diff --git a/0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch b/0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch new file mode 100644 index 0000000..852f50b --- /dev/null +++ b/0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch @@ -0,0 +1,34 @@ +From 675b877d4f21a8ff3bcb91afb19277bf6c2c0cda Mon Sep 17 00:00:00 2001 +From: Andreas Stieger +Date: Sat, 25 Feb 2017 21:30:59 +0100 +Subject: [PATCH] Follow-up to bc5ea98, fix texinfo syntax errors + +--- + src/doc/screen.texinfo | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/doc/screen.texinfo b/src/doc/screen.texinfo +index bc4cbae..aadad33 100644 +--- a/src/doc/screen.texinfo ++++ b/src/doc/screen.texinfo +@@ -5795,7 +5795,7 @@ and Alexander Naumov . + Contributors @* + ============ + +-@example ++@verbatim + Thomas Renninger , + Axel Beckert , + Ken Beal , +@@ -5826,7 +5826,7 @@ Contributors @* + Jason Merrill , + Johannes Zellner , + Pablo Averbuj . +-@end example ++@end verbatim + + @noindent + Version @* +-- +2.12.0 + diff --git a/fix_enable_logfile.patch b/fix_enable_logfile.patch deleted file mode 100644 index ecce830..0000000 --- a/fix_enable_logfile.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Alexander Naumov -Date: Thu, 26 Jan 2017 23:44:43 +0100 -Subject: [PATCH] Adding "-L logfile" option for setting new logfile's name -References: bnc#1020870 - -Now it's possible to set your own lofile name with -this option ONLY. It fixes API of old versions. - -Signed-off-by: Alexander Naumov ---- -diff --git a/src/doc/screen.1 b/src/doc/screen.1 -index 23b4d7b..5b14d91 100644 ---- doc/screen.1 -+++ doc/screen.1 -@@ -261,9 +261,12 @@ Ask your system administrator if you are not sure. Remove sessions with the - .B \-L - tells - .I screen --to turn on automatic output logging for the windows. By default, logfile's name --is screenlog.1. You can sets new name: add it right after -L option e.g. "screen ---L my_logfile". -+to turn on automatic output logging for the windows. -+.TP 5 -+.BI "\-L logfile " file -+By default logfile name is \*Qscreenlog.0\*Q. You can also set new logfile name -+with the \*Qlogfile\*Q option. Keep in mind that logfile name can not start with -+the "-" symbol. - .TP 5 - .B \-m - causes -diff --git a/src/screen.c b/src/screen.c -index 64650e9..9e1072a 100644 ---- screen.c -+++ screen.c -@@ -302,7 +302,7 @@ struct passwd *ppp; - pw_try_again: - #endif - n = 0; -- if (ppp->pw_passwd[0] == '#' && ppp->pw_passwd[1] == '#' & strcmp(ppp->pw_passwd + 2, ppp->pw_name) == 0) -+ if (ppp->pw_passwd[0] == '#' && ppp->pw_passwd[1] == '#' && strcmp(ppp->pw_passwd + 2, ppp->pw_name) == 0) - n = 13; - for (; n < 13; n++) { - char c = ppp->pw_passwd[n]; -@@ -667,18 +667,16 @@ int main(int ac, char** av) - break; - - case 'L': -- if (--ac != 0) { -- screenlogfile = SaveStr(*++av); -- if (screenlogfile[0] == '-') -+ if (--ac > 0 && !strcmp(*++av, "logfile")) { -+ *++av; // Now '*av' is a logfile parameter -+ -+ if (strlen(*av) > PATH_MAX) -+ Panic(1, "-L: logfile name too long. (max. %d char)", PATH_MAX); -+ -+ if (*av[0] == '-') - Panic(0, "-L: logfile name can not start with \"-\" symbol"); -- if (strlen(screenlogfile) > PATH_MAX) -- Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX); -- -- FILE *w_check; -- if ((w_check = fopen(screenlogfile, "w")) == NULL) -- Panic(0, "-L: logfile name access problem"); -- else -- fclose(w_check); -+ -+ screenlogfile = SaveStr(*av); - } - nwin_options.Lflag = 1; - break; - diff --git a/screen-4.5.0.tar.gz b/screen-4.5.0.tar.gz deleted file mode 100644 index 068b1a4..0000000 --- a/screen-4.5.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:01c3a7c362185f35d6a95dff52d64337076496acd034d717de3c263500cfefb0 -size 963233 diff --git a/screen-4.5.0.tar.gz.sig b/screen-4.5.0.tar.gz.sig deleted file mode 100644 index 4aa2f78..0000000 --- a/screen-4.5.0.tar.gz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEcaoJ2eiHD9sKp7YeIflo3vdHq9cFAlh+cg4ACgkQIflo3vdH -q9d1Uw//QEEy4vceIdg0LhAek6GwBsEk6BYra6Jne4UMwJKJnD7Pe9FFbDGFsUKK -d8CpeTBXHQJf4skaxxgfcthJmdVzxukakrhpFNNxV0KhCqkwuzq/+DmuIpniJH4O -ln41dbw3B+88hyrxiYT38qMwB9baNVqNf3nS58p1MbAGpDEZTV9DxfWV+prAMEJ8 -wuGjYSu6CgKMBuBHymGp8K2jEEaXHlWP0AmZyIc5BPi8ojNkCt6rh9OXWShmQj7d -pVbpNCFQB2g+Q5G6B3WlPj01pfln/JfX43Wahwn9OvZ9sUvmtkYy2WgNYEkYQqIo -zVetjgu59IZBVjZBc4/JhfcPNdxNaZHugkU4Nabw6W6uMKUMzA19EIvtQ4AkEAbX -1DAPsFQGA2COUQdgDhkuGPM0PjXov8R/YR6FSkb3EECyw9vUmpywU/yyMdvC74lG -Ulcm6Xd5G6xt4i2BlAHO9qv9UlRJpSmeKj+kluRUQB4UUsyNeMcDuOYfQhPy0fy8 -8B424D/ukhmhT/FxMoPTyLND7SSGFFH6Rueeqojm6kCM3CuDnf2g+LEo6j6psH+4 -zJVHyc/A26UF+60/lv+ScZ1TXI9JZE0XjwwaYGav4gUitQ0ASuZsWMJeIE4o6FzX -n4Slk/gE3fwMfhrHVocpipQFsFTb6Z5+xTjyLzO16PuJwL0O6Do= -=fhpd ------END PGP SIGNATURE----- diff --git a/screen-4.5.1.tar.gz b/screen-4.5.1.tar.gz new file mode 100644 index 0000000..10ed4c6 --- /dev/null +++ b/screen-4.5.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:97db2114dd963b016cd4ded34831955dcbe3251e5eee45ac2606e67e9f097b2d +size 963153 diff --git a/screen-4.5.1.tar.gz.sig b/screen-4.5.1.tar.gz.sig new file mode 100644 index 0000000..114f34b --- /dev/null +++ b/screen-4.5.1.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEcaoJ2eiHD9sKp7YeIflo3vdHq9cFAlixp7cACgkQIflo3vdH +q9cu7A//eU/bJpZhfi4PRPZymBgACAKNi4KIaKzyL0+hxFoABMrbp5fvZRgG2llT +dLBZjQ0azi+kDXM+LR4pJvkeNFhv2S/kUqkcr0AATLf4YfCY+JJrKGpOIublHG/i +eCu8PgEZYd1nQxkh6Si8R6+voogAw9z8f2QnenN3zdv0SiEMVEOtgo8pvotIIpS8 +pnF0lTNBIuYcauL5wKgxzY9r07qiPa47t0RSr7N40dCjJWV9h1bkj/em5nQ+B4ap +Nv4HJBI/wDQkdrB+kgWsvioJkyL8fWG6Z5lYBzWcQ0Sy0zdgSnLiEGwbnVk/Sm0R +eD0DEIZjeHiqVRqJUSECDRxPTqKzqMErkDw97pCeuds6tPBd/eghhczfLEjP8jTg +6QqgNJeNQ1Uul9g+LfkAmo20D6nXizW88m1OQuat2bsEE8nk2T6wVEsS1S2skm8L +R4GEwTly20HTX95oVgga5svNFbIH3KDQ/gXQfnhCvJC19fKeFgKl2ySO7mtZsHSv +aHF0HRmKsVCIMY+rjJ1tSFO8DLItoua7rwFNvsdqsu1ZyisHUygjEgFYxkkbwAcu +oFnxipwPxB8YvY6DDKEMl4pi+2qX+0uC8IU9HlKT5PdOU6ZVfoIzN2hTUmPqZ50L +Z0gEYgDvOYih9LieUV7JhuktoWpykoe4FpWPuYvIXP4h1Kj6y9Y= +=TjxB +-----END PGP SIGNATURE----- diff --git a/screen.changes b/screen.changes index 523245b..df26f8b 100644 --- a/screen.changes +++ b/screen.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Feb 25 20:34:40 UTC 2017 - astieger@suse.com + +- GNU Screen 4.5.1: + * logfile permissions problem (CVE-2017-5618) bsc#1021743 + This issues does not affect the SUSE package as setuid/setid + is not used. +- drop upstreamed fix_enable_logfile.patch +- add 0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch + ------------------------------------------------------------------- Fri Jan 27 22:32:17 UTC 2017 - alexander_naumov@opensuse.org diff --git a/screen.keyring b/screen.keyring index 8da5198..2ea45fc 100644 Binary files a/screen.keyring and b/screen.keyring differ diff --git a/screen.spec b/screen.spec index 5450ee9..1681553 100644 --- a/screen.spec +++ b/screen.spec @@ -19,39 +19,40 @@ %if 0%{?suse_version} > 1310 %define rundir /run %else -%define rundir /var/run +%define rundir %{_localstatedir}/run %endif - -Url: http://www.gnu.org/software/screen/ - Name: screen -%if 0%{?suse_version} > 1140 -BuildRequires: makeinfo -%endif -BuildRequires: ncurses-devel -%if 0%{?suse_version} > 1130 -BuildRequires: utempter-devel -%else -BuildRequires: utempter -%endif -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: pam-devel -PreReq: %install_info_prereq -PreReq: coreutils -Version: 4.5.0 +Version: 4.5.1 Release: 0 Summary: A program to allow multiple screens on a VT100/ANSI Terminal License: GPL-3.0+ Group: System/Console +Url: http://www.gnu.org/software/screen/ Source: http://ftp.gnu.org/gnu/screen/%{name}-%{version}.tar.gz Source1: screen.conf Source2: http://ftp.gnu.org/gnu/screen/%{name}-%{version}.tar.gz.sig Source3: https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=screen&download=1#/%{name}.keyring Patch0: global_screenrc.patch -Patch1: fix_enable_logfile.patch Patch6: libtinfo.diff +Patch7: 0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: ncurses-devel +BuildRequires: pam-devel +# FIXME: use proper Requires(pre/post/preun/...) +PreReq: %{install_info_prereq} +PreReq: coreutils +Requires(post): %{install_info_prereq} +Requires(preun): %{install_info_prereq} BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} > 1140 +BuildRequires: makeinfo +%endif +%if 0%{?suse_version} > 1130 +BuildRequires: utempter-devel +%else +BuildRequires: utempter +%endif %description With this program you can take advantage of the multitasking abilities @@ -61,21 +62,20 @@ sessions can also be detached and resumed from another login terminal. Documentation: man page %prep -%setup +%setup -q # global_screenrc.patch %patch0 -# PATCH-FEATURE-UPSTREAM fix_enable_logfile.patch -%patch1 # libtinfo.diff %patch6 +%patch7 -p2 %build sh ./autogen.sh -CFLAGS="-DMAXWIN=1000 $RPM_OPT_FLAGS" %configure --prefix=/usr --infodir=%{_infodir} \ +CFLAGS="-DMAXWIN=1000 %{optflags}" %configure --prefix=%{_prefix} --infodir=%{_infodir} \ --mandir=%{_mandir} \ - --with-socket-dir='(eff_uid ? "%rundir/uscreens" : "%rundir/screens")' \ - --with-sys-screenrc=/etc/screenrc \ + --with-socket-dir='(eff_uid ? "%{rundir}/uscreens" : "%{rundir}/screens")' \ + --with-sys-screenrc=%{_sysconfdir}/screenrc \ --with-pty-group=5 \ --enable-use-locale \ --enable-telnet \ @@ -86,48 +86,51 @@ CFLAGS="-DMAXWIN=1000 $RPM_OPT_FLAGS" %configure --prefix=/usr --infodir=%{_info # update Makefile so that make -j becomes reliable :> osdef.h # so that make depend has a chance :> comm.h # so that make depend has a chance -make depend # FIXME: this should be self sufficient. +make %{?_smp_mflags} depend # FIXME: this should be self sufficient. rm osdef.h # so that make will use osdef.sh rm comm.h # so that make will use comm.sh make %{?_smp_mflags} %install -make install DESTDIR=$RPM_BUILD_ROOT -rm -f $RPM_BUILD_ROOT/usr/bin/screen -mv $RPM_BUILD_ROOT/usr/bin/screen-%version $RPM_BUILD_ROOT/usr/bin/screen -chmod 755 $RPM_BUILD_ROOT/usr/bin/screen -mkdir -p $RPM_BUILD_ROOT/etc -mkdir -p $RPM_BUILD_ROOT/usr/lib -mkdir -p $RPM_BUILD_ROOT/usr/lib/tmpfiles.d -mkdir -p $RPM_BUILD_ROOT%rundir/screens -chmod 755 $RPM_BUILD_ROOT%rundir/screens -mkdir -p $RPM_BUILD_ROOT%rundir/uscreens -chmod 1777 $RPM_BUILD_ROOT%rundir/uscreens -install -m 644 screenrc $RPM_BUILD_ROOT/etc/screenrc -install -m 644 %SOURCE1 $RPM_BUILD_ROOT/usr/lib/tmpfiles.d +%make_install +rm -f %{buildroot}%{_bindir}/screen +mv %{buildroot}%{_bindir}/screen-%{version} %{buildroot}%{_bindir}/screen +chmod 755 %{buildroot}%{_bindir}/screen +mkdir -p %{buildroot}/etc +mkdir -p %{buildroot}%{_prefix}/lib +mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d +mkdir -p %{buildroot}%{rundir}/screens +chmod 755 %{buildroot}%{rundir}/screens +mkdir -p %{buildroot}%{rundir}/uscreens +chmod 1777 %{buildroot}%{rundir}/uscreens +install -m 644 screenrc %{buildroot}%{_sysconfdir}/screenrc +install -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/tmpfiles.d %files %defattr(-,root,root) -%config /etc/screenrc -%attr(555,root,root) /usr/bin/screen -%dir /usr/share/screen -%dir /usr/lib/tmpfiles.d -/usr/lib/tmpfiles.d/screen.conf -/usr/share/screen/utf8encodings +%config %{_sysconfdir}/screenrc +%attr(555,root,root) %{_bindir}/screen +%dir %{_datadir}/screen +%dir %{_prefix}/lib/tmpfiles.d +%{_prefix}/lib/tmpfiles.d/screen.conf +%{_datadir}/screen/utf8encodings # Created via aaa_base or systemd on system boot -%ghost %dir %rundir/screens -%ghost %dir %rundir/uscreens -%doc %{_infodir}/screen.info*.gz -%doc %{_mandir}/man1/screen.1.gz +%ghost %dir %{rundir}/screens +%ghost %dir %{rundir}/uscreens +%{_infodir}/screen.info*%{ext_info} +%{_mandir}/man1/screen.1%{ext_man} %doc COPYING %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz +%preun +%install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info.gz + # Create our dirs immediatly, after a manual package install. # After a reboot systemd/aaa_base will take care. -test -d %rundir/screens || mkdir -m 755 %rundir/screens -test -d %rundir/uscreens || mkdir -m 1777 %rundir/uscreens +test -d %{rundir}/screens || mkdir -m 755 %{rundir}/screens +test -d %{rundir}/uscreens || mkdir -m 1777 %{rundir}/uscreens %changelog