @@ extern int bcmp __P((char *, char *, int)); > + extern int killpg __P((int, int)); > + #endif > + = > +-#ifndef USEBCOPY > +-# ifdef USEMEMCPY > +-extern void memcpy __P((char *, char *, int)); > +-# else > +-# ifdef USEMEMMOVE > ++#if defined(USEMEMMOVE) && !defined(USEBCOPY) > + extern void memmove __P((char *, char *, int)); > +-# else > +-extern void bcopy __P((char *, char *, int)); > +-# endif > +-# endif > + #else > + extern void bcopy __P((char *, char *, int)); > + #endif > +-- = > +1.8.4.5 > + > diff --git a/patches/screen-4.8.0/0002-install-no-backup-binary.patch b/p= atches/screen-4.8.0/0002-install-no-backup-binary.patch > new file mode 100644 > index 000000000..7842662b5 > --- /dev/null > +++ b/patches/screen-4.8.0/0002-install-no-backup-binary.patch > @@ -0,0 +1,41 @@ > +From: Maarten ter Huurne > +Date: Sun, 14 Sep 2014 23:58:34 +0200 > +Subject: Do not create backup of old installed binary > + > +This is a rather unusual feature that packagers will not expect. > + > +Signed-off-by: Maarten ter Huurne > +[baruch: update for 4.6.2] > +Signed-off-by: Baruch Siach > +--- > + Makefile.in | 4 ---- > + 1 file changed, 4 deletions(-) > + > +diff --git a/Makefile.in b/Makefile.in > +index 187a69b..65549e9 100644 > +--- a/Makefile.in > ++++ b/Makefile.in > +@@ -83,12 +83,9 @@ screen: $(OFILES) > + $(OPTIONS) $(CFLAGS) $< > + = > + install_bin: .version screen installdirs > +- -if [ -f $(DESTDIR)$(bindir)/$(SCREEN) ] && [ ! -f $(DESTDIR)$(bindir)= /$(SCREEN).old ]; \ > +- then mv $(DESTDIR)$(bindir)/$(SCREEN) $(DESTDIR)$(bindir)/$(SCREEN).o= ld; fi > + $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN) > + -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bi= ndir)/$(SCREEN) > + # This doesn't work if $(bindir)/screen is a symlink > +- -if [ -f $(DESTDIR)$(bindir)/screen ] && [ ! -f $(DESTDIR)$(bindir)/sc= reen.old ]; then mv $(DESTDIR)$(bindir)/screen $(DESTDIR)$(bindir)/screen.o= ld; fi > + rm -f $(DESTDIR)$(bindir)/screen > + (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen) > + cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS) > +@@ -113,7 +110,6 @@ installdirs: > + uninstall: .version > + rm -f $(DESTDIR)$(bindir)/$(SCREEN) > + rm -f $(DESTDIR)$(bindir)/screen > +- -mv $(DESTDIR)$(bindir)/screen.old $(DESTDIR)$(bindir)/screen > + rm -f $(DESTDIR)$(ETCSCREENRC) > + cd doc; $(MAKE) uninstall > + = > +-- = > +1.8.4.5 > + > diff --git a/patches/screen-4.8.0/0003-install-always-chmod.patch b/patch= es/screen-4.8.0/0003-install-always-chmod.patch > new file mode 100644 > index 000000000..0aa7690b0 > --- /dev/null > +++ b/patches/screen-4.8.0/0003-install-always-chmod.patch > @@ -0,0 +1,29 @@ > +From: Maarten ter Huurne > +Date: Mon, 15 Sep 2014 00:03:05 +0200 > +Subject: Change binary permission flags even if chown fails > + > +Typically when creating a package, the build is not run as root, so > +the chown will fail. But the chmod can still be done. > + > +Signed-off-by: Maarten ter Huurne > +--- > + Makefile.in | 3 ++- > + 1 file changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/Makefile.in b/Makefile.in > +index 65549e9..3c12fdb 100644 > +--- a/Makefile.in > ++++ b/Makefile.in > +@@ -84,7 +84,8 @@ screen: $(OFILES) > + = > + install_bin: .version screen > + $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN) > +- -chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bi= ndir)/$(SCREEN) > ++ -chown root $(DESTDIR)$(bindir)/$(SCREEN) > ++ -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN) > + # This doesn't work if $(bindir)/screen is a symlink > + rm -f $(DESTDIR)$(bindir)/screen > + (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen) > +-- = > +1.8.4.5 > + > diff --git a/patches/screen-4.8.0/0004-install-nonversioned-binary.patch = b/patches/screen-4.8.0/0004-install-nonversioned-binary.patch > new file mode 100644 > index 000000000..ecbbd6519 > --- /dev/null > +++ b/patches/screen-4.8.0/0004-install-nonversioned-binary.patch > @@ -0,0 +1,31 @@ > +From: Maarten ter Huurne > +Date: Mon, 15 Sep 2014 00:06:20 +0200 > +Subject: Support overriding SCREEN to get a non-versioned binary > + > +If a packager runs "make install SCREEN=3Dscreen", do not create > +"screen" as a symlink to itself. > + > +Signed-off-by: Maarten ter Huurne > +--- > + Makefile.in | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/Makefile.in b/Makefile.in > +index 3c12fdb..860f351 100644 > +--- a/Makefile.in > ++++ b/Makefile.in > +@@ -86,9 +86,11 @@ install_bin: .version screen > + $(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN) > + -chown root $(DESTDIR)$(bindir)/$(SCREEN) > + -chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN) > ++ifneq (${SCREEN},screen) > + # This doesn't work if $(bindir)/screen is a symlink > + rm -f $(DESTDIR)$(bindir)/screen > + (cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen) > ++endif > + cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS) > + = > + #######################################################################= ######## > +-- = > +1.8.4.5 > + > diff --git a/patches/screen-4.8.0/0005-rename-sched_h.patch b/patches/scr= een-4.8.0/0005-rename-sched_h.patch > new file mode 100644 > index 000000000..9b29b76e0 > --- /dev/null > +++ b/patches/screen-4.8.0/0005-rename-sched_h.patch > @@ -0,0 +1,142 @@ > +From: Maarten ter Huurne > +Date: Mon, 15 Sep 2014 00:24:41 +0200 > +Subject: Renamed sched.h to eventqueue.h > + > +There is a system header that got shadowed by "sched.h". > +While Screen itself doesn't include , other system headers > +might include it indirectly. This broke the build when using uClibc > +with pthread support. > + > +Signed-off-by: Maarten ter Huurne > +--- > + eventqueue.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ > + sched.h | 48 ------------------------------------------------ > + screen.h | 2 +- > + 3 files changed, 49 insertions(+), 49 deletions(-) > + create mode 100644 eventqueue.h > + delete mode 100644 sched.h > + > +diff --git a/eventqueue.h b/eventqueue.h > +new file mode 100644 > +index 0000000..fdc3fc4 > +--- /dev/null > ++++ b/eventqueue.h > +@@ -0,0 +1,48 @@ > ++/* Copyright (c) 2008, 2009 > ++ * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > ++ * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de) > ++ * Micah Cowan (micah@cowan.name) > ++ * Sadrul Habib Chowdhury (sadrul@users.sourceforge.net) > ++ * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007 > ++ * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > ++ * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de) > ++ * Copyright (c) 1987 Oliver Laumann > ++ * > ++ * This program is free software; you can redistribute it and/or modify > ++ * it under the terms of the GNU General Public License as published by > ++ * the Free Software Foundation; either version 3, or (at your option) > ++ * any later version. > ++ * > ++ * This program is distributed in the hope that it will be useful, > ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of > ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > ++ * GNU General Public License for more details. > ++ * > ++ * You should have received a copy of the GNU General Public License > ++ * along with this program (see the file COPYING); if not, see > ++ * https://www.gnu.org/licenses/, or contact Free Software Foundation, = Inc., > ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA > ++ * > ++ **************************************************************** > ++ * $Id$ GNU > ++ */ > ++ > ++struct event > ++{ > ++ struct event *next; > ++ void (*handler) __P((struct event *, char *)); > ++ char *data; > ++ int fd; > ++ int type; > ++ int pri; > ++ struct timeval timeout; > ++ int queued; /* in evs queue */ > ++ int active; /* in fdset */ > ++ int *condpos; /* only active if condpos - condneg > 0 */ > ++ int *condneg; > ++}; > ++ > ++#define EV_TIMEOUT 0 > ++#define EV_READ 1 > ++#define EV_WRITE 2 > ++#define EV_ALWAYS 3 > +diff --git a/sched.h b/sched.h > +deleted file mode 100644 > +index fdc3fc4..0000000 > +--- a/sched.h > ++++ /dev/null > +@@ -1,48 +0,0 @@ > +-/* Copyright (c) 2008, 2009 > +- * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > +- * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de) > +- * Micah Cowan (micah@cowan.name) > +- * Sadrul Habib Chowdhury (sadrul@users.sourceforge.net) > +- * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007 > +- * Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de) > +- * Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de) > +- * Copyright (c) 1987 Oliver Laumann > +- * > +- * This program is free software; you can redistribute it and/or modify > +- * it under the terms of the GNU General Public License as published by > +- * the Free Software Foundation; either version 3, or (at your option) > +- * any later version. > +- * > +- * This program is distributed in the hope that it will be useful, > +- * but WITHOUT ANY WARRANTY; without even the implied warranty of > +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +- * GNU General Public License for more details. > +- * > +- * You should have received a copy of the GNU General Public License > +- * along with this program (see the file COPYING); if not, see > +- * https://www.gnu.org/licenses/, or contact Free Software Foundation, = Inc., > +- * 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA > +- * > +- **************************************************************** > +- * $Id$ GNU > +- */ > +- > +-struct event > +-{ > +- struct event *next; > +- void (*handler) __P((struct event *, char *)); > +- char *data; > +- int fd; > +- int type; > +- int pri; > +- struct timeval timeout; > +- int queued; /* in evs queue */ > +- int active; /* in fdset */ > +- int *condpos; /* only active if condpos - condneg > 0 */ > +- int *condneg; > +-}; > +- > +-#define EV_TIMEOUT 0 > +-#define EV_READ 1 > +-#define EV_WRITE 2 > +-#define EV_ALWAYS 3 > +diff --git a/screen.h b/screen.h > +index 603ca3f..34238c8 100644 > +--- a/screen.h > ++++ b/screen.h > +@@ -43,7 +43,7 @@ > + #include "osdef.h" > + = > + #include "ansi.h" > +-#include "sched.h" > ++#include "eventqueue.h" > + #include "acls.h" > + #include "comm.h" > + #include "layer.h" > +-- = > +1.8.4.5 > + > diff --git a/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch= b/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch > new file mode 100644 > index 000000000..6ff6f3da0 > --- /dev/null > +++ b/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch > @@ -0,0 +1,28 @@ > +From 39c5f1c76f1fcef4b5958bf828a63f53426b6984 Mon Sep 17 00:00:00 2001 > +From: Mike Gerwitz > +Date: Tue, 24 Dec 2013 22:16:31 -0500 > +Subject: comm.h now depends on term.h > + > +Signed-off-by: Fabrice Fontaine > +[Patch retrieved and updated from: > +http://git.savannah.gnu.org/cgit/screen.git/commit/?id=3D39c5f1c] > +--- > + src/Makefile.in | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/Makefile.in b/Makefile.in > +index e791e79..d4f7c0b 100644 > +--- a/Makefile.in > ++++ b/Makefile.in > +@@ -113,7 +113,7 @@ term.h: term.c term.sh > + = > + kmapdef.c: term.h > + = > +-comm.h: comm.c comm.sh config.h > ++comm.h: comm.c comm.sh config.h term.h > + AWK=3D$(AWK) CC=3D"$(CC) $(CFLAGS)" srcdir=3D${srcdir} sh $(srcdir)/co= mm.sh > + = > + docs: > +-- = > +cgit v1.0-41-gc330 > + > diff --git a/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-ge= neric-.o.patch b/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-= generic-.o.patch > new file mode 100644 > index 000000000..f406a1afa > --- /dev/null > +++ b/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-generic-.= o.patch > @@ -0,0 +1,35 @@ > +From b719314d201a3e9e1e57c65746a468c47bfc847f Mon Sep 17 00:00:00 2001 > +From: Fabrice Fontaine > +Date: Wed, 3 Oct 2018 22:29:32 +0200 > +Subject: [PATCH] comm.h needed for list_{display,generic}.o > + > +comm.h is needed to build list_display.o and list_generic.o otherwise > +parallel builds will sometimes fail > + > +Fixes: > + - http://autobuild.buildroot.org/results/43105f14857dbe72d8878fc7b3db67= f7bdca93cc > + - http://autobuild.buildroot.org/results/47f4ecbec1355285633df287fc9c4e= 7cccde9378 > + > +Signed-off-by: Fabrice Fontaine > +[Upstream status: https://savannah.gnu.org/bugs/index.php?54776] > +--- > + Makefile.in | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/Makefile.in b/Makefile.in > +index af5938b..e6d5247 100644 > +--- a/Makefile.in > ++++ b/Makefile.in > +@@ -265,7 +265,7 @@ braille.h > + viewport.o: layout.h viewport.h canvas.h viewport.c config.h screen.h o= s.h osdef.h ansi.h acls.h \ > + comm.h layer.h term.h image.h display.h window.h extern.h \ > + braille.h > +-list_generic.o: list_generic.h list_generic.c layer.h screen.h osdef.h > +-list_display.o: list_generic.h list_display.c layer.h screen.h osdef.h > ++list_generic.o: list_generic.h list_generic.c layer.h screen.h osdef.h = comm.h > ++list_display.o: list_generic.h list_display.c layer.h screen.h osdef.h = comm.h > + list_window.o: list_generic.h list_window.c window.h layer.h screen.h o= sdef.h comm.h > + = > +-- = > +2.17.1 > + > diff --git a/patches/screen-4.8.0/0008-CVE-2021-26937.patch b/patches/scr= een-4.8.0/0008-CVE-2021-26937.patch > new file mode 100644 > index 000000000..df7efa029 > --- /dev/null > +++ b/patches/screen-4.8.0/0008-CVE-2021-26937.patch > @@ -0,0 +1,68 @@ > +Description: [CVE-2021-26937] Fix out of bounds array access > +Author: Michael Schr=F6der > +Bug-Debian: https://bugs.debian.org/982435 > +Bug: https://savannah.gnu.org/bugs/?60030 > +Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.ht= ml > +Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09= /3 > +Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010= .html > + > +Downloaded from Debian: > +https://sources.debian.org/data/main/s/screen/4.8.0-5/debian/patches/99_= CVE-2021-26937.patch > + > +Signed-off-by: Peter Korsgaard > +--- a/encoding.c > ++++ b/encoding.c > +@@ -43,7 +43,7 @@ > + # ifdef UTF8 > + static int recode_char __P((int, int, int)); > + static int recode_char_to_encoding __P((int, int)); > +-static void comb_tofront __P((int, int)); > ++static void comb_tofront __P((int)); > + # ifdef DW_CHARS > + static int recode_char_dw __P((int, int *, int, int)); > + static int recode_char_dw_to_encoding __P((int, int *, int)); > +@@ -1263,6 +1263,8 @@ > + {0x30000, 0x3FFFD}, > + }; > + = > ++ if (c >=3D 0xdf00 && c <=3D 0xdfff) > ++ return 1; /* dw combining sequence */ > + return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1= )) || > + (cjkwidth && > + bisearch(c, ambiguous, > +@@ -1330,11 +1332,12 @@ > + } > + = > + static void > +-comb_tofront(root, i) > +-int root, i; > ++comb_tofront(i) > ++int i; > + { > + for (;;) > + { > ++ int root =3D i >=3D 0x700 ? 0x801 : 0x800; > + debug1("bring to front: %x\n", i); > + combchars[combchars[i]->prev]->next =3D combchars[i]->next; > + combchars[combchars[i]->next]->prev =3D combchars[i]->prev; > +@@ -1396,9 +1399,9 @@ > + { > + /* full, recycle old entry */ > + if (c1 >=3D 0xd800 && c1 < 0xe000) > +- comb_tofront(root, c1 - 0xd800); > ++ comb_tofront(c1 - 0xd800); > + i =3D combchars[root]->prev; > +- if (c1 =3D=3D i + 0xd800) > ++ if (i =3D=3D 0x800 || i =3D=3D 0x801 || c1 =3D=3D i + 0xd800) > + { > + /* completely full, can't recycle */ > + debug("utf8_handle_comp: completely full!\n"); > +@@ -1422,7 +1425,7 @@ > + mc->font =3D (i >> 8) + 0xd8; > + mc->fontx =3D 0; > + debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800); > +- comb_tofront(root, i); > ++ comb_tofront(i); > + } > + = > + #else /* !UTF8 */ > diff --git a/patches/screen-4.8.0/series b/patches/screen-4.8.0/series > new file mode 100644 > index 000000000..c72b2fd5f > --- /dev/null > +++ b/patches/screen-4.8.0/series > @@ -0,0 +1,9 @@ > +0001-no-memcpy-fallback.patch > +0002-install-no-backup-binary.patch > +0003-install-always-chmod.patch > +0004-install-nonversioned-binary.patch > +0005-rename-sched_h.patch > +0006-comm-h-now-depends-on-term-h.patch > +0007-comm.h-needed-for-list_-display-generic-.o.patch > +0008-CVE-2021-26937.patch > + > diff --git a/rules/screen.make b/rules/screen.make > index 39a96dae2..1087dfc9d 100644 > --- a/rules/screen.make > +++ b/rules/screen.make > @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) +=3D screen > # > # Paths and names > # > -SCREEN_VERSION :=3D 4.5.0 > -SCREEN_MD5 :=3D a32105a91359afab1a4349209a028e31 > +SCREEN_VERSION :=3D 4.8.0 > +SCREEN_MD5 :=3D d276213d3acd10339cd37848b8c4ab1e > SCREEN :=3D screen-$(SCREEN_VERSION) > SCREEN_SUFFIX :=3D tar.gz > SCREEN_URL :=3D $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_SUFFIX= )) > -- = > 2.30.2 > = > = > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request= @pengutronix.de -- = Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@p= engutronix.de