From 6990d0600970cefe6aa2c17668f9028b08d23441 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Mon, 10 Apr 2023 23:37:47 +0100
Subject: gentoo auto-resync : 10:04:2023 - 23:37:47

---
 app-misc/screen/Manifest                           |   2 +
 .../screen/files/screen-4.9.0-CVE-2023-24626.patch |  33 +++++
 app-misc/screen/screen-4.9.0-r2.ebuild             | 147 +++++++++++++++++++++
 3 files changed, 182 insertions(+)
 create mode 100644 app-misc/screen/files/screen-4.9.0-CVE-2023-24626.patch
 create mode 100644 app-misc/screen/screen-4.9.0-r2.ebuild

(limited to 'app-misc/screen')

diff --git a/app-misc/screen/Manifest b/app-misc/screen/Manifest
index 361e4e504c11..6dc78d699e06 100644
--- a/app-misc/screen/Manifest
+++ b/app-misc/screen/Manifest
@@ -1,9 +1,11 @@
 AUX screen-4.3.0-no-utempter.patch 341 BLAKE2B 3339783b3574f82f093c82a613ad18c5c58c184c082c2c311281cdd57e7176abae0f5935466a4a8b4d931d1d1b93d8f0a4e6b558a268553af4a0170061e6ebfe SHA512 f4191ba1ecac3076f958f56309c0a1d523b455fa4e3388f1cfca59c8ccff0afdfb20ef18d54794ba539b2b6d1511ed599dc44787344dc5ccce2902c9b9848155
 AUX screen-4.6.2-utmp-exit.patch 1558 BLAKE2B e08e83f8b9f0cd09cd9bad4486a75d71bd899a7917954702ece0837099639079a746138374cbeaf71072cca64ae36a3c2a32250123c6747089e724272227e0dd SHA512 0e7c6c224f6fb8e01650b778cb2b155942752504dc97112d9594b7fa0da1bb8bd828240a2519b1c21f1c162181da89a8daa51ef7f74c8ced0b85cdb3e911a67c
+AUX screen-4.9.0-CVE-2023-24626.patch 1039 BLAKE2B ba35a0be4d75b02f08d29f0c135103213cc2d875cd4bbd39cd8ae7cc000eb7fb1b0671844220e0bb6ec48283d1c265c4ea889d82e5882af60c8472d71c57c6f9 SHA512 591599518c2a6505b2407834e9c676d8269eb5f2e8165e113885ee5e18a9176b5e0fc99c8a827f672126212c58257a7a5d852a484a46414026e0960c7e233315
 AUX screen-4.9.0-configure-implicit-function-decls.patch 16667 BLAKE2B 6079042dae21c51b81176aadf27314cf0502fcee995bd9668102bc114ac0c2fdb6587fe2c647cbd92d994cb9b6fdba9e259a1f0a6bd7cf7d7905c3f7e36e8aff SHA512 c9ff18fccba0a0ed19e64509ea128b91bbb6fac405e8395ce724435f1af2f2015f645342aa1fc1b4cb023927412db6e1c242c8060a81deab2a8c064523dedd4d
 AUX screen-9999-no-utempter.patch 465 BLAKE2B be4d690d2f478a2660cb3c0b0f83d9a62328b82b06b85860a84e1b3a924c751080d7e9f35c4b48c3fe6a0152ae75df1dc665b97f8bc70e026bbadd19d4891df1 SHA512 c011936e35e04e7704b0d8d7892f2ebe22fb6993241e7c4b6733e48f6400ca8aeb20c638108018fab006e402332460e89d321e2118f564316e3f7e26a05212d2
 AUX screenrc 10412 BLAKE2B f4866f4a83b22c37484b66e4c7d52ec479fe12ae3e72e5c9e769b1b543ecf04d14ef4339e1c72064741cbf39502ef82d3beb213326a30889f128e135f60bd528 SHA512 06fbec5e28480a2c369330fac0c94faa47e5d28e037d9fefd0cb3e813002c504866dc8ac86872b7ac6f16059a219e396a9c425b578b8afe882153ddb506158f7
 DIST screen-4.9.0.tar.gz 798229 BLAKE2B 0f64a14ce9a719bd4a6d045c55069769045a09ee2086c44c2e3d9da6d1e5ada2f094e00e16029767e1155ce35d4f360d0e2879995eefa052f3214ced71b7617c SHA512 18bbb085d77ecd02cbc02fa88a945c39f06e0c6de4eeaa16b278440dac5c9896811abbe0838144e997cd344ae08b9530399fa8fcb31a65fc571ead90e8307f84
 EBUILD screen-4.9.0-r1.ebuild 3844 BLAKE2B f67c6e7bfc92895c9779d7eec02b93ce2a1972f08c4ed9815754dbc0ed89bfabde982b717d3902d8d3aee1dd11b5dca3818c07b967fd5555b14f94d154b5825b SHA512 7572fd371099225b3493097c9f2486c14ac37481a241bc1f60297fd75799e5279ccf944be0f341b13ebbaca52bb1bd92d393cd50f0760f74bf1af2ce0c387f45
+EBUILD screen-4.9.0-r2.ebuild 3893 BLAKE2B 732af2a03d882a91be18aabb4b5ba561b341060e257724f8fe88ff83efa3af0f09f044e368553ee7e821a6a4fe16f8163517d5f29975d1c8686805cfbda6af13 SHA512 ad8ae9d67c4b46e9a6fae4cf3ad4a9eb3533bbf88f71c0ba0060c1936deb8b71cc63254462c5bdaa655a308a9f8b5660d7f3096464cdf3b5efd9a00a33295e23
 EBUILD screen-9999.ebuild 3782 BLAKE2B 2606ed8495e3531a41bf65489b2dc5af681ff9c5893b12c1de22da9bc246f1d4cb5b1213ce05d8d0fc29878b7bba67e57cf6f9013afc8e9c19141e11755ac01f SHA512 f1d7fb1eca56373b91da540f8097be1b499a8be13315ad980c05c87dbd026bf19865eccf1fb9aa5ebd60c0362db8dc033cebede55c9067b6b63b02cc8936421e
 MISC metadata.xml 1894 BLAKE2B 2312aa5911bfd18b3f9202ccb52afa84f2a29462c8282d36a84fb9624f5ff9bcf3d96e06cace55d542ff7c8182eed5560483717265ecc3fc9218e43bdf9d9094 SHA512 a7c331d1614b5bf139d61a72ad27c070184c208039da97c218b55e07a699d635c0db20ec3792c87d93affa2cb038ae834adcf3dc7c37a4b5c2f8aa36b081cfca
diff --git a/app-misc/screen/files/screen-4.9.0-CVE-2023-24626.patch b/app-misc/screen/files/screen-4.9.0-CVE-2023-24626.patch
new file mode 100644
index 000000000000..07dec8ecdd28
--- /dev/null
+++ b/app-misc/screen/files/screen-4.9.0-CVE-2023-24626.patch
@@ -0,0 +1,33 @@
+From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: fix: missing signal sending permission check on failed query messages
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+---
+ socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/socket.c b/socket.c
+index 147dc54..54d8cb8 100644
+--- a/socket.c
++++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+           else
+             queryflag = -1;
+ 
+-          Kill(m.m.command.apid,
++          if (CheckPid(m.m.command.apid)) {
++            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
++          }
++          else {
++            Kill(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-          queryflag = -1;
++            queryflag = -1;
++          }
+         }
+         break;
+       case MSG_COMMAND:
diff --git a/app-misc/screen/screen-4.9.0-r2.ebuild b/app-misc/screen/screen-4.9.0-r2.ebuild
new file mode 100644
index 000000000000..bd3ba7101992
--- /dev/null
+++ b/app-misc/screen/screen-4.9.0-r2.ebuild
@@ -0,0 +1,147 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools flag-o-matic pam tmpfiles
+
+DESCRIPTION="screen manager with VT100/ANSI terminal emulation"
+HOMEPAGE="https://www.gnu.org/software/screen/"
+
+if [[ ${PV} != 9999 ]] ; then
+	SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+else
+	inherit git-r3
+	EGIT_REPO_URI="https://git.savannah.gnu.org/git/screen.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}" # needed for setting S later on
+	S="${WORKDIR}"/${P}/src
+fi
+
+LICENSE="GPL-3+"
+SLOT="0"
+IUSE="debug nethack pam selinux multiuser"
+
+DEPEND=">=sys-libs/ncurses-5.2:=
+	virtual/libcrypt:=
+	pam? ( sys-libs/pam )"
+RDEPEND="${DEPEND}
+	acct-group/utmp
+	selinux? ( sec-policy/selinux-screen )"
+BDEPEND="sys-apps/texinfo"
+
+PATCHES=(
+	# Don't use utempter even if it is found on the system.
+	"${FILESDIR}"/${PN}-4.3.0-no-utempter.patch
+	"${FILESDIR}"/${PN}-4.6.2-utmp-exit.patch
+	"${FILESDIR}"/${PN}-4.9.0-configure-implicit-function-decls.patch
+	"${FILESDIR}"/${P}-CVE-2023-24626.patch
+)
+
+src_prepare() {
+	default
+
+	# sched.h is a system header and causes problems with some C libraries
+	mv sched.h _sched.h || die
+	sed -i '/include/ s:sched.h:_sched.h:' screen.h || die
+
+	# Fix manpage
+	sed -i \
+		-e "s:/usr/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \
+		-e "s:/usr/local/screens:${EPREFIX}/tmp/screen:g" \
+		-e "s:/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \
+		-e "s:/etc/utmp:${EPREFIX}/var/run/utmp:g" \
+		-e "s:/local/screens/S\\\-:${EPREFIX}/tmp/screen/S\\\-:g" \
+		doc/screen.1 || die
+
+	if [[ ${CHOST} == *-darwin* ]] || use elibc_musl; then
+		sed -i -e '/^#define UTMPOK/s/define/undef/' acconfig.h || die
+	fi
+
+	# disable musl dummy headers for utmp[x]
+	use elibc_musl && append-cppflags "-D_UTMP_H -D_UTMPX_H"
+
+	# reconfigure
+	eautoreconf
+}
+
+src_configure() {
+	append-cppflags "-DMAXWIN=${MAX_SCREEN_WINDOWS:-100}"
+
+	if [[ ${CHOST} == *-solaris* ]]; then
+		# enable msg_header by upping the feature standard compatible
+		# with c99 mode
+		append-cppflags -D_XOPEN_SOURCE=600
+	fi
+
+	use nethack || append-cppflags "-DNONETHACK"
+	use debug && append-cppflags "-DDEBUG"
+
+	local myeconfargs=(
+		--with-socket-dir="${EPREFIX}/tmp/${PN}"
+		--with-sys-screenrc="${EPREFIX}/etc/screenrc"
+		--with-pty-mode=0620
+		--with-pty-group=5
+		--enable-rxvt_osc
+		--enable-telnet
+		--enable-colors256
+		$(use_enable pam)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	LC_ALL=POSIX emake comm.h term.h
+	emake osdef.h
+
+	emake -C doc screen.info
+	default
+}
+
+src_install() {
+	local DOCS=(
+		README ChangeLog INSTALL TODO NEWS* patchlevel.h
+		doc/{FAQ,README.DOTSCREEN,fdpat.ps,window_to_display.ps}
+	)
+
+	emake DESTDIR="${D}" SCREEN="${P}" install
+
+	local tmpfiles_perms tmpfiles_group
+
+	if use multiuser || use prefix ; then
+		fperms 4755 /usr/bin/${P}
+		tmpfiles_perms="0755"
+		tmpfiles_group="root"
+	else
+		fowners root:utmp /usr/bin/${P}
+		fperms 2755 /usr/bin/${P}
+		tmpfiles_perms="0775"
+		tmpfiles_group="utmp"
+	fi
+
+	newtmpfiles - screen.conf <<<"d /tmp/screen ${tmpfiles_perms} root ${tmpfiles_group}"
+
+	insinto /usr/share/${PN}
+	doins terminfo/{screencap,screeninfo.src}
+
+	insinto /etc
+	doins "${FILESDIR}"/screenrc
+
+	if use pam; then
+		pamd_mimic_system screen auth
+	fi
+
+	dodoc "${DOCS[@]}"
+}
+
+pkg_postinst() {
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		elog "Some dangerous key bindings have been removed or changed to more safe values."
+		elog "We enable some xterm hacks in our default screenrc, which might break some"
+		elog "applications. Please check /etc/screenrc for information on these changes."
+	fi
+
+	tmpfiles_process screen.conf
+
+	ewarn "This revision changes the screen socket location to ${EROOT}/tmp/${PN}"
+}
-- 
cgit v1.2.3