From 81f06e89a0683d63ea4b36ec59c1c3c41752cbf3 Mon Sep 17 00:00:00 2001 From: Jan Palus Date: Thu, 17 Aug 2023 23:28:24 +0200 Subject: [PATCH] up to 4.9.1 (fixes CVE-2023-24626) --- screen-ia64.patch | 6 +++--- screen-info.patch | 22 +--------------------- screen-manual.patch | 9 --------- screen-no-libs.patch | 2 +- screen.spec | 6 +++--- 5 files changed, 8 insertions(+), 37 deletions(-) diff --git a/screen-ia64.patch b/screen-ia64.patch index 6dee8f1..2cf84f9 100644 --- a/screen-ia64.patch +++ b/screen-ia64.patch @@ -1,12 +1,12 @@ --- configure.ac.orig Wed Jun 14 16:04:17 2000 +++ configure.ac Fri Sep 8 19:15:51 2000 @@ -625,6 +625,9 @@ - AC_MSG_ERROR(!!! no tgetent - no screen))))))))) + #include + #include - AC_TRY_RUN([ + +extern char *tgoto(char *,int,int); + + int main() { - exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1); diff --git a/screen-info.patch b/screen-info.patch index 63c840a..6d8ef9d 100644 --- a/screen-info.patch +++ b/screen-info.patch @@ -9,7 +9,7 @@ @finalout @setchapternewpage odd @c %**end of header - @set version 4.9.0 + @set version 4.9.1 @direntry -* Screen: (screen). Full-screen window manager. @@ -53,26 +53,6 @@ @item logtstamp [@var{state}] Configure logfile time-stamps. @xref{Log}. @item mapdefault -@@ -1763,13 +1763,12 @@ - @kindex C-x - @deffn Command lockscreen - (@kbd{C-a x}, @kbd{C-a C-x})@* --Call a screenlock program (@file{/local/bin/lck} or @file{/usr/bin/lock} --or a builtin, if no other is available). Screen does not accept any --command keys until this program terminates. Meanwhile processes in the --windows may continue, as the windows are in the detached state. --The screenlock program may be changed through the environment variable --@code{$LOCKPRG} (which must be set in the shell from which @code{screen} --is started) and is executed with the user's uid and gid. -+Call a screenlock program (@file{/usr/bin/lck} or a builtin, if no other is -+available). Screen does not accept any command keys until this program -+terminates. Meanwhile processes in the windows may continue, as the windows -+are in the detached state. The screenlock program may be changed through the -+environment variable @code{$LOCKPRG} (which must be set in the shell from -+which @code{screen} is started) and is executed with the user's uid and gid. - - Warning: When you leave other shells unlocked and have no password set - on @code{screen}, the lock is void: One could easily re-attach from an @@ -2405,7 +2404,7 @@ * Naming Windows:: Control the name of the window * Console:: See the host's console messages diff --git a/screen-manual.patch b/screen-manual.patch index 20ff301..ab6ddb5 100644 --- a/screen-manual.patch +++ b/screen-manual.patch @@ -45,15 +45,6 @@ The option \*Q\-n\*U may be used to suppress the line feed. See also \*Qsleep\*U. Echo is also useful for online checking of environment variables. -@@ -2397,7 +2397,7 @@ - .RS 0 - .PP - Lock this display. --Call a screenlock program (/local/bin/lck or /usr/bin/lock or a builtin if no -+Call a screenlock program (/usr/bin/lock or a builtin if no - other is available). Screen does not accept any command keys until this program - terminates. Meanwhile processes in the windows may continue, as the windows - are in the `detached' state. The screenlock program may be changed through the @@ -4857,20 +4857,18 @@ .I screen distribution package for private and global initialization files. diff --git a/screen-no-libs.patch b/screen-no-libs.patch index 72406c9..1e8f38e 100644 --- a/screen-no-libs.patch +++ b/screen-no-libs.patch @@ -11,4 +11,4 @@ -fi AC_CHECKING(getloadavg) - AC_TRY_LINK(,[getloadavg((double *)0, 0);], + AC_TRY_LINK([ diff --git a/screen.spec b/screen.spec index 9a9000a..85f809d 100644 --- a/screen.spec +++ b/screen.spec @@ -10,12 +10,12 @@ Summary(ru.UTF-8): Менеджер экрана, поддерживающий Summary(tr.UTF-8): Bir uçbirimde birden fazla oturumu düzenler Summary(uk.UTF-8): Менеджер екрану, що підтримує кілька логінів з одного терміналу Name: screen -Version: 4.9.0 -Release: 2 +Version: 4.9.1 +Release: 1 License: GPL v3+ Group: Applications/Terminal Source0: https://ftp.gnu.org/gnu/screen/%{name}-%{version}.tar.gz -# Source0-md5: b1ef8ed89134d335e614016634982b6d +# Source0-md5: 9a9bdc956bd93e4f0cb9e48678889e26 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 236166e774cee788cf594b05dd1dd70d Source2: %{name}.pamd -- 2.44.0