Re: [ptxdist] [PATCH] screen: Version bump 4.5.0 -> 4.8.0

[Christian Melki <christian.melki@t2data.com>]

On 1/6/22 11:55 AM, Michael Olbrich wrote:
> On Wed, Dec 22, 2021 at 02:02:59PM +0100, Christian Melki wrote:
>> Package maintenance.
>> Fixes CVE-2021-26937, CVE-2020-9366, CVE-2017-5618
> 
> There are several old patches. Some are cross-compile fixes, others are
> imported from Debian. I think some of them solve the same problem as your
> patches. Where are yours from?
> 
> This whole thing needs some cleanup. I think you can ignore the Debian
> patches. I can sort that out afterwards.
> 
> Also, if configure.ac is modified, then a autogen.sh link is needed.
> 
> Michael
> 

Patches are from Buildroot.
https://github.com/buildroot/buildroot/tree/master/package/screen

What do you need from me here? A new one with autogen.sh?
What do I do with the old patches?

> 
>> Signed-off-by: Christian Melki <christian.melki@t2data.com>
>> ---
>>   .../0001-no-memcpy-fallback.patch             | 126 ++++++++++++++++
>>   .../0002-install-no-backup-binary.patch       |  41 +++++
>>   .../0003-install-always-chmod.patch           |  29 ++++
>>   .../0004-install-nonversioned-binary.patch    |  31 ++++
>>   .../screen-4.8.0/0005-rename-sched_h.patch    | 142 ++++++++++++++++++
>>   .../0006-comm-h-now-depends-on-term-h.patch   |  28 ++++
>>   ...-needed-for-list_-display-generic-.o.patch |  35 +++++
>>   .../screen-4.8.0/0008-CVE-2021-26937.patch    |  68 +++++++++
>>   patches/screen-4.8.0/series                   |   9 ++
>>   rules/screen.make                             |   4 +-
>>   10 files changed, 511 insertions(+), 2 deletions(-)
>>   create mode 100644 patches/screen-4.8.0/0001-no-memcpy-fallback.patch
>>   create mode 100644 patches/screen-4.8.0/0002-install-no-backup-binary.patch
>>   create mode 100644 patches/screen-4.8.0/0003-install-always-chmod.patch
>>   create mode 100644 patches/screen-4.8.0/0004-install-nonversioned-binary.patch
>>   create mode 100644 patches/screen-4.8.0/0005-rename-sched_h.patch
>>   create mode 100644 patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch
>>   create mode 100644 patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-generic-.o.patch
>>   create mode 100644 patches/screen-4.8.0/0008-CVE-2021-26937.patch
>>   create mode 100644 patches/screen-4.8.0/series
>>
>> diff --git a/patches/screen-4.8.0/0001-no-memcpy-fallback.patch b/patches/screen-4.8.0/0001-no-memcpy-fallback.patch
>> new file mode 100644
>> index 000000000..213790719
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0001-no-memcpy-fallback.patch
>> @@ -0,0 +1,126 @@
>> +From: Maarten ter Huurne <maarten@treewalker.org>
>> +Date: Sat, 13 Sep 2014 11:37:59 +0200
>> +Subject: Do not use memcpy as an alternative for bcopy/memmove
>> +
>> +The configure script runs a small test program to check whether
>> +memcpy can handle overlapping memory areas. However, it is not valid
>> +to conclude that if a single case of overlapping memory is handled
>> +correctly, all cases will be handled correctly.
>> +
>> +Since screen already has its own bcopy implementation as a fallback
>> +for the case that bcopy and memmove are unusable, removing the memcpy
>> +option should not break any systems.
>> +
>> +Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
>> +[Ricardo: rebase on top of 4.3.1]
>> +Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
>> +[Bernd: rebase on top of 4.7.0]
>> +Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
>> +---
>> + acconfig.h   |  3 +--
>> + configure.ac | 18 +-----------------
>> + os.h         |  8 ++------
>> + osdef.h.in   | 10 +---------
>> + 4 files changed, 5 insertions(+), 34 deletions(-)
>> +
>> +diff --git a/acconfig.h b/acconfig.h
>> +index 2e46985..9b0b9d4 100644
>> +--- a/acconfig.h
>> ++++ b/acconfig.h
>> +@@ -476,7 +476,7 @@
>> + #undef GETTTYENT
>> +
>> + /*
>> +- * Define USEBCOPY if the bcopy/memcpy from your system's C library
>> ++ * Define USEBCOPY if the bcopy from your system's C library
>> +  * supports the overlapping of source and destination blocks.  When
>> +  * undefined, screen uses its own (probably slower) version of bcopy().
>> +  *
>> +@@ -487,7 +487,6 @@
>> +  * Their memove fails the test in the configure script. Sigh. (Juergen)
>> +  */
>> + #undef USEBCOPY
>> +-#undef USEMEMCPY
>> + #undef USEMEMMOVE
>> +
>> + /*
>> +diff --git a/configure.ac b/configure.ac
>> +index 27690a6..b8e3bec 100644
>> +--- a/configure.ac
>> ++++ b/configure.ac
>> +@@ -1145,7 +1145,7 @@ AC_TRY_LINK(,[getttyent();], AC_DEFINE(GETTTYENT))
>> + AC_CHECKING(fdwalk)
>> + AC_TRY_LINK([#include <stdlib.h>], [fdwalk(NULL, NULL);],AC_DEFINE(HAVE_FDWALK))
>> +
>> +-AC_CHECKING(whether memcpy/memmove/bcopy handles overlapping arguments)
>> ++AC_CHECKING(whether memmove/bcopy handles overlapping arguments)
>> + AC_TRY_RUN([
>> + main() {
>> +   char buf[10];
>> +@@ -1175,22 +1175,6 @@ main() {
>> +   exit(0); /* libc version works properly.  */
>> + }], AC_DEFINE(USEMEMMOVE))
>> +
>> +-
>> +-AC_TRY_RUN([
>> +-#define bcopy(s,d,l) memcpy(d,s,l)
>> +-main() {
>> +-  char buf[10];
>> +-  strcpy(buf, "abcdefghi");
>> +-  bcopy(buf, buf + 2, 3);
>> +-  if (strncmp(buf, "ababcf", 6))
>> +-    exit(1);
>> +-  strcpy(buf, "abcdefghi");
>> +-  bcopy(buf + 2, buf, 3);
>> +-  if (strncmp(buf, "cdedef", 6))
>> +-    exit(1);
>> +-  exit(0); /* libc version works properly.  */
>> +-}], AC_DEFINE(USEMEMCPY),,:)
>> +-
>> + AC_SYS_LONG_FILE_NAMES
>> +
>> + AC_MSG_CHECKING(for vsprintf)
>> +diff --git a/os.h b/os.h
>> +index e827ac9..0b41fb9 100644
>> +--- a/os.h
>> ++++ b/os.h
>> +@@ -142,12 +142,8 @@ extern int errno;
>> + # ifdef USEMEMMOVE
>> + #  define bcopy(s,d,len) memmove(d,s,len)
>> + # else
>> +-#  ifdef USEMEMCPY
>> +-#   define bcopy(s,d,len) memcpy(d,s,len)
>> +-#  else
>> +-#   define NEED_OWN_BCOPY
>> +-#   define bcopy xbcopy
>> +-#  endif
>> ++#  define NEED_OWN_BCOPY
>> ++#  define bcopy xbcopy
>> + # endif
>> + #endif
>> +
>> +diff --git a/osdef.h.in b/osdef.h.in
>> +index 8687b60..e4057a0 100644
>> +--- a/osdef.h.in
>> ++++ b/osdef.h.in
>> +@@ -58,16 +58,8 @@ extern int   bcmp __P((char *, char *, int));
>> + extern int   killpg __P((int, int));
>> + #endif
>> +
>> +-#ifndef USEBCOPY
>> +-# ifdef USEMEMCPY
>> +-extern void  memcpy __P((char *, char *, int));
>> +-# else
>> +-#  ifdef USEMEMMOVE
>> ++#if defined(USEMEMMOVE) && !defined(USEBCOPY)
>> + extern void  memmove __P((char *, char *, int));
>> +-#  else
>> +-extern void  bcopy __P((char *, char *, int));
>> +-#  endif
>> +-# endif
>> + #else
>> + extern void  bcopy __P((char *, char *, int));
>> + #endif
>> +--
>> +1.8.4.5
>> +
>> diff --git a/patches/screen-4.8.0/0002-install-no-backup-binary.patch b/patches/screen-4.8.0/0002-install-no-backup-binary.patch
>> new file mode 100644
>> index 000000000..7842662b5
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0002-install-no-backup-binary.patch
>> @@ -0,0 +1,41 @@
>> +From: Maarten ter Huurne <maarten@treewalker.org>
>> +Date: Sun, 14 Sep 2014 23:58:34 +0200
>> +Subject: Do not create backup of old installed binary
>> +
>> +This is a rather unusual feature that packagers will not expect.
>> +
>> +Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
>> +[baruch: update for 4.6.2]
>> +Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> +---
>> + Makefile.in | 4 ----
>> + 1 file changed, 4 deletions(-)
>> +
>> +diff --git a/Makefile.in b/Makefile.in
>> +index 187a69b..65549e9 100644
>> +--- a/Makefile.in
>> ++++ b/Makefile.in
>> +@@ -83,12 +83,9 @@ screen: $(OFILES)
>> + 	    $(OPTIONS) $(CFLAGS) $<
>> +
>> + install_bin: .version screen installdirs
>> +-	-if [ -f $(DESTDIR)$(bindir)/$(SCREEN) ] && [ ! -f $(DESTDIR)$(bindir)/$(SCREEN).old ]; \
>> +-		then mv $(DESTDIR)$(bindir)/$(SCREEN) $(DESTDIR)$(bindir)/$(SCREEN).old; fi
>> + 	$(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
>> + 	-chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
>> + # This doesn't work if $(bindir)/screen is a symlink
>> +-	-if [ -f $(DESTDIR)$(bindir)/screen ] && [ ! -f $(DESTDIR)$(bindir)/screen.old ]; then mv $(DESTDIR)$(bindir)/screen $(DESTDIR)$(bindir)/screen.old; fi
>> + 	rm -f $(DESTDIR)$(bindir)/screen
>> + 	(cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen)
>> + 	cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS)
>> +@@ -113,7 +110,6 @@ installdirs:
>> + uninstall: .version
>> + 	rm -f $(DESTDIR)$(bindir)/$(SCREEN)
>> + 	rm -f $(DESTDIR)$(bindir)/screen
>> +-	-mv $(DESTDIR)$(bindir)/screen.old $(DESTDIR)$(bindir)/screen
>> + 	rm -f $(DESTDIR)$(ETCSCREENRC)
>> + 	cd doc; $(MAKE) uninstall
>> +
>> +--
>> +1.8.4.5
>> +
>> diff --git a/patches/screen-4.8.0/0003-install-always-chmod.patch b/patches/screen-4.8.0/0003-install-always-chmod.patch
>> new file mode 100644
>> index 000000000..0aa7690b0
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0003-install-always-chmod.patch
>> @@ -0,0 +1,29 @@
>> +From: Maarten ter Huurne <maarten@treewalker.org>
>> +Date: Mon, 15 Sep 2014 00:03:05 +0200
>> +Subject: Change binary permission flags even if chown fails
>> +
>> +Typically when creating a package, the build is not run as root, so
>> +the chown will fail. But the chmod can still be done.
>> +
>> +Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
>> +---
>> + Makefile.in | 3 ++-
>> + 1 file changed, 2 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/Makefile.in b/Makefile.in
>> +index 65549e9..3c12fdb 100644
>> +--- a/Makefile.in
>> ++++ b/Makefile.in
>> +@@ -84,7 +84,8 @@ screen: $(OFILES)
>> +
>> + install_bin: .version screen
>> + 	$(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
>> +-	-chown root $(DESTDIR)$(bindir)/$(SCREEN) && chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
>> ++	-chown root $(DESTDIR)$(bindir)/$(SCREEN)
>> ++	-chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
>> + # This doesn't work if $(bindir)/screen is a symlink
>> + 	rm -f $(DESTDIR)$(bindir)/screen
>> + 	(cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen)
>> +--
>> +1.8.4.5
>> +
>> diff --git a/patches/screen-4.8.0/0004-install-nonversioned-binary.patch b/patches/screen-4.8.0/0004-install-nonversioned-binary.patch
>> new file mode 100644
>> index 000000000..ecbbd6519
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0004-install-nonversioned-binary.patch
>> @@ -0,0 +1,31 @@
>> +From: Maarten ter Huurne <maarten@treewalker.org>
>> +Date: Mon, 15 Sep 2014 00:06:20 +0200
>> +Subject: Support overriding SCREEN to get a non-versioned binary
>> +
>> +If a packager runs "make install SCREEN=screen", do not create
>> +"screen" as a symlink to itself.
>> +
>> +Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
>> +---
>> + Makefile.in | 2 ++
>> + 1 file changed, 2 insertions(+)
>> +
>> +diff --git a/Makefile.in b/Makefile.in
>> +index 3c12fdb..860f351 100644
>> +--- a/Makefile.in
>> ++++ b/Makefile.in
>> +@@ -86,9 +86,11 @@ install_bin: .version screen
>> + 	$(INSTALL_PROGRAM) screen $(DESTDIR)$(bindir)/$(SCREEN)
>> + 	-chown root $(DESTDIR)$(bindir)/$(SCREEN)
>> + 	-chmod 4755 $(DESTDIR)$(bindir)/$(SCREEN)
>> ++ifneq (${SCREEN},screen)
>> + # This doesn't work if $(bindir)/screen is a symlink
>> + 	rm -f $(DESTDIR)$(bindir)/screen
>> + 	(cd $(DESTDIR)$(bindir) && ln -f -s $(SCREEN) screen)
>> ++endif
>> + 	cp $(srcdir)/utf8encodings/?? $(DESTDIR)$(SCREENENCODINGS)
>> +
>> + ###############################################################################
>> +--
>> +1.8.4.5
>> +
>> diff --git a/patches/screen-4.8.0/0005-rename-sched_h.patch b/patches/screen-4.8.0/0005-rename-sched_h.patch
>> new file mode 100644
>> index 000000000..9b29b76e0
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0005-rename-sched_h.patch
>> @@ -0,0 +1,142 @@
>> +From: Maarten ter Huurne <maarten@treewalker.org>
>> +Date: Mon, 15 Sep 2014 00:24:41 +0200
>> +Subject: Renamed sched.h to eventqueue.h
>> +
>> +There is a <sched.h> system header that got shadowed by "sched.h".
>> +While Screen itself doesn't include <sched.h>, other system headers
>> +might include it indirectly. This broke the build when using uClibc
>> +with pthread support.
>> +
>> +Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
>> +---
>> + eventqueue.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
>> + sched.h      | 48 ------------------------------------------------
>> + screen.h     |  2 +-
>> + 3 files changed, 49 insertions(+), 49 deletions(-)
>> + create mode 100644 eventqueue.h
>> + delete mode 100644 sched.h
>> +
>> +diff --git a/eventqueue.h b/eventqueue.h
>> +new file mode 100644
>> +index 0000000..fdc3fc4
>> +--- /dev/null
>> ++++ b/eventqueue.h
>> +@@ -0,0 +1,48 @@
>> ++/* Copyright (c) 2008, 2009
>> ++ *      Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
>> ++ *      Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
>> ++ *      Micah Cowan (micah@cowan.name)
>> ++ *      Sadrul Habib Chowdhury (sadrul@users.sourceforge.net)
>> ++ * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007
>> ++ *      Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
>> ++ *      Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
>> ++ * Copyright (c) 1987 Oliver Laumann
>> ++ *
>> ++ * This program is free software; you can redistribute it and/or modify
>> ++ * it under the terms of the GNU General Public License as published by
>> ++ * the Free Software Foundation; either version 3, or (at your option)
>> ++ * any later version.
>> ++ *
>> ++ * This program is distributed in the hope that it will be useful,
>> ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> ++ * GNU General Public License for more details.
>> ++ *
>> ++ * You should have received a copy of the GNU General Public License
>> ++ * along with this program (see the file COPYING); if not, see
>> ++ * https://www.gnu.org/licenses/, or contact Free Software Foundation, Inc.,
>> ++ * 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
>> ++ *
>> ++ ****************************************************************
>> ++ * $Id$ GNU
>> ++ */
>> ++
>> ++struct event
>> ++{
>> ++  struct event *next;
>> ++  void (*handler) __P((struct event *, char *));
>> ++  char *data;
>> ++  int fd;
>> ++  int type;
>> ++  int pri;
>> ++  struct timeval timeout;
>> ++  int queued;		/* in evs queue */
>> ++  int active;		/* in fdset */
>> ++  int *condpos;		/* only active if condpos - condneg > 0 */
>> ++  int *condneg;
>> ++};
>> ++
>> ++#define EV_TIMEOUT	0
>> ++#define EV_READ		1
>> ++#define EV_WRITE	2
>> ++#define EV_ALWAYS	3
>> +diff --git a/sched.h b/sched.h
>> +deleted file mode 100644
>> +index fdc3fc4..0000000
>> +--- a/sched.h
>> ++++ /dev/null
>> +@@ -1,48 +0,0 @@
>> +-/* Copyright (c) 2008, 2009
>> +- *      Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
>> +- *      Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
>> +- *      Micah Cowan (micah@cowan.name)
>> +- *      Sadrul Habib Chowdhury (sadrul@users.sourceforge.net)
>> +- * Copyright (c) 1993-2002, 2003, 2005, 2006, 2007
>> +- *      Juergen Weigert (jnweiger@immd4.informatik.uni-erlangen.de)
>> +- *      Michael Schroeder (mlschroe@immd4.informatik.uni-erlangen.de)
>> +- * Copyright (c) 1987 Oliver Laumann
>> +- *
>> +- * This program is free software; you can redistribute it and/or modify
>> +- * it under the terms of the GNU General Public License as published by
>> +- * the Free Software Foundation; either version 3, or (at your option)
>> +- * any later version.
>> +- *
>> +- * This program is distributed in the hope that it will be useful,
>> +- * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>> +- * GNU General Public License for more details.
>> +- *
>> +- * You should have received a copy of the GNU General Public License
>> +- * along with this program (see the file COPYING); if not, see
>> +- * https://www.gnu.org/licenses/, or contact Free Software Foundation, Inc.,
>> +- * 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
>> +- *
>> +- ****************************************************************
>> +- * $Id$ GNU
>> +- */
>> +-
>> +-struct event
>> +-{
>> +-  struct event *next;
>> +-  void (*handler) __P((struct event *, char *));
>> +-  char *data;
>> +-  int fd;
>> +-  int type;
>> +-  int pri;
>> +-  struct timeval timeout;
>> +-  int queued;		/* in evs queue */
>> +-  int active;		/* in fdset */
>> +-  int *condpos;		/* only active if condpos - condneg > 0 */
>> +-  int *condneg;
>> +-};
>> +-
>> +-#define EV_TIMEOUT	0
>> +-#define EV_READ		1
>> +-#define EV_WRITE	2
>> +-#define EV_ALWAYS	3
>> +diff --git a/screen.h b/screen.h
>> +index 603ca3f..34238c8 100644
>> +--- a/screen.h
>> ++++ b/screen.h
>> +@@ -43,7 +43,7 @@
>> + #include "osdef.h"
>> +
>> + #include "ansi.h"
>> +-#include "sched.h"
>> ++#include "eventqueue.h"
>> + #include "acls.h"
>> + #include "comm.h"
>> + #include "layer.h"
>> +--
>> +1.8.4.5
>> +
>> diff --git a/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch b/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch
>> new file mode 100644
>> index 000000000..6ff6f3da0
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0006-comm-h-now-depends-on-term-h.patch
>> @@ -0,0 +1,28 @@
>> +From 39c5f1c76f1fcef4b5958bf828a63f53426b6984 Mon Sep 17 00:00:00 2001
>> +From: Mike Gerwitz <mike@mikegerwitz.com>
>> +Date: Tue, 24 Dec 2013 22:16:31 -0500
>> +Subject: comm.h now depends on term.h
>> +
>> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> +[Patch retrieved and updated from:
>> +http://git.savannah.gnu.org/cgit/screen.git/commit/?id=39c5f1c]
>> +---
>> + src/Makefile.in | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/Makefile.in b/Makefile.in
>> +index e791e79..d4f7c0b 100644
>> +--- a/Makefile.in
>> ++++ b/Makefile.in
>> +@@ -113,7 +113,7 @@ term.h: term.c term.sh
>> +
>> + kmapdef.c: term.h
>> +
>> +-comm.h: comm.c comm.sh config.h
>> ++comm.h: comm.c comm.sh config.h term.h
>> + 	AWK=$(AWK) CC="$(CC) $(CFLAGS)" srcdir=${srcdir} sh $(srcdir)/comm.sh
>> +
>> + docs:
>> +--
>> +cgit v1.0-41-gc330
>> +
>> diff --git a/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-generic-.o.patch b/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-generic-.o.patch
>> new file mode 100644
>> index 000000000..f406a1afa
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0007-comm.h-needed-for-list_-display-generic-.o.patch
>> @@ -0,0 +1,35 @@
>> +From b719314d201a3e9e1e57c65746a468c47bfc847f Mon Sep 17 00:00:00 2001
>> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> +Date: Wed, 3 Oct 2018 22:29:32 +0200
>> +Subject: [PATCH] comm.h needed for list_{display,generic}.o
>> +
>> +comm.h is needed to build list_display.o and list_generic.o otherwise
>> +parallel builds will sometimes fail
>> +
>> +Fixes:
>> + - http://autobuild.buildroot.org/results/43105f14857dbe72d8878fc7b3db67f7bdca93cc
>> + - http://autobuild.buildroot.org/results/47f4ecbec1355285633df287fc9c4e7cccde9378
>> +
>> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> +[Upstream status: https://savannah.gnu.org/bugs/index.php?54776]
>> +---
>> + Makefile.in | 4 ++--
>> + 1 file changed, 2 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/Makefile.in b/Makefile.in
>> +index af5938b..e6d5247 100644
>> +--- a/Makefile.in
>> ++++ b/Makefile.in
>> +@@ -265,7 +265,7 @@  braille.h
>> + viewport.o: layout.h viewport.h canvas.h viewport.c config.h screen.h os.h osdef.h ansi.h acls.h \
>> +  comm.h layer.h term.h image.h display.h window.h extern.h \
>> +  braille.h
>> +-list_generic.o: list_generic.h list_generic.c layer.h screen.h osdef.h
>> +-list_display.o: list_generic.h list_display.c layer.h screen.h osdef.h
>> ++list_generic.o: list_generic.h list_generic.c layer.h screen.h osdef.h comm.h
>> ++list_display.o: list_generic.h list_display.c layer.h screen.h osdef.h comm.h
>> + list_window.o: list_generic.h list_window.c window.h layer.h screen.h osdef.h comm.h
>> +
>> +--
>> +2.17.1
>> +
>> diff --git a/patches/screen-4.8.0/0008-CVE-2021-26937.patch b/patches/screen-4.8.0/0008-CVE-2021-26937.patch
>> new file mode 100644
>> index 000000000..df7efa029
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/0008-CVE-2021-26937.patch
>> @@ -0,0 +1,68 @@
>> +Description: [CVE-2021-26937] Fix out of bounds array access
>> +Author: Michael Schröder <mls@suse.de>
>> +Bug-Debian: https://bugs.debian.org/982435
>> +Bug: https://savannah.gnu.org/bugs/?60030
>> +Bug: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
>> +Bug-OSS-Security: https://www.openwall.com/lists/oss-security/2021/02/09/3
>> +Origin: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html
>> +
>> +Downloaded from Debian:
>> +https://sources.debian.org/data/main/s/screen/4.8.0-5/debian/patches/99_CVE-2021-26937.patch
>> +
>> +Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>> +--- a/encoding.c
>> ++++ b/encoding.c
>> +@@ -43,7 +43,7 @@
>> + # ifdef UTF8
>> + static int   recode_char __P((int, int, int));
>> + static int   recode_char_to_encoding __P((int, int));
>> +-static void  comb_tofront __P((int, int));
>> ++static void  comb_tofront __P((int));
>> + #  ifdef DW_CHARS
>> + static int   recode_char_dw __P((int, int *, int, int));
>> + static int   recode_char_dw_to_encoding __P((int, int *, int));
>> +@@ -1263,6 +1263,8 @@
>> +     {0x30000, 0x3FFFD},
>> +   };
>> +
>> ++  if (c >= 0xdf00 && c <= 0xdfff)
>> ++    return 1;          /* dw combining sequence */
>> +   return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
>> +           (cjkwidth &&
>> +            bisearch(c, ambiguous,
>> +@@ -1330,11 +1332,12 @@
>> + }
>> +
>> + static void
>> +-comb_tofront(root, i)
>> +-int root, i;
>> ++comb_tofront(i)
>> ++int i;
>> + {
>> +   for (;;)
>> +     {
>> ++      int root = i >= 0x700 ? 0x801 : 0x800;
>> +       debug1("bring to front: %x\n", i);
>> +       combchars[combchars[i]->prev]->next = combchars[i]->next;
>> +       combchars[combchars[i]->next]->prev = combchars[i]->prev;
>> +@@ -1396,9 +1399,9 @@
>> +     {
>> +       /* full, recycle old entry */
>> +       if (c1 >= 0xd800 && c1 < 0xe000)
>> +-        comb_tofront(root, c1 - 0xd800);
>> ++        comb_tofront(c1 - 0xd800);
>> +       i = combchars[root]->prev;
>> +-      if (c1 == i + 0xd800)
>> ++      if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
>> + 	{
>> + 	  /* completely full, can't recycle */
>> + 	  debug("utf8_handle_comp: completely full!\n");
>> +@@ -1422,7 +1425,7 @@
>> +   mc->font  = (i >> 8) + 0xd8;
>> +   mc->fontx = 0;
>> +   debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
>> +-  comb_tofront(root, i);
>> ++  comb_tofront(i);
>> + }
>> +
>> + #else /* !UTF8 */
>> diff --git a/patches/screen-4.8.0/series b/patches/screen-4.8.0/series
>> new file mode 100644
>> index 000000000..c72b2fd5f
>> --- /dev/null
>> +++ b/patches/screen-4.8.0/series
>> @@ -0,0 +1,9 @@
>> +0001-no-memcpy-fallback.patch
>> +0002-install-no-backup-binary.patch
>> +0003-install-always-chmod.patch
>> +0004-install-nonversioned-binary.patch
>> +0005-rename-sched_h.patch
>> +0006-comm-h-now-depends-on-term-h.patch
>> +0007-comm.h-needed-for-list_-display-generic-.o.patch
>> +0008-CVE-2021-26937.patch
>> +
>> diff --git a/rules/screen.make b/rules/screen.make
>> index 39a96dae2..1087dfc9d 100644
>> --- a/rules/screen.make
>> +++ b/rules/screen.make
>> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) += screen
>>   #
>>   # Paths and names
>>   #
>> -SCREEN_VERSION	:= 4.5.0
>> -SCREEN_MD5	:= a32105a91359afab1a4349209a028e31
>> +SCREEN_VERSION	:= 4.8.0
>> +SCREEN_MD5	:= d276213d3acd10339cd37848b8c4ab1e
>>   SCREEN		:= screen-$(SCREEN_VERSION)
>>   SCREEN_SUFFIX	:= tar.gz
>>   SCREEN_URL	:= $(call ptx/mirror, GNU, screen/$(SCREEN).$(SCREEN_SUFFIX))
>> -- 
>> 2.30.2
>>
>>
>> _______________________________________________
>> ptxdist mailing list
>> ptxdist@pengutronix.de
>> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> 

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de