- update to 4.9.1 (bsc#1210272, CVE-2023-24626):

* Support stop/parity bits on serial port * Add needed system headers in checks and return values for implicit function declarations * Avoid zombies after shell exit * Missed signal sending permission check on failed query messages (CVE-2023-24626) * manpage fixes * source code fixes during cleanup * UTF-8 encoding can emit invalid UTF-8 sequences * for out of range unicode values update. * CVE-2021-26937: possible denial of service via a crafted UTF-8 (boo#1182092) * Fix: a lot of manpage fixes and cleanups - drop upstreamed 0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch * fix loging screen API (bnc#1020870) parameter '-L'. * This is a bug fix release. * Visible content get messed up after window resize - Add build dependency on makeinfo of gethostbyname(3) - A few lines added to docu explaining login-shells and - removed bogus self-provides - fix for root compromise using configurable visual bell string OBS-URL: https://build.opensuse.org/package/show/Base:System/screen?expand=0&rev=102
2023-09-13 12:03:10 +00:00 · 2023-09-13 12:03:10 +00:00 · e880e624c3
commit e880e624c3
parent 309d5e4c81
7 changed files with 52 additions and 71 deletions
--- a/screen-4.9.0.tar.gz
+++ b/screen-4.9.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4
 size 798229
--- a/screen-4.9.0.tar.gz.sig
+++ b/screen-4.9.0.tar.gz.sig
@ -1,14 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQGzBAABCAAdFiEEtFYP2Mny3jvjCOujkzrSGIb2n78FAmH5WV4ACgkQkzrSGIb2
 n7+KZQwA1OYxwIQlgkeAKdXp2ma3jVPqFq/UvrpM0uMU30i+gHz2Yu1jK9v+E+di
 C6suW2fjazyTmI1pMdw0V1zJHQ7YDplUJyIEFhewe2xdh5gha4iiBQZc1mekT4pt
 XO3WUHi31TPty8AJ6gObr9Bv5BePQ+1xilIWJUQpN6L4uQDp+sWyJDX3x+5g6Bx+
 E5hTzJfspAzPIWdXrIglxH006a8BpAyovJFYHn6FgRx/h2Vw9bS0oRdQYArqjLHv
 4NkfQFDwjWMaxt3QQEDB2LGbDLANE9OqEaFOXqW1SEt07Esf2Tj5oot+Hjj2ZAps
 LXDtmFHsmf0taluP1ULesH9d6Os3Ufb+etMmBgXkJPbhuhrQcgEiFjb/eXYLSiml
 iEtdmCT2MzpUWDvdvPgE2hsAzkz/t9kye2BZDUrJcCl+Pue4yZK3hU0ic67eG10D
 2O9XCSYCPn9j7ROfq6nJnXaneup6WTX5UkkQOgHmhJWxp6lu6DlR3Eqsb9l15Kpk
 mr0jJwok
 =QTsj
 -----END PGP SIGNATURE-----
--- a/screen-4.9.1.tar.gz
+++ b/screen-4.9.1.tar.gz
--- a/screen-4.9.1.tar.gz.sig
+++ b/screen-4.9.1.tar.gz.sig
@ -0,0 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
 iHUEABYIAB0WIQRQuGGz6TDsM3UNkO2RCDKXSpKhHAUCZN4mxAAKCRCRCDKXSpKh
 HE8FAP9o9aDPuc/grybmgFZDF3pJloelr0ABS4fHcCHPJ4PaPAD+PE2xBYrCcG/T
 pSvdNInaYr3lRbN9iQkIAYFh66bLmQo=
 =izsm
 -----END PGP SIGNATURE-----
--- a/screen.changes
+++ b/screen.changes
@ -1,3 +1,18 @@
 -------------------------------------------------------------------
 Wed Sep 13 12:01:14 UTC 2023 - Dirk Müller <dmueller@suse.com>
 - update to 4.9.1 (bsc#1210272, CVE-2023-24626):
  * Support stop/parity bits on serial port
  * Add needed system headers in checks and return values
    for implicit function declarations
  * Avoid zombies after shell exit
  * Missed signal sending permission check on failed
    query messages (CVE-2023-24626)
  * manpage fixes
  * source code fixes during cleanup
  * UTF-8 encoding can emit invalid UTF-8 sequences
  * for out of range unicode values
 -------------------------------------------------------------------
 Fri Dec 16 22:18:05 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
@ -8,7 +23,7 @@ Mon Dec 12 14:28:14 UTC 2022 - Stefan Schubert <schubi@suse.com>
 - Migration PAM settings to /usr/etc: Saving user changed
  configuration files in /etc and restoring them while an RPM
-  update.  
+  update.
 -------------------------------------------------------------------
 Sat Feb 26 11:08:20 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
@ -16,9 +31,9 @@ Sat Feb 26 11:08:20 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 - GNU Screen 4.9.0:
  * Hardstatus option for used encoding (escape string '%e')
  * fix combining char handling that could lead to a segfault
-  * CVE-2021-26937: possible denial of service via a crafted UTF-8 
+  * CVE-2021-26937: possible denial of service via a crafted UTF-8
    character sequence, upstream fix replacing dropped combchar.diff
-    (boo#1182092) 
+    (boo#1182092)
  * make screen exit code be 0 when checking --help
  * session names limit is 80 symbols
  * option -X ignores specified user in multiuser env
@ -72,7 +87,7 @@ Wed Oct 02 09:09:20 UTC 2019 - alexander_naumov@opensuse.org
  * Adds support for OSC 11
  * Updates Unicode ambiguous and wide tables to 12.1.0
  * Fix: cross-compilation support (bug #43223)
-  * Fix: a lot of manpage fixes and cleanups 
+  * Fix: a lot of manpage fixes and cleanups
 -------------------------------------------------------------------
 Fri Feb 15 23:31:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
@ -129,7 +144,7 @@ Thu Jun 29 12:24:55 UTC 2017 - alexander_naumov@opensuse.org
  * Migrate from fifos to sockets
  * Start viewing scrollback at first line of output
- drop upstreamed 0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch 
+- drop upstreamed 0001-Follow-up-to-bc5ea98-fix-texinfo-syntax-errors.patch
 -------------------------------------------------------------------
 Thu May 11 15:46:12 UTC 2017 - jengelh@inai.de
@ -151,7 +166,7 @@ Sat Feb 25 20:34:40 UTC 2017 - astieger@suse.com
 Fri Jan 27 22:32:17 UTC 2017 - alexander_naumov@opensuse.org
 - Add fix_enable_logfile.patch
-  * fix loging screen API (bnc#1020870) 
+  * fix loging screen API (bnc#1020870)
  * fix privilege escalation
 -------------------------------------------------------------------
@ -159,7 +174,7 @@ Thu Jan 17 23:11:38 UTC 2017 - alexander_naumov@opensuse.org
 - GNU Screen 4.5.0:
 * It's possible to specify logfile's name via command line
-   parameter '-L'. 
+   parameter '-L'.
 Fixes:
 * broken handling of "bind u digraph U+"
@ -198,8 +213,8 @@ Wed Jul  1 10:13:31 UTC 2015 - trenn@suse.de
 Wed Jul 01 09:48:45 UTC 2015 - alexander_naumov@opensuse.org
 - GNU screen 4.3.1
- * This is a bug fix release. 
+ * This is a bug fix release.
- * Visible content get messed up after window resize 
+ * Visible content get messed up after window resize
 -------------------------------------------------------------------
 Mon Jun 15 09:28:15 UTC 2015 - alexander_naumov@opensuse.org
@ -340,7 +355,7 @@ Thu Sep 13 13:52:04 CEST 2012 - mls@suse.de
 -------------------------------------------------------------------
 Sat Sep  8 11:07:44 UTC 2012 - idonmez@suse.com
- Add build dependency on makeinfo 
+- Add build dependency on makeinfo
 -------------------------------------------------------------------
 Wed Aug  8 19:56:19 CEST 2012 - mls@suse.de
@ -423,7 +438,7 @@ Wed Dec 16 00:26:00 CET 2009 - jengelh@medozas.de
 Fri Jul 31 02:17:31 CEST 2009 - crrodriguez@suse.de
 - add fedora patch for IPv6 support, this removes usage
-  of gethostbyname(3) 
+  of gethostbyname(3)
 -------------------------------------------------------------------
 Tue May 26 14:22:07 CEST 2009 - mls@suse.de
@ -433,7 +448,7 @@ Tue May 26 14:22:07 CEST 2009 - mls@suse.de
 -------------------------------------------------------------------
 Wed May 14 15:31:04 CEST 2008 - jw@suse.de
- A few lines added to docu explaining login-shells and 
+- A few lines added to docu explaining login-shells and
  starting with '-'  trick.
 -------------------------------------------------------------------
@ -561,7 +576,7 @@ Tue Oct  1 14:30:55 MEST 2002 - mls@suse.de
 -------------------------------------------------------------------
 Tue Sep 17 17:34:28 CEST 2002 - ro@suse.de
- removed bogus self-provides 
+- removed bogus self-provides
 -------------------------------------------------------------------
 Thu Sep  5 14:11:31 MEST 2002 - mls@suse.de
@ -658,7 +673,7 @@ Fri Apr 27 19:46:46 MEST 2001 - mls@suse.de
 -------------------------------------------------------------------
 Mon Sep  4 18:13:20 CEST 2000 - uli@suse.de
- fix for root compromise using configurable visual bell string 
+- fix for root compromise using configurable visual bell string
 -------------------------------------------------------------------
 Fri Feb 25 15:16:50 CET 2000 - kukuk@suse.de
--- a/screen.keyring
+++ b/screen.keyring
@ -1,41 +1,14 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-mQGNBF/kpG4BDADYJL/NbyJZ0X05RlUMkbIuFn8uXWfhsiburkbDwD8p4YedQOs6
+mDMEY7LR/BYJKwYBBAHaRw8BAQdA4m5kbiTCVBIvof8H5gLfnthrzQUThO1Jf6Cg
-QaHgYT86N4xsFWeT786Tv/iL85nnWNT8dcsS8eygWK18URBaZEkpUZBjTkhn5Ql2
+AXmKk8O0MEFsZXhhbmRlciBOYXVtb3YgPGFsZXhhbmRlcl9uYXVtb3ZAb3BlbnN1
-/1Bog26kaD/8XXzhHfNDpme9b30UtsB2XzXjeK8r9gRUXRqmo17iczCOLpPJ4GeY
+c2Uub3JnPoiaBBMWCgBCFiEEULhhs+kw7DN1DZDtkQgyl0qSoRwFAmOy0fwCGwMF
-CKhJs2fS8JRKqM3Vyt+IqKpBhJnbX6c/EXIIupSxGEwDboBzyGptF6oinLvbXxYW
+CRLMAwAFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEJEIMpdKkqEcmR8A
-TL80BRYlnizShHkG8AgJpNTa8xE+ua6pF8OgH07VMiX/sOIS7E0CUwYb4Qi+gVho
+/iPUUq/NOZDK+OGyevpgOjM4ql27sNEUw2s5lpSrtSUWAPwPp/z6MPUaCotey8DV
-HGGvi28TIcS1pFeWyRi8e/ISOO7PRnT4zy8QVAWVaMFp1RJfXSAf98ibJ/kNlZDq
+/9NNY4l2WqZFSEsXOod7ymytD7g4BGOy0fwSCisGAQQBl1UBBQEBB0Cd30iQQ4mh
-h4rfIU3gECkCv2TMCCKR3dOqGK5MXyF/oEksKlpLSaMsyyaR+VbgQ6EbHdWN2Se+
+td+nUWAq/MuTLNStoJpuptQx43LE97teQgMBCAeIfgQYFgoAJhYhBFC4YbPpMOwz
-xvYiQLeg8wnPp1wWVomFL+ZxyfELG8OM7rKgOjUmYr2GP8TnB4OZw/StPbRZlBdm
+dQ2Q7ZEIMpdKkqEcBQJjstH8AhsMBQkSzAMAAAoJEJEIMpdKkqEcKzQA/1YwYRl8
-kOQsOg1wAxwCnWMAEQEAAbQwQWxleGFuZGVyIE5hdW1vdiA8YWxleGFuZGVyX25h
+arfkUA1IwJQajL9IgAyzYmHXKbLNxnTudUvgAP9uBpUML3BzCw097e49P3YcPncf
-dW1vdkBvcGVuc3VzZS5vcmc+iQHUBBMBCAA+FiEEtFYP2Mny3jvjCOujkzrSGIb2
+rmvea+Jn9PDEUQQlAg==
-n78FAl/kpG4CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkzrS
+=hWrz
 GIb2n7/LHgwAtFbpKVhqLDShlJV+5YUrVuczFTAHVQg1a8+tJmxip6kCJ12VdlkX
 F1/23kEoPl2Y8/TQbYjkDKEA3yt4fkpZI/OfHtXEjM/jS+aZLhdUs4F1MjQSqmVM
 2fskFWb0uWJl4F9HUYOSHPvkXUvzxnSTV7BBLt877YZ1ZL5T96O8h87Q1pfc+G4i
 lop+2rwFyanLv81gzadlOy7qJ7PNEF102rUulmtWzZ5dNZHHw3j7mgdu7H+61I5H
 XMTnSORQIbjtHc6PWj/IglzEh9v/HZtm6SF7FiVHgwjWWAIHBsMgH2aQ/8FAO1JQ
 zPG1wldsMULWC8e7D3+fBcW9fBFayl/nrcpZqfehKSRt/yK7hiUH5vHR1Ep5Rj5L
 8bL6Btc9mH/E1UvGMsu/hHGQJwF89Z1vXbTAID31/05ACwn/38lmmwMLWelT033N
 AvzQJQc5tarBDPgFr2CMqo8E+exR6L8Boj+f+ZsVh8z44VvqlMxA8gQTE0xssNSO
 QYFar8k8xLN2uQGNBF/kpG4BDADHvUFr1k7cP8bAkD+e5mkhnVuS8cZ1rPr8nfz4
 RO7Cg6NHoL036cfVtTLHcEcD+yuiAxMo2XITved5QRB/SGzFFRmrx0hISaboAr3S
 dsWJip8x/XGPaGkWEXIb0geEPhg2PMz7D7/CDIX0DO/X5co4U6qQt1lkoMWfeRym
 Acg2aJiVWm0RhUvIRdwl2kUKVifzhVYoZrQBazNzwp20ARNYhPPbkPgUqJOz49Zt
 ghZqfS9wjjkEDwV+WuyCM5KCU2f9R95pXW69hwobsgDj3Xm7GrofZknCEEAjzD+W
 cU7fBawm0f3oOIc+f8Ob0L13nCr+/FgZEaouztE5qGXcU3X5OoNhIiAep1L3CF5T
 S/+qAvKsg60BMfW3MBOhJEf/VoeTxdRbWrCvHWe83gaTQQUaGhoLHr+ADzdEnl6J
 eDERNciqRMC+LhEB20YUumJhZ6d1/a+sjIhbLAbkbt8SQnwUJC0Ti7POdhNeOVRy
 UL2pz92EBUkKaAVxhttuGB6HSXcAEQEAAYkBvAQYAQgAJhYhBLRWD9jJ8t474wjr
 o5M60hiG9p+/BQJf5KRuAhsMBQkDwmcAAAoJEJM60hiG9p+/KBIMAIL2NZVYmxpw
 1VCZfKcfXtMuP+yh7O8rJyjEFQaj3HSW+tvh/Dh7pPOUzBmJsSH5x8shOlgItNEo
 RdpK9/tQRg+KWSckWAhjFAOjiO+fdpqG1ZctecBUGI6gAgNQbYjSYf4CXyCIJl4J
 Jex9xhNS4PoS62KpYUFzxtvtsOeGwZ2yJmW1rSN4PyTRvhTyaqpOIT/Ic+OvHDQd
 s93DNfCGWIWpBnImeeGbUW00ZZ/B2r1X1rulu/SJH8dSvu1N3+51QyUEr3gpLNfQ
 kd2BoWFjva8PiYMzHj70FEk4n1tcc2F0QIgwUcov3SWbGT0DWvR6z+XbuaWSSCRv
 0S3P0uZOqb8LYfZDEAdRQzczsso/syoyQayq2GK/v1Tbvh+G+5HNwQ3kqSCmkIBV
 ZpoG0z62vP9UOp065GIFoWNqJFVeOfWHwoiV1OOq1SkQJXv0spbJRekiJUD+K0np
 0gVsXkf8FbpfsV4hugSYmtQw69PRkQxFp3HXcRtfE0KQ7enJ2MfF8g==
 =MrS5
 -----END PGP PUBLIC KEY BLOCK-----
--- a/screen.spec
+++ b/screen.spec
@ -1,7 +1,7 @@
 #
 # spec file for package screen
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@
 %define rundir %{_localstatedir}/run
 %endif
 Name:           screen
-Version:        4.9.0
+Version:        4.9.1
 Release:        0
 Summary:        A program to allow multiple screens on a VT100/ANSI Terminal
 License:        GPL-3.0-or-later