From: Patrice Clement Date: Tue, 15 Sep 2015 23:14:26 +0000 (+0000) Subject: app-misc/screen: Patch sources to mitigate a stack overflow. Fixes security bug 559394. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d2b61ecde95de8b30652d3d56973845c6ba41811;p=gentoo.git app-misc/screen: Patch sources to mitigate a stack overflow. Fixes security bug 559394. Package-Manager: portage-2.2.18 Signed-off-by: Patrice Clement --- diff --git a/app-misc/screen/files/screen-4.3.1-ansi.c.patch b/app-misc/screen/files/screen-4.3.1-ansi.c.patch new file mode 100644 index 000000000000..8dca52d463e4 --- /dev/null +++ b/app-misc/screen/files/screen-4.3.1-ansi.c.patch @@ -0,0 +1,37 @@ +--- ansi.c.orig 2015-09-15 22:55:48.274486000 +0000 ++++ ansi.c 2015-09-15 22:59:14.368486000 +0000 +@@ -2502,13 +2502,13 @@ + return; + if (n > 0) + { ++ if (ye - ys + 1 < n) ++ n = ye - ys + 1; + if (n > 256) + { + MScrollV(p, n - 256, ys, ye, bce); + n = 256; + } +- if (ye - ys + 1 < n) +- n = ye - ys + 1; + #ifdef COPY_PASTE + if (compacthist) + { +@@ -2562,15 +2562,14 @@ + } + else + { ++ n = -n; ++ if (ye - ys + 1 < n) ++ n = ye - ys + 1; + if (n < -256) + { + MScrollV(p, n + 256, ys, ye, bce); + n = -256; + } +- n = -n; +- if (ye - ys + 1 < n) +- n = ye - ys + 1; +- + ml = p->w_mlines + ye; + /* Clear lines */ + for (i = ye; i > ye - n; i--, ml--) diff --git a/app-misc/screen/screen-4.3.1-r1.ebuild b/app-misc/screen/screen-4.3.1-r1.ebuild new file mode 100644 index 000000000000..cb859368bbb2 --- /dev/null +++ b/app-misc/screen/screen-4.3.1-r1.ebuild @@ -0,0 +1,154 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils flag-o-matic pam toolchain-funcs user + +DESCRIPTION="Full-screen window manager that multiplexes physical terminals between several processes" +HOMEPAGE="https://www.gnu.org/software/screen/" +SRC_URI="mirror://gnu/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~hppa-hpux ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="debug nethack pam selinux multiuser" + +CDEPEND=" + >=sys-libs/ncurses-5.2:0= + pam? ( virtual/pam )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-screen )" +DEPEND="${CDEPEND} + sys-apps/texinfo" + +# Patches: +# - Don't use utempter even if it is found on the system. +# - Bug 559394. +PATCHES=( + "${FILESDIR}"/${PN}-4.3.0-no-utempter.patch + "${FILESDIR}"/${PN}-4.3.1-ansi.c.patch +) + +pkg_setup() { + # Make sure utmp group exists, as it's used later on. + enewgroup utmp 406 +} + +src_prepare() { + # Apply patches. + epatch "${PATCHES[@]}" + + # sched.h is a system header and causes problems with some C libraries + mv sched.h _sched.h || die + sed -i '/include/ s:sched.h:_sched.h:' screen.h || die + + # Fix manpage. + sed -i \ + -e "s:/usr/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \ + -e "s:/usr/local/screens:${EPREFIX}/tmp/screen:g" \ + -e "s:/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \ + -e "s:/etc/utmp:${EPREFIX}/var/run/utmp:g" \ + -e "s:/local/screens/S-:${EPREFIX}/tmp/screen/S-:g" \ + doc/screen.1 \ + || die + + # reconfigure + eautoreconf +} + +src_configure() { + append-cppflags "-DMAXWIN=${MAX_SCREEN_WINDOWS:-100}" + + if [[ ${CHOST} == *-solaris* ]] ; then + # https://lists.gnu.org/archive/html/screen-devel/2014-04/msg00095.html + append-cppflags -D_XOPEN_SOURCE \ + -D_XOPEN_SOURCE_EXTENDED=1 \ + -D__EXTENSIONS__ + append-libs -lsocket -lnsl + fi + + use nethack || append-cppflags "-DNONETHACK" + use debug && append-cppflags "-DDEBUG" + + econf \ + --with-socket-dir="${EPREFIX}/tmp/screen" \ + --with-sys-screenrc="${EPREFIX}/etc/screenrc" \ + --with-pty-mode=0620 \ + --with-pty-group=5 \ + --enable-rxvt_osc \ + --enable-telnet \ + --enable-colors256 \ + $(use_enable pam) +} + +src_compile() { + LC_ALL=POSIX emake comm.h term.h + emake osdef.h + + emake -C doc screen.info + default +} + +src_install() { + local tmpfiles_perms tmpfiles_group + + dobin screen + + if use multiuser || use prefix + then + fperms 4755 /usr/bin/screen + tmpfiles_perms="0755" + tmpfiles_group="root" + else + fowners root:utmp /usr/bin/screen + fperms 2755 /usr/bin/screen + tmpfiles_perms="0775" + tmpfiles_group="utmp" + fi + + dodir /etc/tmpfiles.d + echo "d /tmp/screen ${tmpfiles_perms} root ${tmpfiles_group}" \ + > "${ED}"/etc/tmpfiles.d/screen.conf + + insinto /usr/share/screen + doins terminfo/{screencap,screeninfo.src} + insinto /usr/share/screen/utf8encodings + doins utf8encodings/?? + insinto /etc + doins "${FILESDIR}"/screenrc + + pamd_mimic_system screen auth + + dodoc \ + README ChangeLog INSTALL TODO NEWS* patchlevel.h \ + doc/{FAQ,README.DOTSCREEN,fdpat.ps,window_to_display.ps} + + doman doc/screen.1 + doinfo doc/screen.info +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]] + then + elog "Some dangerous key bindings have been removed or changed to more safe values." + elog "We enable some xterm hacks in our default screenrc, which might break some" + elog "applications. Please check /etc/screenrc for information on these changes." + fi + + # Add /tmp/screen in case it doesn't exist yet. This should solve + # problems like bug #508634 where tmpfiles.d isn't in effect. + local rundir="${EROOT%/}/tmp/screen" + if [[ ! -d ${rundir} ]] ; then + if use multiuser || use prefix ; then + tmpfiles_group="root" + else + tmpfiles_group="utmp" + fi + mkdir -m 0775 "${rundir}" + chgrp ${tmpfiles_group} "${rundir}" + fi + + ewarn "This revision changes the screen socket location to ${rundir}" +}