[arch-commits] Commit in screen/trunk (2 files)
Gaëtan Bisson
bisson at archlinux.org
Wed Jan 25 08:49:55 UTC 2017
Date: Wednesday, January 25, 2017 @ 08:49:54
Author: bisson
Revision: 287403
fix FS#52702
Added:
screen/trunk/reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
Modified:
screen/trunk/PKGBUILD
----------------------------------------------------------------+
PKGBUILD | 9 +++-
reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch | 22 ++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-01-25 07:39:59 UTC (rev 287402)
+++ PKGBUILD 2017-01-25 08:49:54 UTC (rev 287403)
@@ -5,7 +5,7 @@
pkgname=screen
pkgver=4.5.0
-pkgrel=1
+pkgrel=2
pkgdesc='Full-screen window manager that multiplexes a physical terminal'
url='https://www.gnu.org/software/screen/'
arch=('i686' 'x86_64')
@@ -14,9 +14,11 @@
validpgpkeys=('2EE59A5D0C50167B5535BBF1B708A383C53EF3A4'
'71AA09D9E8870FDB0AA7B61E21F968DEF747ABD7')
source=("https://ftp.gnu.org/gnu/screen/screen-${pkgver}.tar.gz"{,.sig}
+ 'reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch'
'tmpfiles.d'
'pam.d')
sha1sums=('b329f538e7265405a5c14e13520e95ced9d2cb17' 'SKIP'
+ '641bf674b8d279475f474e9fb1fe41c7b635b9e3'
'76b9c70b77940eb1214fe65739f9f932dc57fb66'
'1ab4b512d2ac840d16db6986d7c98d7ce2f6383f')
@@ -25,6 +27,11 @@
_ptygroup=5 #the UID of our PTY/TTY group
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
+}
+
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
Added: reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
===================================================================
--- reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch (rev 0)
+++ reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch 2017-01-25 08:49:54 UTC (rev 287403)
@@ -0,0 +1,22 @@
+Description: Fix privilege escalation by reverting upstream commit 5460f5d2
+Author: Axel Beckert <abe at debian.org>
+Bug-Debian: https://bugs.debian.org/852484
+Bug-CVE: http://www.openwall.com/lists/oss-security/2017/01/24/10
+Bug: https://savannah.gnu.org/bugs/?50142
+ https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
+
+--- a/screen.c
++++ b/screen.c
+@@ -673,12 +673,6 @@
+ Panic(0, "-L: logfile name can not start with \"-\" symbol");
+ if (strlen(screenlogfile) > PATH_MAX)
+ Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+-
+- FILE *w_check;
+- if ((w_check = fopen(screenlogfile, "w")) == NULL)
+- Panic(0, "-L: logfile name access problem");
+- else
+- fclose(w_check);
+ }
+ nwin_options.Lflag = 1;
+ break;
More information about the arch-commits
mailing list