Received: (at 78430) by debbugs.gnu.org; 17 May 2025 15:26:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 17 11:26:47 2025 Received: from localhost ([127.0.0.1]:49968 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1uGJR1-0005c2-5p for submit <at> debbugs.gnu.org; Sat, 17 May 2025 11:26:47 -0400 Received: from fhigh-b1-smtp.messagingengine.com ([202.12.124.152]:57493) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ian@HIDDEN>) id 1uGJQy-0005bk-GX for 78430 <at> debbugs.gnu.org; Sat, 17 May 2025 11:26:45 -0400 Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfhigh.stl.internal (Postfix) with ESMTP id EB69525400C5; Sat, 17 May 2025 11:26:38 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Sat, 17 May 2025 11:26:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm2; t=1747495598; x=1747581998; bh=g4D1WKSRV50MpNXDrN9xDEEdkV6pAuLE hbIBd/BfYQ4=; b=G4elxz30PwIMvfv/G7n8CEytm2vyuSsTV14KAOXuMhxn8zZK 8DWTFI0LyfkJUgM953aTiIIcTQzIYwXNwbK3Ss82+xxkQwziRPfCi1cw49VKVEC/ nXOtPgm/MpcUSsZP59rFAnemsaSi6xgckPaO3p1f7cW+dfRbyKRJ2q/UHfKxN4r0 ehhp82gdBzMBWC5fbLiH8sOSENw4wKz7pUd8iZ6PhOsNhOnygLETfZg7f0W5ghG4 3Kug0mn8ObDBbgtWfShJIX9rKlISuJ6H3xfXeRxXiQJI5RvBgPAKprsJEB0g3YOv brVfCAuuAZxiG1n/PVX6R6xvVdljztkC9kRToQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1747495598; x= 1747581998; bh=g4D1WKSRV50MpNXDrN9xDEEdkV6pAuLEhbIBd/BfYQ4=; b=c wdrHwbLamD+747hb/AD8hCLnFELjFh3VN7+ruOabDMIWoM37PVzEbUNRGuiWlINh 5jlTBVVOJqckd0/qitbDbfXMA0wgp8TxqsbST3a0vrbEiYHrbaF28ZIvTZxXZ51o xdHqC2QUzURqxxkj64cnBMM2gZ/4kwmbRelNscIYWHwIrBv78E904S8myOTcrhQI g4WbWLhBoDawg+575uWX+kTRxRltceOaU9rFib906HJqcloF+Gx+fmgKwFLHbhL4 23ZBKtFHXTTul5rSYr3c3VAEbGBTGoKnOL8RYeUBQbs5wGS21Pbt1wN14on5/Mvy s0R2Fnx9cz9bgNOfcbwxw== X-ME-Sender: <xms:rqooaO6kNNPdEKBsni_W6xVU9GFAPlG4-9gmQcEQH64u2U4gu-6m7A> <xme:rqooaH4p9vC4gRocede72bR1v-ew3XN3WGmN5CLNrBHxOZ9NyjExPAuUVqmZ5rmMQ -9lItKHJcP-X3rstg> X-ME-Received: <xmr:rqooaNc2nz0do8kjreqbenPE87MivDeQz1lx-HVONMfXlVpJiY6L9Rbr9VfpG4AuS59hhtckPEENiT5d_u_EmHDcNDCFBXj2> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdefudehleekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih gvnhhtshculddquddttddmnecujfgurhephffvvefufgffkfggtgesthdtredttdertden ucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdrthhvqeenuc ggtffrrghtthgvrhhnpeejfeetgeekfeefffffieehledugeefheeigedtheejffelgfeg vdeiffethfdttdenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdht vhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepje ekgeeftdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopehlihhlihgrnhgr rdhprhhikhhlvghrsehgmhgrihhlrdgtohhm X-ME-Proxy: <xmx:rqooaLLvJo39eA2_tjFNu8GL2HYAUvKCzlbRYGq0zzesZc-koIKLaw> <xmx:rqooaCK_SaXGZKzCQMDgccZr54M25MN5FftFmO60zBy_Y4WHK5lYBA> <xmx:rqooaMyJXdLGkx0I-fReuTEup3uANov4Il2GxNiDtpz1VB4YQ-8VlQ> <xmx:rqooaGKFTv4741PYR_zKPoY9t636kaIhfCSYc3PKfYheO4p_yaWP6w> <xmx:rqooaIgxRIzfMwR5USiNyF-Q3JfHZDKl88XRqhFFCpkhIbIab5azERgO> Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 May 2025 11:26:37 -0400 (EDT) From: Ian Eure <ian@HIDDEN> To: Liliana Marie Prikler <liliana.prikler@HIDDEN> Subject: Re: [bug#78430] [PATCH 2/2] gnu: screen: Fix multiple CVEs. User-Agent: mu4e 1.12.9; emacs 29.4 Date: Sat, 17 May 2025 08:26:36 -0700 Message-ID: <87frh3gswj.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 78430 Cc: 78430 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Hi Liliana, Both patches look good to me, feel free to push. I do note that Screen 5.0.1 is out and has all these fixes[1], so you might consider updating to that rather than backporting the fixes. Thanks, -- Ian [1]: https://lists.gnu.org/archive/html/screen-users/2025-05/msg00005.html
guix-patches@HIDDEN:bug#78430; Package guix-patches.
Full text available.
Received: (at 78430) by debbugs.gnu.org; 14 May 2025 19:51:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 14 15:51:22 2025
Received: from localhost ([127.0.0.1]:45816 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uFI8L-0006WU-UT
for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:21 -0400
Received: from mail-wm1-x344.google.com ([2a00:1450:4864:20::344]:49278)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
id 1uFI8E-0006VY-0O
for 78430 <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:11 -0400
Received: by mail-wm1-x344.google.com with SMTP id
5b1f17b1804b1-43cfdc2c8c9so974785e9.2
for <78430 <at> debbugs.gnu.org>; Wed, 14 May 2025 12:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1747252264; x=1747857064; darn=debbugs.gnu.org;
h=to:content-transfer-encoding:mime-version:subject:date:from
:references:in-reply-to:message-id:from:to:cc:subject:date
:message-id:reply-to;
bh=uW/u4z47nKKDAovukimWKGo9q6/NlSdLuZK87/9umSY=;
b=RlU21l4cdqyXlFInWHP3tzwe7O9eyWpvhhm/1tt09fEN4FDSl9jVNSy3wxeDgLrHZK
qS98FjZNwOxMMhbNGUGGfu+Z4Ha+FDoCIKBe5NpzhHWoiCHVsJWL8gKWZeykoXaqx16W
ovZeA5ywvUHjgllDJDykStKTNKvVmIFCSD7MfAAg5Q8IoAoHu1cKjk8Bbs55QyBNIEPi
A4sDjf258rlxJR574EnnLw50K+ukOuNJ5XbtRY+2DJ4dizWzsx0diUdJ9ZBpMxLbI1Bp
Y6glD8J7vGKDyXrdxjqGlhsCREGhMQ+ibCKJJlBd7JwE8UpDRyE+KHK8GNzrphaSUejF
YXog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1747252264; x=1747857064;
h=to:content-transfer-encoding:mime-version:subject:date:from
:references:in-reply-to:message-id:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=uW/u4z47nKKDAovukimWKGo9q6/NlSdLuZK87/9umSY=;
b=PyLayGkPH2tGTPR5CT5oz41Oz/z4WSiMl0/21fsTC7cJMx2ygKKpxIE13DyebKXHB9
qE2Y/IBwzbb2wDC+WAHKwS9eHBTeG7jZktYzexF4m9Pz0gE4GrdNHWSkRM1TudZmyOt7
LLS0klhrYOtLK+Qp2M3I7HJW2Dbu2+TXSK+vaeeePnkzmfC1JUanRvCVwKymHGaPEHOM
cKTYx1GO6OWg8fWEYfpK0DphGAqXIkcwCdV0nPeOMSMyZgIzuQ6ewd0TDgezuPDtTa4r
j3usig0r7TELfB+ARbkewZpjs4QlJgqS4CKjQXdemtosslnlEw4EQz94HYgz66Z4aPsa
E2mw==
X-Gm-Message-State: AOJu0Ywujv4zjsuRGbl2M4H/oam9PxScif4q7NfGqVc8X2aywgfVhvRQ
baVTFBy40/KVdsnEmrslgB5QFhvj2OjIIvJf6sWaYzVmcdoO8z2DhKyATdHl
X-Gm-Gg: ASbGncuuM/d0WaWxcygu+KGCk4OW7dRgowJBpBjnLsZznGEohbmMTOnYDrZpGcJEAQU
r+TBPlWEEvY+QuNsaW/tJsOC1U4YSMmgeQfjHfBCGtxfRmOWen1ljsMaeZOHSCjEbffvmBG9rsO
hjENKkhgekzK19nz3lUH4ePr1pAPcBZglPia6LipHPwU2jql9ZYKK2sXLdU2CmkmjjYp0mqy0CR
2ZXx+38QcLhj8GLBQ0kblSy1eXWIq5zN9cHi3o1fqb+8oxWVNTtyhCgR3be+rrZwKB7IySCoG91
0svkq64NQLF2GDiqgcbMrKgLwHhwFJj9dZQmMZ+1QAdg2IvZ/0MAhLEhizLfFMIMGiwR+H8HE/E
+hmM0GFwxwOJjEb/Bitz2VQ8c8Ic=
X-Google-Smtp-Source: AGHT+IG/oMIVXzA8F0en2pjM+djHKHbMzxsR+VgDYvuhycmOAbiqmXQlTZsdtsznnhN8DuFoCXBCvQ==
X-Received: by 2002:a05:600c:4ecf:b0:441:d4e8:76c6 with SMTP id
5b1f17b1804b1-442f217a414mr53472255e9.30.1747252263659;
Wed, 14 May 2025 12:51:03 -0700 (PDT)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
[85.127.114.32]) by smtp.gmail.com with ESMTPSA id
5b1f17b1804b1-442f397926asm41445745e9.36.2025.05.14.12.51.03
for <78430 <at> debbugs.gnu.org>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 14 May 2025 12:51:03 -0700 (PDT)
Message-ID: <b1dff57a870c402aae71414f7b48214c34a52041.1747250195.git.liliana.prikler@HIDDEN>
In-Reply-To: <cover.1747250195.git.liliana.prikler@HIDDEN>
References: <cover.1747250195.git.liliana.prikler@HIDDEN>
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Date: Wed, 14 May 2025 21:12:44 +0200
Subject: [PATCH 2/2] gnu: screen: Fix multiple CVEs.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
to: 78430 <at> debbugs.gnu.org
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/packages/patches/screen-fix-CVE-2025-233.patch: New
file. * gnu/packages/patches/screen-fix-CVE-2025-46802.patch: New file. *
gnu/packages/patches/screen-fix-CVE-2025-46804.patch: New file. * gn [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2a00:1450:4864:20:0:0:0:344 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (liliana.prikler[at]gmail.com)
2.1 MALFORMED_FREEMAIL Bad headers on message from free email
service 0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam
X-Debbugs-Envelope-To: 78430
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/packages/patches/screen-fix-CVE-2025-233.patch: New
file. * gnu/packages/patches/screen-fix-CVE-2025-46802.patch: New file. *
gnu/packages/patches/screen-fix-CVE-2025-46804.patch: New file. * gn [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2a00:1450:4864:20:0:0:0:344 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (liliana.prikler[at]gmail.com)
2.1 MALFORMED_FREEMAIL Bad headers on message from free email
service
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam
* gnu/packages/patches/screen-fix-CVE-2025-233.patch: New file.
* gnu/packages/patches/screen-fix-CVE-2025-46802.patch: New file.
* gnu/packages/patches/screen-fix-CVE-2025-46804.patch: New file.
* gnu/packages/patches/screen-fix-CVE-2025-46805.patch: New file.
* gnu/packages/patches/screen-fix-bad-strncpy.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register them here.
* gnu/packages/screen.scm (screen)[patches]: Use them here.
[arguments]: Add “--with-pty-mode=620”.
---
gnu/local.mk | 5 +
.../patches/screen-fix-CVE-2025-233.patch | 137 ++++++++++++++++++
.../patches/screen-fix-CVE-2025-46802.patch | 113 +++++++++++++++
.../patches/screen-fix-CVE-2025-46804.patch | 130 +++++++++++++++++
.../patches/screen-fix-CVE-2025-46805.patch | 115 +++++++++++++++
.../patches/screen-fix-bad-strncpy.patch | 60 ++++++++
gnu/packages/screen.scm | 14 +-
7 files changed, 572 insertions(+), 2 deletions(-)
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-233.patch
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46802.patch
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46804.patch
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46805.patch
create mode 100644 gnu/packages/patches/screen-fix-bad-strncpy.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index ce0f981a419..c6ece1f5c25 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2250,6 +2250,11 @@ dist_patch_DATA = \
%D%/packages/patches/scilab-tbx_build_help.patch \
%D%/packages/patches/scons-test-environment.patch \
%D%/packages/patches/scotch-cmake-remove-metis.patch \
+ %D%/packages/patches/screen-fix-bad-strncpy.patch \
+ %D%/packages/patches/screen-fix-CVE-2025-233.patch \
+ %D%/packages/patches/screen-fix-CVE-2025-46802.patch \
+ %D%/packages/patches/screen-fix-CVE-2025-46804.patch \
+ %D%/packages/patches/screen-fix-CVE-2025-46805.patch \
%D%/packages/patches/screen-hurd-path-max.patch \
%D%/packages/patches/scsh-nonstring-search-path.patch \
%D%/packages/patches/seed-webkit.patch \
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-233.patch b/gnu/packages/patches/screen-fix-CVE-2025-233.patch
new file mode 100644
index 00000000000..37c70437c6f
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-233.patch
@@ -0,0 +1,137 @@
+From a23f2fa9fbb3cb214ed6a8ab71c99bba94f79e92 Mon Sep 17 00:00:00 2001
+From: Alex Naumov <alexander_naumov@HIDDEN>
+Date: Wed, 7 May 2025 10:42:55 +0200
+Subject: [PATCH 1/6] logfile: reintroduce lf_secreopen() to fix CVE-2025-23395
+
+In commit 441bca708bd this function was mistakenly removed, which
+introduces a local root exploit vulnerability when running screen in
+setuid-root context.
+
+Committed-By: Matthias Gerstner <matthias.gerstner@HIDDEN>
+---
+ logfile.c | 27 +++++++++++++++++++++++----
+ logfile.h | 10 ++++++++++
+ screen.c | 19 +++++++++++++++++++
+ 3 files changed, 52 insertions(+), 4 deletions(-)
+
+diff --git a/logfile.c b/logfile.c
+index 65e7205..91dc224 100644
+--- a/logfile.c
++++ b/logfile.c
+@@ -88,10 +88,29 @@ static int logfile_reopen(char *name, int wantfd, Log *l)
+ return -1;
+ }
+ changed_logfile(l);
+- l->st->st_ino = l->st->st_dev = 0;
+ return 0;
+ }
+
++static int (*lf_reopen_fn) (char *, int, struct Log *) = logfile_reopen;
++
++/*
++ * Whenever logfwrite discoveres that it is required to close and
++ * reopen the logfile, the function registered here is called.
++ * If you do not register anything here, the above logfile_reopen()
++ * will be used instead.
++ * Your function should perform the same steps as logfile_reopen():
++ * a) close the original filedescriptor without flushing any output
++ * b) open a new logfile for future output on the same filedescriptor number.
++ * c) zero out st_dev, st_ino to tell the stolen_logfile() indcator to
++ * reinitialise itself.
++ * d) return 0 on success.
++ */
++void logreopen_register(int (*fn) (char *, int, struct Log *))
++{
++ lf_reopen_fn = fn ? fn : logfile_reopen;
++}
++
++
+ /*
+ * If the logfile has been removed, truncated, unlinked or the like,
+ * return nonzero.
+@@ -204,7 +223,7 @@ int logfwrite(Log *l, char *buf, size_t n)
+ {
+ int r;
+
+- if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++ if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ return -1;
+ r = fwrite(buf, n, 1, l->fp);
+ l->writecount += l->flushcount + 1;
+@@ -219,13 +238,13 @@ int logfflush(Log *l)
+
+ if (!l)
+ for (l = logroot; l; l = l->next) {
+- if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++ if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ return -1;
+ r |= fflush(l->fp);
+ l->flushcount++;
+ changed_logfile(l);
+ } else {
+- if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++ if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ return -1;
+ r = fflush(l->fp);
+ l->flushcount++;
+diff --git a/logfile.h b/logfile.h
+index dbc9c2c..569a90e 100644
+--- a/logfile.h
++++ b/logfile.h
+@@ -71,6 +71,16 @@ int logfwrite (Log *, char *, size_t);
+ */
+ int logfflush (Log *ifany);
+
++/*
++ * a reopen function may be registered here, in case you want to bring your
++ * own (more secure open), it may come along with a private data pointer.
++ * this function is called, whenever logfwrite/logfflush detect that the
++ * file has been (re)moved, truncated or changed by someone else.
++ * if you provide NULL as parameter to logreopen_register, the builtin
++ * reopen function will be reactivated.
++ */
++void logreopen_register (int (*fn) (char *, int, struct Log *) );
++
+ /*
+ * Your custom reopen function is required to reuse the exact
+ * filedescriptor.
+diff --git a/screen.c b/screen.c
+index a79c3b1..728e717 100644
+--- a/screen.c
++++ b/screen.c
+@@ -199,6 +199,21 @@ static int GotSigChld;
+ /********************************************************************/
+ /********************************************************************/
+
++static int lf_secreopen(char *name, int wantfd, struct Log *l)
++{
++ int got_fd;
++
++ close(wantfd);
++ if (((got_fd = secopen(name, O_WRONLY | O_CREAT | O_APPEND, 0666)) < 0) || lf_move_fd(got_fd, wantfd) < 0) {
++ logfclose(l);
++ return -1;
++ }
++ l->st->st_ino = l->st->st_dev = 0;
++ return 0;
++}
++
++
++
+ static struct passwd *getpwbyname(char *name, struct passwd *ppp)
+ {
+ int n;
+@@ -349,6 +364,10 @@ int main(int argc, char **argv)
+ #ifdef ENABLE_TELNET
+ af = AF_UNSPEC;
+ #endif
++ /* lf_secreopen() is vital for the secure operation in setuid-root context.
++ * Do not remove it
++ */
++ logreopen_register(lf_secreopen);
+
+ real_uid = getuid();
+ real_gid = getgid();
+--
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-46802.patch b/gnu/packages/patches/screen-fix-CVE-2025-46802.patch
new file mode 100644
index 00000000000..b2ae38d26dd
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-46802.patch
@@ -0,0 +1,113 @@
+From 5a5383b312b2422689ca0220ac1557885b6ce67d Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@HIDDEN>
+Date: Wed, 7 May 2025 10:56:17 +0200
+Subject: [PATCH 4/6] attacher.c: prevent temporary 0666 mode on PTYs to fix
+ CVE-2025-46802
+
+This temporary chmod of the PTY to mode 0666 is most likely a remnant of
+past times, before the PTY file descriptor was passed to the target
+session via the UNIX domain socket.
+
+This chmod() causes a race condition during which any other user in the
+system can open the PTY for reading and writing, and thus allows PTY
+hijacking.
+
+Simply remove this logic completely.
+---
+ attacher.c | 14 --------------
+ screen.c | 12 ------------
+ screen.h | 2 --
+ 3 files changed, 28 deletions(-)
+
+diff --git a/attacher.c b/attacher.c
+index 4e1a77e..e5a48b0 100644
+--- a/attacher.c
++++ b/attacher.c
+@@ -127,9 +127,6 @@ int Attach(int how)
+ xseteuid(multi_uid);
+ xseteuid(own_uid);
+ #endif
+- if (chmod(attach_tty, 0666))
+- Panic(errno, "chmod %s", attach_tty);
+- tty_oldmode = tty_mode;
+ }
+
+ memset((char *)&m, 0, sizeof(Message));
+@@ -279,12 +276,6 @@ int Attach(int how)
+ pause(); /* wait for SIGCONT */
+ xsignal(SIGCONT, SIG_DFL);
+ ContinuePlease = false;
+- xseteuid(own_uid);
+- if (tty_oldmode >= 0)
+- if (chmod(attach_tty, tty_oldmode))
+- Panic(errno, "chmod %s", attach_tty);
+- tty_oldmode = -1;
+- xseteuid(real_uid);
+ }
+ rflag = 0;
+ return 1;
+@@ -334,11 +325,6 @@ void AttacherFinit(int sigsig)
+ close(s);
+ }
+ }
+- if (tty_oldmode >= 0) {
+- if (setuid(own_uid))
+- Panic(errno, "setuid");
+- chmod(attach_tty, tty_oldmode);
+- }
+ exit(0);
+ }
+
+diff --git a/screen.c b/screen.c
+index 728e717..fb61c7f 100644
+--- a/screen.c
++++ b/screen.c
+@@ -145,8 +145,6 @@ bool hastruecolor = false;
+
+ char *multi;
+ int multiattach;
+-int tty_mode;
+-int tty_oldmode = -1;
+
+ char HostName[MAXSTR];
+ pid_t MasterPid;
+@@ -766,7 +764,6 @@ int main(int argc, char **argv)
+
+ /* ttyname implies isatty */
+ SetTtyname(true, &st);
+- tty_mode = (int)st.st_mode & 0777;
+
+ fl = fcntl(0, F_GETFL, 0);
+ if (fl != -1 && (fl & (O_RDWR | O_RDONLY | O_WRONLY)) == O_RDWR)
+@@ -1570,15 +1567,6 @@ void Panic(int err, const char *fmt, ...)
+ if (D_userpid)
+ Kill(D_userpid, SIG_BYE);
+ }
+- if (tty_oldmode >= 0) {
+-#if defined(HAVE_SETEUID)
+- if (setuid(own_uid))
+- xseteuid(own_uid); /* may be a loop. sigh. */
+-#else
+- setuid(own_uid);
+-#endif
+- chmod(attach_tty, tty_oldmode);
+- }
+ eexit(1);
+ }
+
+diff --git a/screen.h b/screen.h
+index 308c365..410b4f4 100644
+--- a/screen.h
++++ b/screen.h
+@@ -291,8 +291,6 @@ extern int nversion;
+ extern uid_t own_uid;
+ extern int queryflag;
+ extern int rflag;
+-extern int tty_mode;
+-extern int tty_oldmode;
+ extern pid_t MasterPid;
+ extern int MsgMinWait;
+ extern int MsgWait;
+--
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-46804.patch b/gnu/packages/patches/screen-fix-CVE-2025-46804.patch
new file mode 100644
index 00000000000..2aeab06c4b1
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-46804.patch
@@ -0,0 +1,130 @@
+From 49473441c17006856268f37249e62a99a7901741 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@HIDDEN>
+Date: Wed, 7 May 2025 11:25:25 +0200
+Subject: [PATCH 5/6] Avoid file existence test information leaks to fix
+ CVE-2025-46804
+
+In setuid-root context the current error messages give away whether
+certain paths not accessible by the real user exist and what type they
+have. To prevent this only output generic error messages in setuid-root
+context.
+
+In some situations, when an error is pertaining a directory and the
+directory is owner by the real user then we can still output more
+detailed diagnostics.
+
+This change can lead to less helpful error messages when Screen is
+install setuid-root. More complex changes would be needed to avoid this
+(e.g. only open the `SocketPath` with raised privileges when
+multi-attach is requested).
+
+There might still be lingering some code paths that allow such
+information leaks, since `SocketPath` is a global variable that is used
+across the code base. The majority of issues should be caught with this
+fix, however.
+---
+ screen.c | 54 ++++++++++++++++++++++++++++++++++++++++++------------
+ socket.c | 9 +++++++--
+ 2 files changed, 49 insertions(+), 14 deletions(-)
+
+diff --git a/screen.c b/screen.c
+index fb61c7f..eabbdc2 100644
+--- a/screen.c
++++ b/screen.c
+@@ -862,22 +862,47 @@ int main(int argc, char **argv)
+ #endif
+ }
+
+- if (stat(SocketPath, &st) == -1)
+- Panic(errno, "Cannot access %s", SocketPath);
+- else if (!S_ISDIR(st.st_mode))
+- Panic(0, "%s is not a directory.", SocketPath);
++ if (stat(SocketPath, &st) == -1) {
++ if (eff_uid == real_uid) {
++ Panic(errno, "Cannot access %s", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
++ else if (!S_ISDIR(st.st_mode)) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "%s is not a directory.", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ if (multi) {
+- if (st.st_uid != multi_uid)
+- Panic(0, "%s is not the owner of %s.", multi, SocketPath);
++ if (st.st_uid != multi_uid) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "%s is not the owner of %s.", multi, SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ } else {
+ #ifdef SOCKET_DIR /* if SOCKETDIR is not defined, the socket is in $HOME.
+ in that case it does not make sense to compare uids. */
+- if (st.st_uid != real_uid)
+- Panic(0, "You are not the owner of %s.", SocketPath);
++ if (st.st_uid != real_uid) {
++ if (eff_uid == real_uid) {
++ Panic(0, "You are not the owner of %s.", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ #endif
+ }
+- if ((st.st_mode & 0777) != 0700)
+- Panic(0, "Directory %s must have mode 700.", SocketPath);
++ if ((st.st_mode & 0777) != 0700) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "Directory %s must have mode 700.", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ if (SocketMatch && strchr(SocketMatch, '/'))
+ Panic(0, "Bad session name '%s'", SocketMatch);
+ SocketName = SocketPath + strlen(SocketPath) + 1;
+@@ -902,8 +927,13 @@ int main(int argc, char **argv)
+ else
+ exit(9 + (fo || oth ? 1 : 0) + fo);
+ }
+- if (fo == 0)
+- Panic(0, "No Sockets found in %s.\n", SocketPath);
++ if (fo == 0) {
++ if (eff_uid == real_uid || st.st_uid == real_uid) {
++ Panic(0, "No Sockets found in %s.\n", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+ Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SocketPath);
+ eexit(0);
+ }
+diff --git a/socket.c b/socket.c
+index 5709a24..d0b361a 100644
+--- a/socket.c
++++ b/socket.c
+@@ -148,8 +148,13 @@ int FindSocket(int *fdp, int *nfoundp, int *notherp, char *match)
+ xseteuid(real_uid);
+ xsetegid(real_gid);
+
+- if ((dirp = opendir(SocketPath)) == NULL)
+- Panic(errno, "Cannot opendir %s", SocketPath);
++ if ((dirp = opendir(SocketPath)) == NULL) {
++ if (eff_uid == real_uid) {
++ Panic(errno, "Cannot opendir %s", SocketPath);
++ } else {
++ Panic(0, "Error accessing %s", SocketPath);
++ }
++ }
+
+ slist = NULL;
+ slisttail = &slist;
+--
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-46805.patch b/gnu/packages/patches/screen-fix-CVE-2025-46805.patch
new file mode 100644
index 00000000000..b24b2c06b58
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-46805.patch
@@ -0,0 +1,115 @@
+From d993aacb892ee7aa83c0e21174c8b65b191802d5 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@HIDDEN>
+Date: Wed, 7 May 2025 12:30:39 +0200
+Subject: [PATCH 6/6] socket.c: don't send signals with root privileges to fix
+ CVE-2025-46805
+
+The CheckPid() function was introduced to address CVE-2023-24626, to
+prevent sending SIGCONT and SIGHUP to arbitrary PIDs in the system. This
+fix still suffers from a TOCTOU race condition. The client can replace
+itself by a privileged process, or try to cycle PIDs until a privileged
+process receives the original PID.
+
+To prevent this, always send signals using the real privileges. Keep
+CheckPid() for error diagnostics. If sending the actual signal fails
+later on then there will be no more error reporting.
+
+It seems the original bugfix already introduced a regression when
+attaching to another's user session that is not owned by root. In this
+case the target sessions runs with real uid X, while for sending a
+signal to the `pid` provided by the client real uid Y (or root
+privileges) are required.
+
+This is hard to properly fix without this regression. On Linux pidfds
+could be used to allow safely sending signals to other PIDs as root
+without involving race conditions. In this case the client PID should
+also be obtained via the UNIX domain socket's SO_PEERCRED option,
+though.
+---
+ socket.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/socket.c b/socket.c
+index d0b361a..c715519 100644
+--- a/socket.c
++++ b/socket.c
+@@ -91,6 +91,11 @@ static void AskPassword(Message *);
+ static bool CheckPassword(const char *password);
+ static void PasswordProcessInput(char *, size_t);
+
++static void KillUnpriv(pid_t pid, int sig) {
++ UserContext();
++ UserReturn(kill(pid, sig));
++}
++
+ #define SOCKMODE (S_IWRITE | S_IREAD | (displays ? S_IEXEC : 0) | (multi ? 1 : 0))
+
+ /*
+@@ -611,7 +616,7 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ Msg(errno, "Could not perform necessary sanity "
+ "checks on pts device.");
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ if (strcmp(ttyname_in_ns, m->m_tty)) {
+@@ -620,7 +625,7 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ ttyname_in_ns,
+ m->m_tty[0] != '\0' ? m->m_tty : "(null)");
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ /* m->m_tty so far contains the actual name of the pts
+@@ -638,24 +643,24 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ "Attach: passed fd does not match tty: %s - %s!",
+ m->m_tty, myttyname ? myttyname : "NULL");
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ } else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0) {
+ Msg(errno, "Attach: Could not open %s!", m->m_tty);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+
+ if (attach)
+- Kill(pid, SIGCONT);
++ KillUnpriv(pid, SIGCONT);
+
+ if (attach) {
+ if (display || win) {
+ int unused_result = write(i, "Attaching from inside of screen?\n", 33);
+ (void)unused_result; /* unused */
+ close(i);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ Msg(0, "Attach msg ignored: coming from inside.");
+ return -1;
+ }
+@@ -678,7 +683,7 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ (void)unused_result; /* unused */
+ close(i);
+ Msg(0, "Attach: could not make display for user %s", user);
+- Kill(pid, SIG_BYE);
++ KillUnpriv(pid, SIG_BYE);
+ return -1;
+ }
+ if (attach) {
+@@ -884,7 +889,7 @@ void ReceiveMsg(void)
+ Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+ }
+ else {
+- Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */
++ KillUnpriv(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE); /* Send SIG_BYE if an error happened */
+ queryflag = -1;
+ }
+ }
+--
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-bad-strncpy.patch b/gnu/packages/patches/screen-fix-bad-strncpy.patch
new file mode 100644
index 00000000000..3ad0a01b0c7
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-bad-strncpy.patch
@@ -0,0 +1,60 @@
+From e61649242afc42213e7fd3bb8b3dbea33be96761 Mon Sep 17 00:00:00 2001
+From: Alex Naumov <alexander_naumov@HIDDEN>
+Date: Wed, 7 May 2025 10:49:24 +0200
+Subject: [PATCH 3/6] attacher.c: fix bad strncpy() which can lead to a buffer
+ overflow
+
+`strncpy()` always pads the destination buffer with zeroes, regardless
+of the length of the input string. Passing `MAXPATHLEN` in every `for`
+loop iteration will cause a buffer write overflow past the end of the
+`m.m.command.cmd` buffer.
+
+This becomes visible on systems that compile Screen with the
+`_FORTIFY_SOURCE` macro enabled when passing more than one parameter,
+for example like this:
+
+```
+screen -S myinstance -X blankerprg /path/to/blanker
+*** buffer overflow detected ***: terminated
+Aborted (core dumped)
+```
+
+This is not security relevant, since only zeroes are written past the
+end of the buffer and only other message buffer fields can be reached,
+no internal state of Screen can be changed.
+
+Committed-By: Matthias Gerstner <matthias.gerstner@HIDDEN>
+---
+ attacher.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/attacher.c b/attacher.c
+index d8de9d4..4e1a77e 100644
+--- a/attacher.c
++++ b/attacher.c
+@@ -457,13 +457,16 @@ void SendCmdMessage(char *sty, char *match, char **av, int query)
+ }
+ p = m.m.command.cmd;
+ n = 0;
++ size_t space_left = ARRAY_SIZE(m.m.command.cmd);
++
+ for (; *av && n < MAXARGS - 1; ++av, ++n) {
+- size_t len;
+- len = strlen(*av) + 1;
+- if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) - 1)
+- break;
+- strncpy(p, *av, MAXPATHLEN);
+- p += len;
++ int printed = snprintf(p, space_left, "%s", *av);
++ if (printed < 0 || (size_t)printed >= space_left)
++ Panic(0, "Total length of the command to send too large.\n");
++
++ printed += 1; // add null terminator
++ p += printed;
++ space_left -= printed;
+ }
+ *p = 0;
+ m.m.command.nargs = n;
+--
+2.49.0
+
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index 284bc86c718..52de8300848 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -52,7 +52,12 @@ (define-public screen
(method url-fetch)
(uri (string-append "mirror://gnu/screen/screen-"
version ".tar.gz"))
- (patches (search-patches "screen-hurd-path-max.patch"))
+ (patches (search-patches "screen-hurd-path-max.patch"
+ "screen-fix-CVE-2025-233.patch"
+ "screen-fix-CVE-2025-46802.patch"
+ "screen-fix-CVE-2025-46804.patch"
+ "screen-fix-CVE-2025-46805.patch"
+ "screen-fix-bad-strncpy.patch"))
(sha256
(base32 "0wa9v6p7cna2scpimpvk9pgxaah80f4q0f2kln37qp0f1b83jjph"))))
(build-system gnu-build-system)
@@ -66,6 +71,10 @@ (define-public screen
#~(list
;; GNU_SOURCE must be defined for mallocmock_reset() to be defined
"CFLAGS=-O2 -g -D_GNU_SOURCE=1"
+ ;; As of 5.0.0, Screen creates world-writable PTYs by default, whereas
+ ;; previously the configure script used a safer mode of 620.
+ ;; See also <https://www.openwall.com/lists/oss-security/2025/05/12/1>.
+ "--with-pty-mode=620"
;; By default, screen supports 16 colors, but we want 256 when
;; ~/.screenrc contains 'term xterm-256color'.
"--enable-colors256")))
@@ -78,7 +87,8 @@ (define-public screen
then manages the different virtual terminals, allowing you to easily switch
between them, to detach them from the current session, or even splitting the
view to show two terminals at once.")
- (license gpl2+)))
+ (license gpl2+)
+ (properties `((lint-hidden-cve . ("CVE-2025-46803"))))))
(define-public dtach
(package
--
2.49.0
guix-patches@HIDDEN:bug#78430; Package guix-patches.
Full text available.
Received: (at 78430) by debbugs.gnu.org; 14 May 2025 19:51:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 14 15:51:12 2025
Received: from localhost ([127.0.0.1]:45812 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uFI8G-0006W9-F8
for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:12 -0400
Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]:51211)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
id 1uFI8D-0006VV-AU
for 78430 <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:09 -0400
Received: by mail-wm1-x343.google.com with SMTP id
5b1f17b1804b1-43d0618746bso1435835e9.2
for <78430 <at> debbugs.gnu.org>; Wed, 14 May 2025 12:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1747252263; x=1747857063; darn=debbugs.gnu.org;
h=mime-version:to:subject:date:from:references:in-reply-to:message-id
:from:to:cc:subject:date:message-id:reply-to;
bh=m/slnuxkfJKbNmreXMhRDl0bKvx0vWdsccfuSIQj9OQ=;
b=I6EeVFYvouSKUdMkrijNTleC5XYH+Rnoe8Ei+djPyqVlLVxpSga5tj1Sz0vVBFu3o1
PpvaGxL/sr4diLy8XOSwW2csm+WzpqAw3IcXTxrYjafM84FpASAvpFGdzyE5TrJQouAe
4iT5LxhujOKp2bHE3+a17qfLP/APsbGXLfI1/xITIWwKmllPFNv63S9rt46wqGmNEZKB
grED2Xfb8CdTqInBR2ynNkNb3LGiZENU0dNQw3jlEwCYpBEwdzWAr1UG+5ESl2CiBmvH
Q9y+pCAj8mONT4gLqxLv24JdGOywBipC2UBWFXmy3c3BFVpsM3t0KH8EOEcRDRn6BaM4
0H+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1747252263; x=1747857063;
h=mime-version:to:subject:date:from:references:in-reply-to:message-id
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=m/slnuxkfJKbNmreXMhRDl0bKvx0vWdsccfuSIQj9OQ=;
b=DUJRf/1lu/6qOtKKeenNBFL452Wn4t+/xIpGQHVYZjSBEBKNAeGemAJhh0lL/qK1kQ
HotZIVQBFe4tk1KG5pgOatNcrlf9VcS348lK2EQTan01rOe2LPXySxD3BdFSARi9GnXL
uvisplPHc9AguiBCJV8+XH3VhmVtBSxzZQxkz9m6UbjZfaCzQ65wf0kXfDptkikYS4aj
dXOkKLBD4VBpwcwlCANA/SUD1+UcguyQrRbpseqtS9vAJlHiY3oNiaa8IxkrG8Bgg+Ou
OhihZXokjXF7jKIK+qJtiCkMl/HPIsqTjCJ7kVz5RBrEzpDn7LXE5rF/FYeDLXgXXOn8
Wevg==
X-Gm-Message-State: AOJu0YzZldMJtSvfHkA6UZQdrnPMFtwgTsbcCHTqKBf3IQRHOEWbwxRY
QdVFJhZkWE07D8/otsJFGiCnt3EFAWzE7xLugQ2rGEhzr4nmCW9MW9AfdGny
X-Gm-Gg: ASbGncvyHFmDeqBCMNZnPgvsHnUnx3dFpwQs6FPooJ67K9IJu8rB0IzmDxmklcdK+Qp
LjrOZ9HMAeZ1WmetJpEuyjqo0DKetky66fBdgkFCgE5Kg30eOgxPCVt+YyyDuS4R4+VtP9m1YXd
+HVGs5IGYz+uiqgEbkRyzJOsqlSMLYJM/G0mkGrAhG0nYgPggAGTvlom11h7XzV8u/vv3zHgKjN
LWzUt0ZV7nLYj0TjJ2gnb1iXFf/Y7Nufii3KhEXqz4OvAbcOwEqCad5guNBdJYzvlVyLFmFBeuF
QTJkQEN9WXZJbyyn1RGkLMaY3pxg3qrB7ORbBFbvEjoQQbuFzxmsfN3snNtb71ZDNnArgpWB3E8
HOu+WBYK2rLlTmTPwyAfqTFIIghE=
X-Google-Smtp-Source: AGHT+IHHsy84bvX29h5ejRByNwXltzPE2+npEF/W4U6FjW5Pyf7fAiqtfObaub69yJJCvJQ+RyYpzg==
X-Received: by 2002:a05:600c:c87:b0:43d:46de:b0eb with SMTP id
5b1f17b1804b1-442f20d7521mr42959015e9.12.1747252262923;
Wed, 14 May 2025 12:51:02 -0700 (PDT)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
[85.127.114.32]) by smtp.gmail.com with ESMTPSA id
5b1f17b1804b1-442f397926asm41445745e9.36.2025.05.14.12.51.02
for <78430 <at> debbugs.gnu.org>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 14 May 2025 12:51:02 -0700 (PDT)
Message-ID: <8c9e73024a55dec4bcea40a60359a0cb47726501.1747250195.git.liliana.prikler@HIDDEN>
In-Reply-To: <cover.1747250195.git.liliana.prikler@HIDDEN>
References: <cover.1747250195.git.liliana.prikler@HIDDEN>
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Date: Wed, 14 May 2025 20:44:58 +0200
Subject: [PATCH 1/2] gnu: screen: Use new package style.
to: 78430 <at> debbugs.gnu.org
MIME-Version: 1.0
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/packages/screen.scm (screen)[arguments]: Change to list
of G-Expressions. --- gnu/packages/screen.scm | 13 +++++++------ 1 file
changed, 7 insertions(+),
6 deletions(-) diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index e791f29190f..284bc86c718 100644 --- a/gnu/packages/screen.scm +++
b/gnu/packages/screen.scm
@@ -61,13 +61,14 @@ (define-public scre [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (liliana.prikler[at]gmail.com)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2a00:1450:4864:20:0:0:0:343 listed in]
[list.dnswl.org]
2.1 MALFORMED_FREEMAIL Bad headers on message from free email
service 0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam
X-Debbugs-Envelope-To: 78430
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/packages/screen.scm (screen)[arguments]: Change to list
of G-Expressions. --- gnu/packages/screen.scm | 13 +++++++------ 1 file changed,
7 insertions(+), 6 deletions(-) diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index e791f29190f..284bc86c718 100644 --- a/gnu/packages/screen.scm +++ b/gnu/packages/screen.scm
@@ -61,13 +61,14 @@ (define-public scre [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2a00:1450:4864:20:0:0:0:343 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (liliana.prikler[at]gmail.com)
2.1 MALFORMED_FREEMAIL Bad headers on message from free email
service
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam
* gnu/packages/screen.scm (screen)[arguments]: Change to list of G-Expressions.
---
gnu/packages/screen.scm | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index e791f29190f..284bc86c718 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -61,13 +61,14 @@ (define-public screen
(inputs
(list libxcrypt linux-pam ncurses perl))
(arguments
- `(#:configure-flags
+ (list
+ #:configure-flags
+ #~(list
;; GNU_SOURCE must be defined for mallocmock_reset() to be defined
- '("CFLAGS=-O2 -g -D_GNU_SOURCE=1"
-
- ;; By default, screen supports 16 colors, but we want 256 when
- ;; ~/.screenrc contains 'term xterm-256color'.
- "--enable-colors256")))
+ "CFLAGS=-O2 -g -D_GNU_SOURCE=1"
+ ;; By default, screen supports 16 colors, but we want 256 when
+ ;; ~/.screenrc contains 'term xterm-256color'.
+ "--enable-colors256")))
(home-page "https://www.gnu.org/software/screen/")
(synopsis "Full-screen window manager providing multiple terminals")
(description
--
2.49.0
guix-patches@HIDDEN:bug#78430; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 14 May 2025 19:19:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 14 15:19:42 2025
Received: from localhost ([127.0.0.1]:45475 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1uFHdl-0002mw-0p
for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:19:42 -0400
Received: from lists.gnu.org ([2001:470:142::17]:39560)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
id 1uFHde-0002kE-4o
for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:19:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <liliana.prikler@HIDDEN>)
id 1uFHdM-0003so-Ud
for guix-patches@HIDDEN; Wed, 14 May 2025 15:19:18 -0400
Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from <liliana.prikler@HIDDEN>)
id 1uFHdJ-0004SR-24
for guix-patches@HIDDEN; Wed, 14 May 2025 15:19:16 -0400
Received: by mail-wr1-x442.google.com with SMTP id
ffacd0b85a97d-3a1fb18420aso128611f8f.1
for <guix-patches@HIDDEN>; Wed, 14 May 2025 12:19:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1747250350; x=1747855150; darn=gnu.org;
h=to:content-transfer-encoding:mime-version:subject:date:from
:message-id:from:to:cc:subject:date:message-id:reply-to;
bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=;
b=WsorUq6VBiI5ZnOCTMtGZs7mApTUKDV0EbFTuFItL6B9AVcYSAWxE0HrtJeGl0Wb4z
fdTKtrLBE3NQSrD+jr26XRaJB06whzU6E8Y8IemfvlCTFkp+2rtrNY9hmfuXlo5X0anO
z2wk+QCXyCZaBym6z0umN85KsL3FzdALBsw8H3+1jw8K6pUI3JAh+ryPdNytWpYtoxyg
pfxN9jitDGu4dSNzVt2mC4U6JFDms4v31zYRZAZtrnJDM4InRQDL8oejwlr0QDdpW1FO
9wBH/whsIAO+aYHQItMa24GyvtRXG632DxpYrdpp2eQtpVJ+4AS7xhT4QUL6TQn0lvI5
MJ7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1747250350; x=1747855150;
h=to:content-transfer-encoding:mime-version:subject:date:from
:message-id:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=;
b=WPkgOrjULGvVI3KlF+xF0aD7OzlMi8Zke2lA9oUqwriHmCcNaG1NfN3b/Xsj996sLY
FJy0ZTi0WcVBw1FIe7L3qsEOAweTSSEGVjzK/bp/YqVnkKqQzckHoLUMKHsIHbJ5Oyo7
2j+iwAPga4o7LKoC6x1S1o2ndTrin8IJBnRvEAc7Wz9aZKqHqcQeUsCvCQaxgvJT8UI9
i9SOgD9vnu7GHKOqb8Pect9oA5tt9eEuTp5xv2vx3gpx8+bA4idCsZXzM7VElNeZgzH9
i1fniubDZJx3s+MeIrdGuS06s9qWq1Pca63nAvFtsj+8xhG2RTQbS6mwr0VK+2YXiW+x
mjnA==
X-Gm-Message-State: AOJu0Yy+v4eoDvOjvyixUzAznWg1LcCqWGNof5SrWhWjbQx1b8G5fkKN
/wcGitpCBzQATSddlPFfYYVgSlo0JXmSm+5YISbkRzdBCyBd955NSzCEQOtA
X-Gm-Gg: ASbGncuJ/lGXP/ZUacVywNcnBwVn9cpZF4xyUTZTkbqBtd0cv+v5DgwJ4HtWO0vfJCX
CJ7gplYv4k5CDpbnCJ3Az+I9WxKFpAIcig7VZbvvCLVNJTtSalVNlSRCSnA9dPwKmxCpzBLuZcc
dvpCEzWQUyIgOlRtCeJxqnIttsYE7TR4m+9CgNXeDeoz1to+n85iV1IzoXrQAIKF/kRp52jnNvg
uK7TzdxRdEUmiy9gX2zwzzBvgpGXNK3VkQZIwuSYUxJSsv2k0IlK2yFAnhpd1ZazUvsGvqkpv9z
4imSFw6gZ4YxxtCi49CYulLrrHpb0XMfTQp0lgN6qhkDBjK2A1ey1Lzuob+6F5EDP3N6cf9avXs
/Ub+OkCoSGVjNItFvkk20Z6YkIQ6uCVO2Dj6omg==
X-Google-Smtp-Source: AGHT+IFRKR+PqphOd3OK2LrrMzeiBB2Hb2dynCtd2AGlhYXKwalHGr3WvuBdSRJCJH7S+qoylTSXYA==
X-Received: by 2002:a5d:5848:0:b0:3a1:fdfd:8f9f with SMTP id
ffacd0b85a97d-3a3496954edmr4394474f8f.1.1747250349658;
Wed, 14 May 2025 12:19:09 -0700 (PDT)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
[85.127.114.32]) by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-3a1f58ebe00sm20918375f8f.38.2025.05.14.12.19.08
for <guix-patches@HIDDEN>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 14 May 2025 12:19:08 -0700 (PDT)
Message-ID: <cover.1747250195.git.liliana.prikler@HIDDEN>
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Date: Wed, 14 May 2025 21:16:35 +0200
Subject: [PATCH 0/2] Fix vulnerabilities in GNU Screen
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
to: guix-patches@HIDDEN
Received-SPF: pass client-ip=2a00:1450:4864:20::442;
envelope-from=liliana.prikler@HIDDEN; helo=mail-wr1-x442.google.com
X-Spam_score_int: 0
X-Spam_score: 0.0
X-Spam_bar: /
X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
MALFORMED_FREEMAIL=2.117, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_MXG_LOWER_HDR_SPAM=0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 3.1 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi Guix, as outlined in [1],
the current version of GNU Screen
packaged in Guix suffers from multiple vulnerabilities. This series first
cleans up the package style and then applies the patches that fix them.
Content analysis details: (3.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (liliana.prikler[at]gmail.com)
2.1 MALFORMED_FREEMAIL Bad headers on message from free email
service 0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi Guix, as outlined in [1], the current version of GNU Screen
packaged in Guix suffers from multiple vulnerabilities. This series first
cleans up the package style and then applies the patches that fix them.
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2001:470:142:0:0:0:0:17 listed in]
[list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (liliana.prikler[at]gmail.com)
2.1 MALFORMED_FREEMAIL Bad headers on message from free email
service
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam
Hi Guix,
as outlined in [1], the current version of GNU Screen packaged in Guix
suffers from multiple vulnerabilities. This series first cleans up the
package style and then applies the patches that fix them.
Cheers
[1] https://www.openwall.com/lists/oss-security/2025/05/12/1
Liliana Marie Prikler (2):
gnu: screen: Use new package style.
gnu: screen: Fix multiple CVEs.
gnu/local.mk | 5 +
.../patches/screen-fix-CVE-2025-233.patch | 137 ++++++++++++++++++
.../patches/screen-fix-CVE-2025-46802.patch | 113 +++++++++++++++
.../patches/screen-fix-CVE-2025-46804.patch | 130 +++++++++++++++++
.../patches/screen-fix-CVE-2025-46805.patch | 115 +++++++++++++++
.../patches/screen-fix-bad-strncpy.patch | 60 ++++++++
gnu/packages/screen.scm | 27 +++-
7 files changed, 579 insertions(+), 8 deletions(-)
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-233.patch
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46802.patch
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46804.patch
create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46805.patch
create mode 100644 gnu/packages/patches/screen-fix-bad-strncpy.patch
base-commit: 5f5d84beccc180f1b51474c0e47eb6e0d0c9175f
--
2.49.0
Liliana Marie Prikler <liliana.prikler@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#78430; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.