Accepting request 1279269 from Base:System

->

OBS-URL: https://build.opensuse.org/request/show/1279269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/screen?expand=0&rev=67

multicont.diff

@@ -0,0 +1,44 @@
+--- attacher.c.orig	2025-05-22 11:29:37.805021734 +0000
++++ attacher.c	2025-05-22 11:29:42.281014540 +0000
+@@ -148,7 +148,7 @@ int how;
+   struct msg m;
+   struct stat st;
+   char *s;
+-  bool is_socket;
++  bool is_socket = 0;
+ 
+   debug2("Attach: how=%d, tty=%s\n", how, attach_tty);
+ #ifdef MULTIUSER
+@@ -225,9 +225,16 @@ int how;
+   strncpy(m.m_tty, attach_tty_is_in_new_ns ? attach_tty_name_in_ns : attach_tty, sizeof(m.m_tty) - 1);
+   m.m_tty[sizeof(m.m_tty) - 1] = 0;
+ 
+-  is_socket = IsSocket(SockPath);
+   if (how == MSG_WINCH)
+     {
++#if defined(MULTIUSER) && defined(USE_SETEUID)
++      if (multiattach)
++	{
++	  xseteuid(real_uid);
++	  xsetegid(real_gid);
++	}
++#endif
++      is_socket = IsSocket(SockPath);
+       if ((lasts = MakeClientSocket(0, is_socket)) >= 0)
+ 	{
+ 	  WriteMessage(lasts, &m);
+@@ -238,6 +245,14 @@ int how;
+ 
+   if (how == MSG_CONT)
+     {
++#if defined(MULTIUSER) && defined(USE_SETEUID)
++      if (multiattach)
++	{
++	  xseteuid(real_uid);
++	  xsetegid(real_gid);
++	}
++#endif
++      is_socket = IsSocket(SockPath);
+       if ((lasts = MakeClientSocket(0, is_socket)) < 0)
+         {
+           Panic(0, "Sorry, cannot contact session \"%s\" again.\r\n",

nottychmod.diff

@@ -0,0 +1,113 @@
+--- attacher.c.orig	2025-05-22 11:26:20.505338847 +0000
++++ attacher.c	2025-05-22 11:27:45.393202410 +0000
+@@ -73,7 +73,6 @@ extern int MasterPid, attach_fd;
+ #ifdef MULTIUSER
+ extern char *multi;
+ extern int multiattach, multi_uid, own_uid;
+-extern int tty_mode, tty_oldmode;
+ # ifndef USE_SETEUID
+ static int multipipe[2];
+ # endif
+@@ -160,9 +159,6 @@ int how;
+ 
+       if (pipe(multipipe))
+ 	Panic(errno, "pipe");
+-      if (chmod(attach_tty, 0666))
+-	Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = tty_mode;
+       eff_uid = -1;	/* make UserContext fork */
+       real_uid = multi_uid;
+       if ((ret = UserContext()) <= 0)
+@@ -174,11 +170,6 @@ int how;
+ 	    Panic(errno, "UserContext");
+ 	  close(multipipe[1]);
+ 	  read(multipipe[0], &dummy, 1);
+-	  if (tty_oldmode >= 0)
+-	    {
+-	      chmod(attach_tty, tty_oldmode);
+-	      tty_oldmode = -1;
+-	    }
+ 	  ret = UserStatus();
+ #ifdef LOCK
+ 	  if (ret == SIG_LOCK)
+@@ -224,9 +215,6 @@ int how;
+       xseteuid(multi_uid);
+       xseteuid(own_uid);
+ #endif
+-      if (chmod(attach_tty, 0666))
+-	Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = tty_mode;
+     }
+ # endif /* USE_SETEUID */
+ #endif /* MULTIUSER */
+@@ -423,13 +411,6 @@ int how;
+       ContinuePlease = 0;
+ # ifndef USE_SETEUID
+       close(multipipe[1]);
+-# else
+-      xseteuid(own_uid);
+-      if (tty_oldmode >= 0)
+-        if (chmod(attach_tty, tty_oldmode))
+-          Panic(errno, "chmod %s", attach_tty);
+-      tty_oldmode = -1;
+-      xseteuid(real_uid);
+ # endif
+     }
+ #endif
+@@ -505,14 +486,6 @@ AttacherFinit SIGDEFARG
+ 	  close(s);
+ 	}
+     }
+-#ifdef MULTIUSER
+-  if (tty_oldmode >= 0)
+-    {
+-      if (setuid(own_uid))
+-        Panic(errno, "setuid");
+-      chmod(attach_tty, tty_oldmode);
+-    }
+-#endif
+   exit(0);
+   SIGRETURN;
+ }
+--- screen.c.orig	2023-08-16 00:29:26.000000000 +0000
++++ screen.c	2025-05-22 11:26:40.577306586 +0000
+@@ -230,8 +230,6 @@ char *multi_home;
+ int multi_uid;
+ int own_uid;
+ int multiattach;
+-int tty_mode;
+-int tty_oldmode = -1;
+ #endif
+ 
+ char HostName[MAXSTR];
+@@ -1009,9 +1007,6 @@ int main(int ac, char** av)
+ 
+     /* ttyname implies isatty */
+     SetTtyname(true, &st);
+-#ifdef MULTIUSER
+-    tty_mode = (int)st.st_mode & 0777;
+-#endif
+ 
+     fl = fcntl(0, F_GETFL, 0);
+     if (fl != -1 && (fl & (O_RDWR|O_RDONLY|O_WRONLY)) == O_RDWR)
+@@ -2170,20 +2165,6 @@ DEFINE_VARARGS_FN(Panic)
+       if (D_userpid)
+         Kill(D_userpid, SIG_BYE);
+     }
+-#ifdef MULTIUSER
+-  if (tty_oldmode >= 0) {
+-
+-# ifdef USE_SETEUID
+-    if (setuid(own_uid))
+-      xseteuid(own_uid);	/* may be a loop. sigh. */
+-# else
+-      setuid(own_uid);
+-# endif
+-
+-    debug1("Panic: changing back modes from %s\n", attach_tty);
+-    chmod(attach_tty, tty_oldmode);
+-  }
+-#endif
+   eexit(1);
+ }
+ 

screen.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Thu May 22 13:30:23 CEST 2025 - mls@suse.de
+
+- also use tty fd passing after a suspend (MSG_CONT)
+  new patch: sendfdcont.diff
+- do not chmod the tty for multiattach, rely on tty fd passing
+  instead [bsc#1242269] [CVE-2025-46802]
+  new patch: nottychmod.diff
+- fix resume after suspend in multiuser mode
+  new patch: multicont.diff
+
+-------------------------------------------------------------------
+Fri Mar 21 12:37:40 UTC 2025 - Richard Biener <rguenther@suse.com>
+
+- K&R source is not ready for C23 used by default with GCC 15.
+  Use -std=gnu89 instead.
+
+-------------------------------------------------------------------
+Thu Jan 16 10:49:16 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Disable libutempter, it doesn't work anymore with the switch
+  from utmp to systemd-logind and only creates error messages
+
 -------------------------------------------------------------------
 Mon Feb 26 13:12:12 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 

screen.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package screen
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,12 +35,17 @@ Source3:        https://savannah.gnu.org/people/viewgpg.php?user_id=99366#/%{nam
 Source4:        screen.pam
 Patch0:         global_screenrc.patch
 Patch6:         libtinfo.diff
+Patch7:         sendfdcont.diff
+Patch8:         nottychmod.diff
+Patch9:         multicont.diff
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  makeinfo
 BuildRequires:  ncurses-devel
 BuildRequires:  pam-devel
+%if 0%{?suse_version} < 1600
 BuildRequires:  utempter-devel
+%endif
 Requires:       terminfo-base
 Requires(post): permissions
 %systemd_ordering
@@ -58,15 +63,19 @@ Documentation: man page
 %patch -P 0
 # libtinfo.diff
 %patch -P 6
+%patch -P 7
+%patch -P 8
+%patch -P 9
 
 %build
 sh ./autogen.sh
 
-CFLAGS="-DMAXWIN=1000 %{optflags}" %configure --prefix=%{_prefix} --infodir=%{_infodir} \
+CFLAGS="-DMAXWIN=1000 %{optflags} -std=gnu89" %configure --prefix=%{_prefix} --infodir=%{_infodir} \
 				--mandir=%{_mandir} \
 				--with-socket-dir='(eff_uid ? "%{rundir}/uscreens" : "%{rundir}/screens")' \
 				--with-sys-screenrc=%{_sysconfdir}/screenrc \
 				--with-pty-group=5 \
+				--with-pty-mode=0620 \
 				--enable-use-locale \
 				--enable-telnet \
 				--enable-pam \

sendfdcont.diff

@@ -0,0 +1,44 @@
+--- attacher.c.orig	2025-05-22 09:23:03.861076640 +0000
++++ attacher.c	2025-05-22 09:29:29.060392092 +0000
+@@ -112,7 +112,7 @@ QueryResultFail SIGDEFARG
+  *  Understands  MSG_ATTACH, MSG_DETACH, MSG_POW_DETACH
+  *               MSG_CONT, MSG_WINCH and nothing else!
+  *
+- *  if type == MSG_ATTACH and sockets are used, attaches
++ *  if type == MSG_ATTACH or MSG_CONT and sockets are used, attaches
+  *  tty file descriptor.
+  */
+ 
+@@ -125,7 +125,7 @@ struct msg *m;
+   bool is_socket;
+ 
+   is_socket = IsSocket(SockPath);
+-  if (is_socket && m->type == MSG_ATTACH)
++  if (is_socket && (m->type == MSG_ATTACH || m->type == MSG_CONT))
+     return SendAttachMsg(s, m, attach_fd);
+ 
+   while(l > 0)
+--- socket.c.orig	2025-05-22 09:23:09.261067045 +0000
++++ socket.c	2025-05-22 09:25:24.044827531 +0000
+@@ -1169,7 +1169,7 @@ ReceiveMsg()
+     }
+ 
+   debug2("*** RecMsg: type %d tty %s\n", m.type, m.m_tty);
+-  if (m.type != MSG_ATTACH && recvfd != -1)
++  if (m.type != MSG_ATTACH && m.type != MSG_CONT && recvfd != -1)
+     {
+       close(recvfd);
+       recvfd = -1;
+@@ -1222,7 +1222,11 @@ ReceiveMsg()
+         break;
+       case MSG_CONT:
+         if (display && D_userpid != 0 && kill(D_userpid, 0) == 0)
+-          break; /* Intruder Alert */
++          {
++            if (recvfd != -1)
++              close(recvfd);
++            break; /* Intruder Alert */
++          }
+         debug2("RecMsg: apid=%d,was %d\n", m.m.attach.apid,
+                display ? D_userpid : 0);
+       /* FALLTHROUGH */