From: Hank Leininger Date: Sat, 8 Feb 2020 03:43:38 +0000 (-0700) Subject: app-misc/screen: version bump (security fix); GLEP 81 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c7652c1f375a096d86e4d13b17ae97327e7d3af6;p=gentoo.git app-misc/screen: version bump (security fix); GLEP 81 Upstream released a fix for a memory overwrite; no CVE, but see referenced bug and https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html Also updated for GLEP 81. Changed ${EROOT%/} to ${EROOT}, because CI complained. Signed-off-by: Hank Leininger Bug: https://bugs.gentoo.org/708460 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Lars Wendler --- diff --git a/app-misc/screen/Manifest b/app-misc/screen/Manifest index f9d35a5e7c21..f850d85971b2 100644 --- a/app-misc/screen/Manifest +++ b/app-misc/screen/Manifest @@ -4,3 +4,4 @@ DIST screen-4.6.0.tar.gz 849062 BLAKE2B e08915bb34d4e356eb33c479f1b2dc7a8f4a855e DIST screen-4.6.1.tar.gz 848979 BLAKE2B e78874b6d8723c52f827ab5e6b665102d7fd831f03a0006f9d31e000535ccce95ce08e2d302e34ba2d567167a917c8bd3b875843828d1951bcb38ab6ae4e0acf SHA512 e5d029400ed5b509ebddc1f55812c33536d6f5ce91119537c7d06e1fa7dee84939c43337df4638f61c818ce0412f4d08fe212202162a4483a9e84bbc4b3e4336 DIST screen-4.6.2.tar.gz 845210 BLAKE2B feea244e2e0c8f638442a524cd7cac93c6c5e576541bf1321fb32bc9424abf53415d00ebcb4a13a9613788c1baad6e132f209bd0a017b100e0687b3658603aea SHA512 224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 DIST screen-4.7.0.tar.gz 854192 BLAKE2B f22ee3f3ad7591ee2641ba9667b131298f3cb9b7712b0f0db28516c60d0a0768893eda2f4ce35d9c641871247a638a03c2550328f1af1f85ab5ce8ffa9b77d54 SHA512 44c7a33e2ed772ce91998cdc07556ef7b972e5b100335e14702b273a234e437fe6415de459e7b6d34c6086282a432778629047424ef9159ac6fcf26d22b45745 +DIST screen-4.8.0.tar.gz 854854 BLAKE2B 97ef6f18bf2c63c477260b742ac0b3501f112d380c41ccecc5cf2853db853cc62d4fd6d37edeca35fb41a43b76d98a5cfe160749c992d284f9764b0a0fdcc778 SHA512 770ebaf6ee9be711bcb8a6104b3294f2bf4523dae6683fdc5eac4b3aff7e511be2d922b6b2ad28ec241113c2e4fe0d80f9a482ae1658adc19c8c3a3680caa25c diff --git a/app-misc/screen/screen-4.8.0.ebuild b/app-misc/screen/screen-4.8.0.ebuild new file mode 100644 index 000000000000..fcb1f1674b9e --- /dev/null +++ b/app-misc/screen/screen-4.8.0.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic pam tmpfiles toolchain-funcs + +DESCRIPTION="screen manager with VT100/ANSI terminal emulation" +HOMEPAGE="https://www.gnu.org/software/screen/" + +if [[ "${PV}" != 9999 ]] ; then + SRC_URI="mirror://gnu/${PN}/${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +else + inherit git-r3 + EGIT_REPO_URI="https://git.savannah.gnu.org/git/screen.git" + EGIT_CHECKOUT_DIR="${WORKDIR}/${P}" # needed for setting S later on + S="${WORKDIR}"/${P}/src +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="debug nethack pam selinux multiuser" + +CDEPEND=" + >=sys-libs/ncurses-5.2:0= + pam? ( sys-libs/pam )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-screen )" +DEPEND="${CDEPEND} + acct-group/utmp + sys-apps/texinfo" + +PATCHES=( + # Don't use utempter even if it is found on the system. + "${FILESDIR}"/${PN}-4.3.0-no-utempter.patch + "${FILESDIR}"/${PN}-4.6.2-utmp-exit.patch +) + +src_prepare() { + default + + # sched.h is a system header and causes problems with some C libraries + mv sched.h _sched.h || die + sed -i '/include/ s:sched.h:_sched.h:' screen.h || die + + # Fix manpage. + sed -i \ + -e "s:/usr/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \ + -e "s:/usr/local/screens:${EPREFIX}/tmp/screen:g" \ + -e "s:/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \ + -e "s:/etc/utmp:${EPREFIX}/var/run/utmp:g" \ + -e "s:/local/screens/S\\\-:${EPREFIX}/tmp/screen/S\\\-:g" \ + doc/screen.1 \ + || die + + if [[ ${CHOST} == *-darwin* ]] || use elibc_musl ; then + sed -i -e '/^#define UTMPOK/s/define/undef/' acconfig.h || die + fi + + # disable musl dummy headers for utmp[x] + use elibc_musl && append-cppflags "-D_UTMP_H -D_UTMPX_H" + + # reconfigure + eautoreconf +} + +src_configure() { + append-cppflags "-DMAXWIN=${MAX_SCREEN_WINDOWS:-100}" + + if [[ ${CHOST} == *-solaris* ]] ; then + # enable msg_header by upping the feature standard compatible + # with c99 mode + append-cppflags -D_XOPEN_SOURCE=600 + fi + + use nethack || append-cppflags "-DNONETHACK" + use debug && append-cppflags "-DDEBUG" + + econf \ + --with-socket-dir="${EPREFIX}/tmp/screen" \ + --with-sys-screenrc="${EPREFIX}/etc/screenrc" \ + --with-pty-mode=0620 \ + --with-pty-group=5 \ + --enable-rxvt_osc \ + --enable-telnet \ + --enable-colors256 \ + $(use_enable pam) +} + +src_compile() { + LC_ALL=POSIX emake comm.h term.h + emake osdef.h + + emake -C doc screen.info + default +} + +src_install() { + local DOCS=( + README ChangeLog INSTALL TODO NEWS* patchlevel.h + doc/{FAQ,README.DOTSCREEN,fdpat.ps,window_to_display.ps} + ) + + emake DESTDIR="${D}" SCREEN=screen-${PV} install + + local tmpfiles_perms tmpfiles_group + + if use multiuser || use prefix + then + fperms 4755 /usr/bin/screen-${PV} + tmpfiles_perms="0755" + tmpfiles_group="root" + else + fowners root:utmp /usr/bin/screen-${PV} + fperms 2755 /usr/bin/screen-${PV} + tmpfiles_perms="0775" + tmpfiles_group="utmp" + fi + + newtmpfiles - screen.conf <<<"d /tmp/screen ${tmpfiles_perms} root ${tmpfiles_group}" + + insinto /usr/share/screen + doins terminfo/{screencap,screeninfo.src} + + insinto /etc + doins "${FILESDIR}"/screenrc + + pamd_mimic_system screen auth + + dodoc "${DOCS[@]}" +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]] + then + elog "Some dangerous key bindings have been removed or changed to more safe values." + elog "We enable some xterm hacks in our default screenrc, which might break some" + elog "applications. Please check /etc/screenrc for information on these changes." + fi + + # Add /tmp/screen in case it doesn't exist yet. This should solve + # problems like bug #508634 where tmpfiles.d isn't in effect. + local rundir="${EROOT}/tmp/screen" + if [[ ! -d ${rundir} ]] ; then + if use multiuser || use prefix ; then + tmpfiles_group="root" + else + tmpfiles_group="utmp" + fi + mkdir -m 0775 "${rundir}" + chgrp ${tmpfiles_group} "${rundir}" + fi + + ewarn "This revision changes the screen socket location to ${rundir}" +}