GNU bug report logs - #78430
[PATCH 0/2] Fix vulnerabilities in GNU Screen

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Liliana Marie Prikler <liliana.prikler@HIDDEN>; Keywords: patch; dated Wed, 14 May 2025 19:20:02 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 78430 <at> debbugs.gnu.org:


Received: (at 78430) by debbugs.gnu.org; 17 May 2025 15:26:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat May 17 11:26:47 2025
Received: from localhost ([127.0.0.1]:49968 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uGJR1-0005c2-5p
	for submit <at> debbugs.gnu.org; Sat, 17 May 2025 11:26:47 -0400
Received: from fhigh-b1-smtp.messagingengine.com ([202.12.124.152]:57493)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ian@HIDDEN>) id 1uGJQy-0005bk-GX
 for 78430 <at> debbugs.gnu.org; Sat, 17 May 2025 11:26:45 -0400
Received: from phl-compute-01.internal (phl-compute-01.phl.internal
 [10.202.2.41])
 by mailfhigh.stl.internal (Postfix) with ESMTP id EB69525400C5;
 Sat, 17 May 2025 11:26:38 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162])
 by phl-compute-01.internal (MEProxy); Sat, 17 May 2025 11:26:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h=
 cc:cc:content-type:content-type:date:date:from:from:in-reply-to
 :message-id:mime-version:reply-to:subject:subject:to:to; s=fm2;
 t=1747495598; x=1747581998; bh=g4D1WKSRV50MpNXDrN9xDEEdkV6pAuLE
 hbIBd/BfYQ4=; b=G4elxz30PwIMvfv/G7n8CEytm2vyuSsTV14KAOXuMhxn8zZK
 8DWTFI0LyfkJUgM953aTiIIcTQzIYwXNwbK3Ss82+xxkQwziRPfCi1cw49VKVEC/
 nXOtPgm/MpcUSsZP59rFAnemsaSi6xgckPaO3p1f7cW+dfRbyKRJ2q/UHfKxN4r0
 ehhp82gdBzMBWC5fbLiH8sOSENw4wKz7pUd8iZ6PhOsNhOnygLETfZg7f0W5ghG4
 3Kug0mn8ObDBbgtWfShJIX9rKlISuJ6H3xfXeRxXiQJI5RvBgPAKprsJEB0g3YOv
 brVfCAuuAZxiG1n/PVX6R6xvVdljztkC9kRToQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:message-id
 :mime-version:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1747495598; x=
 1747581998; bh=g4D1WKSRV50MpNXDrN9xDEEdkV6pAuLEhbIBd/BfYQ4=; b=c
 wdrHwbLamD+747hb/AD8hCLnFELjFh3VN7+ruOabDMIWoM37PVzEbUNRGuiWlINh
 5jlTBVVOJqckd0/qitbDbfXMA0wgp8TxqsbST3a0vrbEiYHrbaF28ZIvTZxXZ51o
 xdHqC2QUzURqxxkj64cnBMM2gZ/4kwmbRelNscIYWHwIrBv78E904S8myOTcrhQI
 g4WbWLhBoDawg+575uWX+kTRxRltceOaU9rFib906HJqcloF+Gx+fmgKwFLHbhL4
 23ZBKtFHXTTul5rSYr3c3VAEbGBTGoKnOL8RYeUBQbs5wGS21Pbt1wN14on5/Mvy
 s0R2Fnx9cz9bgNOfcbwxw==
X-ME-Sender: <xms:rqooaO6kNNPdEKBsni_W6xVU9GFAPlG4-9gmQcEQH64u2U4gu-6m7A>
 <xme:rqooaH4p9vC4gRocede72bR1v-ew3XN3WGmN5CLNrBHxOZ9NyjExPAuUVqmZ5rmMQ
 -9lItKHJcP-X3rstg>
X-ME-Received: <xmr:rqooaNc2nz0do8kjreqbenPE87MivDeQz1lx-HVONMfXlVpJiY6L9Rbr9VfpG4AuS59hhtckPEENiT5d_u_EmHDcNDCFBXj2>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdefudehleekucetufdoteggodetrf
 dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv
 pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih
 gvnhhtshculddquddttddmnecujfgurhephffvvefufgffkfggtgesthdtredttdertden
 ucfhrhhomhepkfgrnhcugfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdrthhvqeenuc
 ggtffrrghtthgvrhhnpeejfeetgeekfeefffffieehledugeefheeigedtheejffelgfeg
 vdeiffethfdttdenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghrufhiii
 gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdht
 vhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepje
 ekgeeftdesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopehlihhlihgrnhgr
 rdhprhhikhhlvghrsehgmhgrihhlrdgtohhm
X-ME-Proxy: <xmx:rqooaLLvJo39eA2_tjFNu8GL2HYAUvKCzlbRYGq0zzesZc-koIKLaw>
 <xmx:rqooaCK_SaXGZKzCQMDgccZr54M25MN5FftFmO60zBy_Y4WHK5lYBA>
 <xmx:rqooaMyJXdLGkx0I-fReuTEup3uANov4Il2GxNiDtpz1VB4YQ-8VlQ>
 <xmx:rqooaGKFTv4741PYR_zKPoY9t636kaIhfCSYc3PKfYheO4p_yaWP6w>
 <xmx:rqooaIgxRIzfMwR5USiNyF-Q3JfHZDKl88XRqhFFCpkhIbIab5azERgO>
Feedback-ID: id9014242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat,
 17 May 2025 11:26:37 -0400 (EDT)
From: Ian Eure <ian@HIDDEN>
To: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Subject: Re: [bug#78430] [PATCH 2/2] gnu: screen: Fix multiple CVEs.
User-Agent: mu4e 1.12.9; emacs 29.4
Date: Sat, 17 May 2025 08:26:36 -0700
Message-ID: <87frh3gswj.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 78430
Cc: 78430 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi Liliana,

Both patches look good to me, feel free to push.  I do note that 
Screen 5.0.1 is out and has all these fixes[1], so you might 
consider updating to that rather than backporting the fixes.

Thanks,
  -- Ian

[1]: 
https://lists.gnu.org/archive/html/screen-users/2025-05/msg00005.html




Information forwarded to guix-patches@HIDDEN:
bug#78430; Package guix-patches. Full text available.

Message received at 78430 <at> debbugs.gnu.org:


Received: (at 78430) by debbugs.gnu.org; 14 May 2025 19:51:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 14 15:51:22 2025
Received: from localhost ([127.0.0.1]:45816 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uFI8L-0006WU-UT
	for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:21 -0400
Received: from mail-wm1-x344.google.com ([2a00:1450:4864:20::344]:49278)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
 id 1uFI8E-0006VY-0O
 for 78430 <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:11 -0400
Received: by mail-wm1-x344.google.com with SMTP id
 5b1f17b1804b1-43cfdc2c8c9so974785e9.2
 for <78430 <at> debbugs.gnu.org>; Wed, 14 May 2025 12:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747252264; x=1747857064; darn=debbugs.gnu.org;
 h=to:content-transfer-encoding:mime-version:subject:date:from
 :references:in-reply-to:message-id:from:to:cc:subject:date
 :message-id:reply-to;
 bh=uW/u4z47nKKDAovukimWKGo9q6/NlSdLuZK87/9umSY=;
 b=RlU21l4cdqyXlFInWHP3tzwe7O9eyWpvhhm/1tt09fEN4FDSl9jVNSy3wxeDgLrHZK
 qS98FjZNwOxMMhbNGUGGfu+Z4Ha+FDoCIKBe5NpzhHWoiCHVsJWL8gKWZeykoXaqx16W
 ovZeA5ywvUHjgllDJDykStKTNKvVmIFCSD7MfAAg5Q8IoAoHu1cKjk8Bbs55QyBNIEPi
 A4sDjf258rlxJR574EnnLw50K+ukOuNJ5XbtRY+2DJ4dizWzsx0diUdJ9ZBpMxLbI1Bp
 Y6glD8J7vGKDyXrdxjqGlhsCREGhMQ+ibCKJJlBd7JwE8UpDRyE+KHK8GNzrphaSUejF
 YXog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747252264; x=1747857064;
 h=to:content-transfer-encoding:mime-version:subject:date:from
 :references:in-reply-to:message-id:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=uW/u4z47nKKDAovukimWKGo9q6/NlSdLuZK87/9umSY=;
 b=PyLayGkPH2tGTPR5CT5oz41Oz/z4WSiMl0/21fsTC7cJMx2ygKKpxIE13DyebKXHB9
 qE2Y/IBwzbb2wDC+WAHKwS9eHBTeG7jZktYzexF4m9Pz0gE4GrdNHWSkRM1TudZmyOt7
 LLS0klhrYOtLK+Qp2M3I7HJW2Dbu2+TXSK+vaeeePnkzmfC1JUanRvCVwKymHGaPEHOM
 cKTYx1GO6OWg8fWEYfpK0DphGAqXIkcwCdV0nPeOMSMyZgIzuQ6ewd0TDgezuPDtTa4r
 j3usig0r7TELfB+ARbkewZpjs4QlJgqS4CKjQXdemtosslnlEw4EQz94HYgz66Z4aPsa
 E2mw==
X-Gm-Message-State: AOJu0Ywujv4zjsuRGbl2M4H/oam9PxScif4q7NfGqVc8X2aywgfVhvRQ
 baVTFBy40/KVdsnEmrslgB5QFhvj2OjIIvJf6sWaYzVmcdoO8z2DhKyATdHl
X-Gm-Gg: ASbGncuuM/d0WaWxcygu+KGCk4OW7dRgowJBpBjnLsZznGEohbmMTOnYDrZpGcJEAQU
 r+TBPlWEEvY+QuNsaW/tJsOC1U4YSMmgeQfjHfBCGtxfRmOWen1ljsMaeZOHSCjEbffvmBG9rsO
 hjENKkhgekzK19nz3lUH4ePr1pAPcBZglPia6LipHPwU2jql9ZYKK2sXLdU2CmkmjjYp0mqy0CR
 2ZXx+38QcLhj8GLBQ0kblSy1eXWIq5zN9cHi3o1fqb+8oxWVNTtyhCgR3be+rrZwKB7IySCoG91
 0svkq64NQLF2GDiqgcbMrKgLwHhwFJj9dZQmMZ+1QAdg2IvZ/0MAhLEhizLfFMIMGiwR+H8HE/E
 +hmM0GFwxwOJjEb/Bitz2VQ8c8Ic=
X-Google-Smtp-Source: AGHT+IG/oMIVXzA8F0en2pjM+djHKHbMzxsR+VgDYvuhycmOAbiqmXQlTZsdtsznnhN8DuFoCXBCvQ==
X-Received: by 2002:a05:600c:4ecf:b0:441:d4e8:76c6 with SMTP id
 5b1f17b1804b1-442f217a414mr53472255e9.30.1747252263659; 
 Wed, 14 May 2025 12:51:03 -0700 (PDT)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
 [85.127.114.32]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-442f397926asm41445745e9.36.2025.05.14.12.51.03
 for <78430 <at> debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 14 May 2025 12:51:03 -0700 (PDT)
Message-ID: <b1dff57a870c402aae71414f7b48214c34a52041.1747250195.git.liliana.prikler@HIDDEN>
In-Reply-To: <cover.1747250195.git.liliana.prikler@HIDDEN>
References: <cover.1747250195.git.liliana.prikler@HIDDEN>
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Date: Wed, 14 May 2025 21:12:44 +0200
Subject: [PATCH 2/2] gnu: screen: Fix multiple CVEs.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
to: 78430 <at> debbugs.gnu.org
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  * gnu/packages/patches/screen-fix-CVE-2025-233.patch: New
 file. * gnu/packages/patches/screen-fix-CVE-2025-46802.patch: New file. *
 gnu/packages/patches/screen-fix-CVE-2025-46804.patch: New file. * gn [...]
 Content analysis details:   (2.1 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:1450:4864:20:0:0:0:344 listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (liliana.prikler[at]gmail.com)
 2.1 MALFORMED_FREEMAIL     Bad headers on message from free email
 service 0.0 T_MXG_LOWER_HDR_SPAM   Lower case header spam
X-Debbugs-Envelope-To: 78430
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/packages/patches/screen-fix-CVE-2025-233.patch: New
   file. * gnu/packages/patches/screen-fix-CVE-2025-46802.patch: New file. *
   gnu/packages/patches/screen-fix-CVE-2025-46804.patch: New file. * gn [...]
    
 
 Content analysis details:   (1.1 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:344 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (liliana.prikler[at]gmail.com)
  2.1 MALFORMED_FREEMAIL     Bad headers on message from free email
                             service
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  0.0 T_MXG_LOWER_HDR_SPAM   Lower case header spam

* gnu/packages/patches/screen-fix-CVE-2025-233.patch: New file.
* gnu/packages/patches/screen-fix-CVE-2025-46802.patch: New file.
* gnu/packages/patches/screen-fix-CVE-2025-46804.patch: New file.
* gnu/packages/patches/screen-fix-CVE-2025-46805.patch: New file.
* gnu/packages/patches/screen-fix-bad-strncpy.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register them here.
* gnu/packages/screen.scm (screen)[patches]: Use them here.
[arguments]: Add “--with-pty-mode=620”.
---
 gnu/local.mk                                  |   5 +
 .../patches/screen-fix-CVE-2025-233.patch     | 137 ++++++++++++++++++
 .../patches/screen-fix-CVE-2025-46802.patch   | 113 +++++++++++++++
 .../patches/screen-fix-CVE-2025-46804.patch   | 130 +++++++++++++++++
 .../patches/screen-fix-CVE-2025-46805.patch   | 115 +++++++++++++++
 .../patches/screen-fix-bad-strncpy.patch      |  60 ++++++++
 gnu/packages/screen.scm                       |  14 +-
 7 files changed, 572 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-233.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46802.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46804.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46805.patch
 create mode 100644 gnu/packages/patches/screen-fix-bad-strncpy.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index ce0f981a419..c6ece1f5c25 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2250,6 +2250,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/scilab-tbx_build_help.patch		\
   %D%/packages/patches/scons-test-environment.patch		\
   %D%/packages/patches/scotch-cmake-remove-metis.patch		\
+  %D%/packages/patches/screen-fix-bad-strncpy.patch		\
+  %D%/packages/patches/screen-fix-CVE-2025-233.patch		\
+  %D%/packages/patches/screen-fix-CVE-2025-46802.patch		\
+  %D%/packages/patches/screen-fix-CVE-2025-46804.patch		\
+  %D%/packages/patches/screen-fix-CVE-2025-46805.patch		\
   %D%/packages/patches/screen-hurd-path-max.patch		\
   %D%/packages/patches/scsh-nonstring-search-path.patch	\
   %D%/packages/patches/seed-webkit.patch			\
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-233.patch b/gnu/packages/patches/screen-fix-CVE-2025-233.patch
new file mode 100644
index 00000000000..37c70437c6f
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-233.patch
@@ -0,0 +1,137 @@
+From a23f2fa9fbb3cb214ed6a8ab71c99bba94f79e92 Mon Sep 17 00:00:00 2001
+From: Alex Naumov <alexander_naumov@HIDDEN>
+Date: Wed, 7 May 2025 10:42:55 +0200
+Subject: [PATCH 1/6] logfile: reintroduce lf_secreopen() to fix CVE-2025-23395
+
+In commit 441bca708bd this function was mistakenly removed, which
+introduces a local root exploit vulnerability when running screen in
+setuid-root context.
+
+Committed-By: Matthias Gerstner <matthias.gerstner@HIDDEN>
+---
+ logfile.c | 27 +++++++++++++++++++++++----
+ logfile.h | 10 ++++++++++
+ screen.c  | 19 +++++++++++++++++++
+ 3 files changed, 52 insertions(+), 4 deletions(-)
+
+diff --git a/logfile.c b/logfile.c
+index 65e7205..91dc224 100644
+--- a/logfile.c
++++ b/logfile.c
+@@ -88,10 +88,29 @@ static int logfile_reopen(char *name, int wantfd, Log *l)
+ 		return -1;
+ 	}
+ 	changed_logfile(l);
+-	l->st->st_ino = l->st->st_dev = 0;
+ 	return 0;
+ }
+ 
++static int (*lf_reopen_fn) (char *, int, struct Log *) = logfile_reopen;
++
++/*
++ * Whenever logfwrite discoveres that it is required to close and
++ * reopen the logfile, the function registered here is called.
++ * If you do not register anything here, the above logfile_reopen()
++ * will be used instead.
++ * Your function should perform the same steps as logfile_reopen():
++ * a) close the original filedescriptor without flushing any output
++ * b) open a new logfile for future output on the same filedescriptor number.
++ * c) zero out st_dev, st_ino to tell the stolen_logfile() indcator to
++ *    reinitialise itself.
++ * d) return 0 on success.
++ */
++void logreopen_register(int (*fn) (char *, int, struct Log *))
++{
++	lf_reopen_fn = fn ? fn : logfile_reopen;
++}
++
++
+ /*
+  * If the logfile has been removed, truncated, unlinked or the like,
+  * return nonzero.
+@@ -204,7 +223,7 @@ int logfwrite(Log *l, char *buf, size_t n)
+ {
+ 	int r;
+ 
+-	if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++	if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ 		return -1;
+ 	r = fwrite(buf, n, 1, l->fp);
+ 	l->writecount += l->flushcount + 1;
+@@ -219,13 +238,13 @@ int logfflush(Log *l)
+ 
+ 	if (!l)
+ 		for (l = logroot; l; l = l->next) {
+-			if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++			if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ 				return -1;
+ 			r |= fflush(l->fp);
+ 			l->flushcount++;
+ 			changed_logfile(l);
+ 	} else {
+-		if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
++		if (stolen_logfile(l) && lf_reopen_fn(l->name, fileno(l->fp), l))
+ 			return -1;
+ 		r = fflush(l->fp);
+ 		l->flushcount++;
+diff --git a/logfile.h b/logfile.h
+index dbc9c2c..569a90e 100644
+--- a/logfile.h
++++ b/logfile.h
+@@ -71,6 +71,16 @@ int logfwrite (Log *, char *, size_t);
+  */
+ int logfflush (Log *ifany);
+ 
++/*
++ * a reopen function may be registered here, in case you want to bring your
++ * own (more secure open), it may come along with a private data pointer.
++ * this function is called, whenever logfwrite/logfflush detect that the
++ * file has been (re)moved, truncated or changed by someone else.
++ * if you provide NULL as parameter to logreopen_register, the builtin
++ * reopen function will be reactivated.
++ */
++void logreopen_register (int (*fn) (char *, int, struct Log *) );
++
+ /*
+  * Your custom reopen function is required to reuse the exact
+  * filedescriptor.
+diff --git a/screen.c b/screen.c
+index a79c3b1..728e717 100644
+--- a/screen.c
++++ b/screen.c
+@@ -199,6 +199,21 @@ static int GotSigChld;
+ /********************************************************************/
+ /********************************************************************/
+ 
++static int lf_secreopen(char *name, int wantfd, struct Log *l)
++{
++	int got_fd;
++
++	close(wantfd);
++	if (((got_fd = secopen(name, O_WRONLY | O_CREAT | O_APPEND, 0666)) < 0) || lf_move_fd(got_fd, wantfd) < 0) {
++		logfclose(l);
++		return -1;
++	}
++	l->st->st_ino = l->st->st_dev = 0;
++	return 0;
++}
++
++
++
+ static struct passwd *getpwbyname(char *name, struct passwd *ppp)
+ {
+ 	int n;
+@@ -349,6 +364,10 @@ int main(int argc, char **argv)
+ #ifdef ENABLE_TELNET
+ 	af                = AF_UNSPEC;
+ #endif
++	/* lf_secreopen() is vital for the secure operation in setuid-root context.
++	 * Do not remove it
++	 */
++	logreopen_register(lf_secreopen);
+ 
+ 	real_uid          = getuid();
+ 	real_gid          = getgid();
+-- 
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-46802.patch b/gnu/packages/patches/screen-fix-CVE-2025-46802.patch
new file mode 100644
index 00000000000..b2ae38d26dd
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-46802.patch
@@ -0,0 +1,113 @@
+From 5a5383b312b2422689ca0220ac1557885b6ce67d Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@HIDDEN>
+Date: Wed, 7 May 2025 10:56:17 +0200
+Subject: [PATCH 4/6] attacher.c: prevent temporary 0666 mode on PTYs to fix
+ CVE-2025-46802
+
+This temporary chmod of the PTY to mode 0666 is most likely a remnant of
+past times, before the PTY file descriptor was passed to the target
+session via the UNIX domain socket.
+
+This chmod() causes a race condition during which any other user in the
+system can open the PTY for reading and writing, and thus allows PTY
+hijacking.
+
+Simply remove this logic completely.
+---
+ attacher.c | 14 --------------
+ screen.c   | 12 ------------
+ screen.h   |  2 --
+ 3 files changed, 28 deletions(-)
+
+diff --git a/attacher.c b/attacher.c
+index 4e1a77e..e5a48b0 100644
+--- a/attacher.c
++++ b/attacher.c
+@@ -127,9 +127,6 @@ int Attach(int how)
+ 		xseteuid(multi_uid);
+ 		xseteuid(own_uid);
+ #endif
+-		if (chmod(attach_tty, 0666))
+-			Panic(errno, "chmod %s", attach_tty);
+-		tty_oldmode = tty_mode;
+ 	}
+ 
+ 	memset((char *)&m, 0, sizeof(Message));
+@@ -279,12 +276,6 @@ int Attach(int how)
+ 			pause();	/* wait for SIGCONT */
+ 		xsignal(SIGCONT, SIG_DFL);
+ 		ContinuePlease = false;
+-		xseteuid(own_uid);
+-		if (tty_oldmode >= 0)
+-			if (chmod(attach_tty, tty_oldmode))
+-				Panic(errno, "chmod %s", attach_tty);
+-		tty_oldmode = -1;
+-		xseteuid(real_uid);
+ 	}
+ 	rflag = 0;
+ 	return 1;
+@@ -334,11 +325,6 @@ void AttacherFinit(int sigsig)
+ 			close(s);
+ 		}
+ 	}
+-	if (tty_oldmode >= 0) {
+-		if (setuid(own_uid))
+-			Panic(errno, "setuid");
+-		chmod(attach_tty, tty_oldmode);
+-	}
+ 	exit(0);
+ }
+ 
+diff --git a/screen.c b/screen.c
+index 728e717..fb61c7f 100644
+--- a/screen.c
++++ b/screen.c
+@@ -145,8 +145,6 @@ bool      hastruecolor = false;
+ 
+ char     *multi;
+ int       multiattach;
+-int       tty_mode;
+-int       tty_oldmode = -1;
+ 
+ char      HostName[MAXSTR];
+ pid_t     MasterPid;
+@@ -766,7 +764,6 @@ int main(int argc, char **argv)
+ 
+ 		/* ttyname implies isatty */
+ 		SetTtyname(true, &st);
+-		tty_mode = (int)st.st_mode & 0777;
+ 
+ 		fl = fcntl(0, F_GETFL, 0);
+ 		if (fl != -1 && (fl & (O_RDWR | O_RDONLY | O_WRONLY)) == O_RDWR)
+@@ -1570,15 +1567,6 @@ void Panic(int err, const char *fmt, ...)
+ 			if (D_userpid)
+ 				Kill(D_userpid, SIG_BYE);
+ 		}
+-	if (tty_oldmode >= 0) {
+-#if defined(HAVE_SETEUID)
+-		if (setuid(own_uid))
+-			xseteuid(own_uid);	/* may be a loop. sigh. */
+-#else
+-		setuid(own_uid);
+-#endif
+-		chmod(attach_tty, tty_oldmode);
+-	}
+ 	eexit(1);
+ }
+ 
+diff --git a/screen.h b/screen.h
+index 308c365..410b4f4 100644
+--- a/screen.h
++++ b/screen.h
+@@ -291,8 +291,6 @@ extern int nversion;
+ extern uid_t own_uid;
+ extern int queryflag;
+ extern int rflag;
+-extern int tty_mode;
+-extern int tty_oldmode;
+ extern pid_t MasterPid;
+ extern int MsgMinWait;
+ extern int MsgWait;
+-- 
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-46804.patch b/gnu/packages/patches/screen-fix-CVE-2025-46804.patch
new file mode 100644
index 00000000000..2aeab06c4b1
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-46804.patch
@@ -0,0 +1,130 @@
+From 49473441c17006856268f37249e62a99a7901741 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@HIDDEN>
+Date: Wed, 7 May 2025 11:25:25 +0200
+Subject: [PATCH 5/6] Avoid file existence test information leaks to fix
+ CVE-2025-46804
+
+In setuid-root context the current error messages give away whether
+certain paths not accessible by the real user exist and what type they
+have. To prevent this only output generic error messages in setuid-root
+context.
+
+In some situations, when an error is pertaining a directory and the
+directory is owner by the real user then we can still output more
+detailed diagnostics.
+
+This change can lead to less helpful error messages when Screen is
+install setuid-root. More complex changes would be needed to avoid this
+(e.g.  only open the `SocketPath` with raised privileges when
+multi-attach is requested).
+
+There might still be lingering some code paths that allow such
+information leaks, since `SocketPath` is a global variable that is used
+across the code base. The majority of issues should be caught with this
+fix, however.
+---
+ screen.c | 54 ++++++++++++++++++++++++++++++++++++++++++------------
+ socket.c |  9 +++++++--
+ 2 files changed, 49 insertions(+), 14 deletions(-)
+
+diff --git a/screen.c b/screen.c
+index fb61c7f..eabbdc2 100644
+--- a/screen.c
++++ b/screen.c
+@@ -862,22 +862,47 @@ int main(int argc, char **argv)
+ #endif
+ 	}
+ 
+-	if (stat(SocketPath, &st) == -1)
+-		Panic(errno, "Cannot access %s", SocketPath);
+-	else if (!S_ISDIR(st.st_mode))
+-		Panic(0, "%s is not a directory.", SocketPath);
++	if (stat(SocketPath, &st) == -1) {
++		if (eff_uid == real_uid) {
++			Panic(errno, "Cannot access %s", SocketPath);
++		} else {
++			Panic(0, "Error accessing %s", SocketPath);
++		}
++	}
++	else if (!S_ISDIR(st.st_mode)) {
++		if (eff_uid == real_uid || st.st_uid == real_uid) {
++			Panic(0, "%s is not a directory.", SocketPath);
++		} else {
++			Panic(0, "Error accessing %s", SocketPath);
++		}
++	}
+ 	if (multi) {
+-		if (st.st_uid != multi_uid)
+-			Panic(0, "%s is not the owner of %s.", multi, SocketPath);
++		if (st.st_uid != multi_uid) {
++			if (eff_uid == real_uid || st.st_uid == real_uid) {
++				Panic(0, "%s is not the owner of %s.", multi, SocketPath);
++			} else {
++				Panic(0, "Error accessing %s", SocketPath);
++			}
++		}
+ 	} else {
+ #ifdef SOCKET_DIR	/* if SOCKETDIR is not defined, the socket is in $HOME.
+ 			   in that case it does not make sense to compare uids. */
+-		if (st.st_uid != real_uid)
+-			Panic(0, "You are not the owner of %s.", SocketPath);
++		if (st.st_uid != real_uid) {
++			if (eff_uid == real_uid) {
++				Panic(0, "You are not the owner of %s.", SocketPath);
++			} else {
++				Panic(0, "Error accessing %s", SocketPath);
++			}
++		}
+ #endif
+ 	}
+-	if ((st.st_mode & 0777) != 0700)
+-		Panic(0, "Directory %s must have mode 700.", SocketPath);
++	if ((st.st_mode & 0777) != 0700) {
++		if (eff_uid == real_uid || st.st_uid == real_uid) {
++			Panic(0, "Directory %s must have mode 700.", SocketPath);
++		} else {
++			Panic(0, "Error accessing %s", SocketPath);
++		}
++	}
+ 	if (SocketMatch && strchr(SocketMatch, '/'))
+ 		Panic(0, "Bad session name '%s'", SocketMatch);
+ 	SocketName = SocketPath + strlen(SocketPath) + 1;
+@@ -902,8 +927,13 @@ int main(int argc, char **argv)
+ 			else
+ 				exit(9 + (fo || oth ? 1 : 0) + fo);
+ 		}
+-		if (fo == 0)
+-			Panic(0, "No Sockets found in %s.\n", SocketPath);
++		if (fo == 0) {
++			if (eff_uid == real_uid || st.st_uid == real_uid) {
++				Panic(0, "No Sockets found in %s.\n", SocketPath);
++			} else {
++				Panic(0, "Error accessing %s", SocketPath);
++			}
++		}
+ 		Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SocketPath);
+ 		eexit(0);
+ 	}
+diff --git a/socket.c b/socket.c
+index 5709a24..d0b361a 100644
+--- a/socket.c
++++ b/socket.c
+@@ -148,8 +148,13 @@ int FindSocket(int *fdp, int *nfoundp, int *notherp, char *match)
+ 	xseteuid(real_uid);
+ 	xsetegid(real_gid);
+ 
+-	if ((dirp = opendir(SocketPath)) == NULL)
+-		Panic(errno, "Cannot opendir %s", SocketPath);
++	if ((dirp = opendir(SocketPath)) == NULL) {
++		if (eff_uid == real_uid) {
++			Panic(errno, "Cannot opendir %s", SocketPath);
++		} else {
++			Panic(0, "Error accessing %s", SocketPath);
++		}
++	}
+ 
+ 	slist = NULL;
+ 	slisttail = &slist;
+-- 
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-CVE-2025-46805.patch b/gnu/packages/patches/screen-fix-CVE-2025-46805.patch
new file mode 100644
index 00000000000..b24b2c06b58
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-CVE-2025-46805.patch
@@ -0,0 +1,115 @@
+From d993aacb892ee7aa83c0e21174c8b65b191802d5 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@HIDDEN>
+Date: Wed, 7 May 2025 12:30:39 +0200
+Subject: [PATCH 6/6] socket.c: don't send signals with root privileges to fix
+ CVE-2025-46805
+
+The CheckPid() function was introduced to address CVE-2023-24626, to
+prevent sending SIGCONT and SIGHUP to arbitrary PIDs in the system. This
+fix still suffers from a TOCTOU race condition. The client can replace
+itself by a privileged process, or try to cycle PIDs until a privileged
+process receives the original PID.
+
+To prevent this, always send signals using the real privileges. Keep
+CheckPid() for error diagnostics. If sending the actual signal fails
+later on then there will be no more error reporting.
+
+It seems the original bugfix already introduced a regression when
+attaching to another's user session that is not owned by root. In this
+case the target sessions runs with real uid X, while for sending a
+signal to the `pid` provided by the client real uid Y (or root
+privileges) are required.
+
+This is hard to properly fix without this regression. On Linux pidfds
+could be used to allow safely sending signals to other PIDs as root
+without involving race conditions. In this case the client PID should
+also be obtained via the UNIX domain socket's SO_PEERCRED option,
+though.
+---
+ socket.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/socket.c b/socket.c
+index d0b361a..c715519 100644
+--- a/socket.c
++++ b/socket.c
+@@ -91,6 +91,11 @@ static void AskPassword(Message *);
+ static bool CheckPassword(const char *password);
+ static void PasswordProcessInput(char *, size_t);
+ 
++static void KillUnpriv(pid_t pid, int sig) {
++	UserContext();
++	UserReturn(kill(pid, sig));
++}
++
+ #define SOCKMODE (S_IWRITE | S_IREAD | (displays ? S_IEXEC : 0) | (multi ? 1 : 0))
+ 
+ /*
+@@ -611,7 +616,7 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ 				Msg(errno, "Could not perform necessary sanity "
+ 					   "checks on pts device.");
+ 				close(i);
+-				Kill(pid, SIG_BYE);
++				KillUnpriv(pid, SIG_BYE);
+ 				return -1;
+ 			}
+ 			if (strcmp(ttyname_in_ns, m->m_tty)) {
+@@ -620,7 +625,7 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ 				    ttyname_in_ns,
+ 				    m->m_tty[0] != '\0' ? m->m_tty : "(null)");
+ 				close(i);
+-				Kill(pid, SIG_BYE);
++				KillUnpriv(pid, SIG_BYE);
+ 				return -1;
+ 			}
+ 			/* m->m_tty so far contains the actual name of the pts
+@@ -638,24 +643,24 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ 			    "Attach: passed fd does not match tty: %s - %s!",
+ 			    m->m_tty, myttyname ? myttyname : "NULL");
+ 			close(i);
+-			Kill(pid, SIG_BYE);
++			KillUnpriv(pid, SIG_BYE);
+ 			return -1;
+ 		}
+ 	} else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0) {
+ 		Msg(errno, "Attach: Could not open %s!", m->m_tty);
+-		Kill(pid, SIG_BYE);
++		KillUnpriv(pid, SIG_BYE);
+ 		return -1;
+ 	}
+ 
+ 	if (attach)
+-		Kill(pid, SIGCONT);
++		KillUnpriv(pid, SIGCONT);
+ 
+ 	if (attach) {
+ 		if (display || win) {
+ 			int unused_result = write(i, "Attaching from inside of screen?\n", 33);
+ 			(void)unused_result; /* unused */
+ 			close(i);
+-			Kill(pid, SIG_BYE);
++			KillUnpriv(pid, SIG_BYE);
+ 			Msg(0, "Attach msg ignored: coming from inside.");
+ 			return -1;
+ 		}
+@@ -678,7 +683,7 @@ static int CreateTempDisplay(Message *m, int recvfd, Window *win)
+ 		(void)unused_result; /* unused */
+ 		close(i);
+ 		Msg(0, "Attach: could not make display for user %s", user);
+-		Kill(pid, SIG_BYE);
++		KillUnpriv(pid, SIG_BYE);
+ 		return -1;
+ 	}
+ 	if (attach) {
+@@ -884,7 +889,7 @@ void ReceiveMsg(void)
+ 				Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+ 			}
+ 			else {
+-				Kill(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE);	/* Send SIG_BYE if an error happened */
++				KillUnpriv(m.m.command.apid, (queryflag >= 0) ? SIGCONT : SIG_BYE);	/* Send SIG_BYE if an error happened */
+ 				queryflag = -1;
+ 			}
+ 		}
+-- 
+2.49.0
+
diff --git a/gnu/packages/patches/screen-fix-bad-strncpy.patch b/gnu/packages/patches/screen-fix-bad-strncpy.patch
new file mode 100644
index 00000000000..3ad0a01b0c7
--- /dev/null
+++ b/gnu/packages/patches/screen-fix-bad-strncpy.patch
@@ -0,0 +1,60 @@
+From e61649242afc42213e7fd3bb8b3dbea33be96761 Mon Sep 17 00:00:00 2001
+From: Alex Naumov <alexander_naumov@HIDDEN>
+Date: Wed, 7 May 2025 10:49:24 +0200
+Subject: [PATCH 3/6] attacher.c: fix bad strncpy() which can lead to a buffer
+ overflow
+
+`strncpy()` always pads the destination buffer with zeroes, regardless
+of the length of the input string. Passing `MAXPATHLEN` in every `for`
+loop iteration will cause a buffer write overflow past the end of the
+`m.m.command.cmd` buffer.
+
+This becomes visible on systems that compile Screen with the
+`_FORTIFY_SOURCE` macro enabled when passing more than one parameter,
+for example like this:
+
+```
+screen -S myinstance -X blankerprg /path/to/blanker
+*** buffer overflow detected ***: terminated
+Aborted (core dumped)
+```
+
+This is not security relevant, since only zeroes are written past the
+end of the buffer and only other message buffer fields can be reached,
+no internal state of Screen can be changed.
+
+Committed-By: Matthias Gerstner <matthias.gerstner@HIDDEN>
+---
+ attacher.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/attacher.c b/attacher.c
+index d8de9d4..4e1a77e 100644
+--- a/attacher.c
++++ b/attacher.c
+@@ -457,13 +457,16 @@ void SendCmdMessage(char *sty, char *match, char **av, int query)
+ 	}
+ 	p = m.m.command.cmd;
+ 	n = 0;
++	size_t space_left = ARRAY_SIZE(m.m.command.cmd);
++
+ 	for (; *av && n < MAXARGS - 1; ++av, ++n) {
+-		size_t len;
+-		len = strlen(*av) + 1;
+-		if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) - 1)
+-			break;
+-		strncpy(p, *av, MAXPATHLEN);
+-		p += len;
++		int printed = snprintf(p, space_left, "%s", *av);
++		if (printed < 0 || (size_t)printed >= space_left)
++			Panic(0, "Total length of the command to send too large.\n");
++
++		printed += 1; // add null terminator
++		p += printed;
++		space_left -= printed;
+ 	}
+ 	*p = 0;
+ 	m.m.command.nargs = n;
+-- 
+2.49.0
+
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index 284bc86c718..52de8300848 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -52,7 +52,12 @@ (define-public screen
              (method url-fetch)
              (uri (string-append "mirror://gnu/screen/screen-"
                                  version ".tar.gz"))
-             (patches (search-patches "screen-hurd-path-max.patch"))
+             (patches (search-patches "screen-hurd-path-max.patch"
+                                      "screen-fix-CVE-2025-233.patch"
+                                      "screen-fix-CVE-2025-46802.patch"
+                                      "screen-fix-CVE-2025-46804.patch"
+                                      "screen-fix-CVE-2025-46805.patch"
+                                      "screen-fix-bad-strncpy.patch"))
              (sha256
               (base32 "0wa9v6p7cna2scpimpvk9pgxaah80f4q0f2kln37qp0f1b83jjph"))))
     (build-system gnu-build-system)
@@ -66,6 +71,10 @@ (define-public screen
       #~(list
          ;; GNU_SOURCE must be defined for mallocmock_reset() to be defined
          "CFLAGS=-O2 -g -D_GNU_SOURCE=1"
+         ;; As of 5.0.0, Screen creates world-writable PTYs by default, whereas
+         ;; previously the configure script used a safer mode of 620.
+         ;; See also <https://www.openwall.com/lists/oss-security/2025/05/12/1>.
+         "--with-pty-mode=620"
          ;; By default, screen supports 16 colors, but we want 256 when
          ;; ~/.screenrc contains 'term xterm-256color'.
          "--enable-colors256")))
@@ -78,7 +87,8 @@ (define-public screen
 then manages the different virtual terminals, allowing you to easily switch
 between them, to detach them from the current session, or even splitting the
 view to show two terminals at once.")
-    (license gpl2+)))
+    (license gpl2+)
+    (properties `((lint-hidden-cve . ("CVE-2025-46803"))))))
 
 (define-public dtach
   (package
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78430; Package guix-patches. Full text available.

Message received at 78430 <at> debbugs.gnu.org:


Received: (at 78430) by debbugs.gnu.org; 14 May 2025 19:51:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 14 15:51:12 2025
Received: from localhost ([127.0.0.1]:45812 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uFI8G-0006W9-F8
	for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:12 -0400
Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]:51211)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
 id 1uFI8D-0006VV-AU
 for 78430 <at> debbugs.gnu.org; Wed, 14 May 2025 15:51:09 -0400
Received: by mail-wm1-x343.google.com with SMTP id
 5b1f17b1804b1-43d0618746bso1435835e9.2
 for <78430 <at> debbugs.gnu.org>; Wed, 14 May 2025 12:51:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747252263; x=1747857063; darn=debbugs.gnu.org;
 h=mime-version:to:subject:date:from:references:in-reply-to:message-id
 :from:to:cc:subject:date:message-id:reply-to;
 bh=m/slnuxkfJKbNmreXMhRDl0bKvx0vWdsccfuSIQj9OQ=;
 b=I6EeVFYvouSKUdMkrijNTleC5XYH+Rnoe8Ei+djPyqVlLVxpSga5tj1Sz0vVBFu3o1
 PpvaGxL/sr4diLy8XOSwW2csm+WzpqAw3IcXTxrYjafM84FpASAvpFGdzyE5TrJQouAe
 4iT5LxhujOKp2bHE3+a17qfLP/APsbGXLfI1/xITIWwKmllPFNv63S9rt46wqGmNEZKB
 grED2Xfb8CdTqInBR2ynNkNb3LGiZENU0dNQw3jlEwCYpBEwdzWAr1UG+5ESl2CiBmvH
 Q9y+pCAj8mONT4gLqxLv24JdGOywBipC2UBWFXmy3c3BFVpsM3t0KH8EOEcRDRn6BaM4
 0H+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747252263; x=1747857063;
 h=mime-version:to:subject:date:from:references:in-reply-to:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=m/slnuxkfJKbNmreXMhRDl0bKvx0vWdsccfuSIQj9OQ=;
 b=DUJRf/1lu/6qOtKKeenNBFL452Wn4t+/xIpGQHVYZjSBEBKNAeGemAJhh0lL/qK1kQ
 HotZIVQBFe4tk1KG5pgOatNcrlf9VcS348lK2EQTan01rOe2LPXySxD3BdFSARi9GnXL
 uvisplPHc9AguiBCJV8+XH3VhmVtBSxzZQxkz9m6UbjZfaCzQ65wf0kXfDptkikYS4aj
 dXOkKLBD4VBpwcwlCANA/SUD1+UcguyQrRbpseqtS9vAJlHiY3oNiaa8IxkrG8Bgg+Ou
 OhihZXokjXF7jKIK+qJtiCkMl/HPIsqTjCJ7kVz5RBrEzpDn7LXE5rF/FYeDLXgXXOn8
 Wevg==
X-Gm-Message-State: AOJu0YzZldMJtSvfHkA6UZQdrnPMFtwgTsbcCHTqKBf3IQRHOEWbwxRY
 QdVFJhZkWE07D8/otsJFGiCnt3EFAWzE7xLugQ2rGEhzr4nmCW9MW9AfdGny
X-Gm-Gg: ASbGncvyHFmDeqBCMNZnPgvsHnUnx3dFpwQs6FPooJ67K9IJu8rB0IzmDxmklcdK+Qp
 LjrOZ9HMAeZ1WmetJpEuyjqo0DKetky66fBdgkFCgE5Kg30eOgxPCVt+YyyDuS4R4+VtP9m1YXd
 +HVGs5IGYz+uiqgEbkRyzJOsqlSMLYJM/G0mkGrAhG0nYgPggAGTvlom11h7XzV8u/vv3zHgKjN
 LWzUt0ZV7nLYj0TjJ2gnb1iXFf/Y7Nufii3KhEXqz4OvAbcOwEqCad5guNBdJYzvlVyLFmFBeuF
 QTJkQEN9WXZJbyyn1RGkLMaY3pxg3qrB7ORbBFbvEjoQQbuFzxmsfN3snNtb71ZDNnArgpWB3E8
 HOu+WBYK2rLlTmTPwyAfqTFIIghE=
X-Google-Smtp-Source: AGHT+IHHsy84bvX29h5ejRByNwXltzPE2+npEF/W4U6FjW5Pyf7fAiqtfObaub69yJJCvJQ+RyYpzg==
X-Received: by 2002:a05:600c:c87:b0:43d:46de:b0eb with SMTP id
 5b1f17b1804b1-442f20d7521mr42959015e9.12.1747252262923; 
 Wed, 14 May 2025 12:51:02 -0700 (PDT)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
 [85.127.114.32]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-442f397926asm41445745e9.36.2025.05.14.12.51.02
 for <78430 <at> debbugs.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 14 May 2025 12:51:02 -0700 (PDT)
Message-ID: <8c9e73024a55dec4bcea40a60359a0cb47726501.1747250195.git.liliana.prikler@HIDDEN>
In-Reply-To: <cover.1747250195.git.liliana.prikler@HIDDEN>
References: <cover.1747250195.git.liliana.prikler@HIDDEN>
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Date: Wed, 14 May 2025 20:44:58 +0200
Subject: [PATCH 1/2] gnu: screen: Use new package style.
to: 78430 <at> debbugs.gnu.org
MIME-Version: 1.0
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: * gnu/packages/screen.scm (screen)[arguments]: Change to list
 of G-Expressions. --- gnu/packages/screen.scm | 13 +++++++------ 1 file
 changed, 7 insertions(+),
 6 deletions(-) diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
 index e791f29190f..284bc86c718 100644 --- a/gnu/packages/screen.scm +++
 b/gnu/packages/screen.scm
 @@ -61,13 +61,14 @@ (define-public scre [...] 
 Content analysis details:   (2.1 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (liliana.prikler[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:1450:4864:20:0:0:0:343 listed in]
 [list.dnswl.org]
 2.1 MALFORMED_FREEMAIL     Bad headers on message from free email
 service 0.0 T_MXG_LOWER_HDR_SPAM   Lower case header spam
X-Debbugs-Envelope-To: 78430
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/packages/screen.scm (screen)[arguments]: Change to list
    of G-Expressions. --- gnu/packages/screen.scm | 13 +++++++------ 1 file changed,
    7 insertions(+), 6 deletions(-) diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
    index e791f29190f..284bc86c718 100644 --- a/gnu/packages/screen.scm +++ b/gnu/packages/screen.scm
    @@ -61,13 +61,14 @@ (define-public scre [...] 
 
 Content analysis details:   (1.1 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:343 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (liliana.prikler[at]gmail.com)
  2.1 MALFORMED_FREEMAIL     Bad headers on message from free email
                             service
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  0.0 T_MXG_LOWER_HDR_SPAM   Lower case header spam

* gnu/packages/screen.scm (screen)[arguments]: Change to list of G-Expressions.
---
 gnu/packages/screen.scm | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index e791f29190f..284bc86c718 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -61,13 +61,14 @@ (define-public screen
     (inputs
      (list libxcrypt linux-pam ncurses perl))
     (arguments
-     `(#:configure-flags
+     (list
+      #:configure-flags
+      #~(list
          ;; GNU_SOURCE must be defined for mallocmock_reset() to be defined
-         '("CFLAGS=-O2 -g -D_GNU_SOURCE=1"
-
-       ;; By default, screen supports 16 colors, but we want 256 when
-       ;; ~/.screenrc contains 'term xterm-256color'.
-           "--enable-colors256")))
+         "CFLAGS=-O2 -g -D_GNU_SOURCE=1"
+         ;; By default, screen supports 16 colors, but we want 256 when
+         ;; ~/.screenrc contains 'term xterm-256color'.
+         "--enable-colors256")))
     (home-page "https://www.gnu.org/software/screen/")
     (synopsis "Full-screen window manager providing multiple terminals")
     (description
-- 
2.49.0





Information forwarded to guix-patches@HIDDEN:
bug#78430; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 14 May 2025 19:19:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 14 15:19:42 2025
Received: from localhost ([127.0.0.1]:45475 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uFHdl-0002mw-0p
	for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:19:42 -0400
Received: from lists.gnu.org ([2001:470:142::17]:39560)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <liliana.prikler@HIDDEN>)
 id 1uFHde-0002kE-4o
 for submit <at> debbugs.gnu.org; Wed, 14 May 2025 15:19:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <liliana.prikler@HIDDEN>)
 id 1uFHdM-0003so-Ud
 for guix-patches@HIDDEN; Wed, 14 May 2025 15:19:18 -0400
Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <liliana.prikler@HIDDEN>)
 id 1uFHdJ-0004SR-24
 for guix-patches@HIDDEN; Wed, 14 May 2025 15:19:16 -0400
Received: by mail-wr1-x442.google.com with SMTP id
 ffacd0b85a97d-3a1fb18420aso128611f8f.1
 for <guix-patches@HIDDEN>; Wed, 14 May 2025 12:19:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747250350; x=1747855150; darn=gnu.org;
 h=to:content-transfer-encoding:mime-version:subject:date:from
 :message-id:from:to:cc:subject:date:message-id:reply-to;
 bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=;
 b=WsorUq6VBiI5ZnOCTMtGZs7mApTUKDV0EbFTuFItL6B9AVcYSAWxE0HrtJeGl0Wb4z
 fdTKtrLBE3NQSrD+jr26XRaJB06whzU6E8Y8IemfvlCTFkp+2rtrNY9hmfuXlo5X0anO
 z2wk+QCXyCZaBym6z0umN85KsL3FzdALBsw8H3+1jw8K6pUI3JAh+ryPdNytWpYtoxyg
 pfxN9jitDGu4dSNzVt2mC4U6JFDms4v31zYRZAZtrnJDM4InRQDL8oejwlr0QDdpW1FO
 9wBH/whsIAO+aYHQItMa24GyvtRXG632DxpYrdpp2eQtpVJ+4AS7xhT4QUL6TQn0lvI5
 MJ7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747250350; x=1747855150;
 h=to:content-transfer-encoding:mime-version:subject:date:from
 :message-id:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=;
 b=WPkgOrjULGvVI3KlF+xF0aD7OzlMi8Zke2lA9oUqwriHmCcNaG1NfN3b/Xsj996sLY
 FJy0ZTi0WcVBw1FIe7L3qsEOAweTSSEGVjzK/bp/YqVnkKqQzckHoLUMKHsIHbJ5Oyo7
 2j+iwAPga4o7LKoC6x1S1o2ndTrin8IJBnRvEAc7Wz9aZKqHqcQeUsCvCQaxgvJT8UI9
 i9SOgD9vnu7GHKOqb8Pect9oA5tt9eEuTp5xv2vx3gpx8+bA4idCsZXzM7VElNeZgzH9
 i1fniubDZJx3s+MeIrdGuS06s9qWq1Pca63nAvFtsj+8xhG2RTQbS6mwr0VK+2YXiW+x
 mjnA==
X-Gm-Message-State: AOJu0Yy+v4eoDvOjvyixUzAznWg1LcCqWGNof5SrWhWjbQx1b8G5fkKN
 /wcGitpCBzQATSddlPFfYYVgSlo0JXmSm+5YISbkRzdBCyBd955NSzCEQOtA
X-Gm-Gg: ASbGncuJ/lGXP/ZUacVywNcnBwVn9cpZF4xyUTZTkbqBtd0cv+v5DgwJ4HtWO0vfJCX
 CJ7gplYv4k5CDpbnCJ3Az+I9WxKFpAIcig7VZbvvCLVNJTtSalVNlSRCSnA9dPwKmxCpzBLuZcc
 dvpCEzWQUyIgOlRtCeJxqnIttsYE7TR4m+9CgNXeDeoz1to+n85iV1IzoXrQAIKF/kRp52jnNvg
 uK7TzdxRdEUmiy9gX2zwzzBvgpGXNK3VkQZIwuSYUxJSsv2k0IlK2yFAnhpd1ZazUvsGvqkpv9z
 4imSFw6gZ4YxxtCi49CYulLrrHpb0XMfTQp0lgN6qhkDBjK2A1ey1Lzuob+6F5EDP3N6cf9avXs
 /Ub+OkCoSGVjNItFvkk20Z6YkIQ6uCVO2Dj6omg==
X-Google-Smtp-Source: AGHT+IFRKR+PqphOd3OK2LrrMzeiBB2Hb2dynCtd2AGlhYXKwalHGr3WvuBdSRJCJH7S+qoylTSXYA==
X-Received: by 2002:a5d:5848:0:b0:3a1:fdfd:8f9f with SMTP id
 ffacd0b85a97d-3a3496954edmr4394474f8f.1.1747250349658; 
 Wed, 14 May 2025 12:19:09 -0700 (PDT)
Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at.
 [85.127.114.32]) by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-3a1f58ebe00sm20918375f8f.38.2025.05.14.12.19.08
 for <guix-patches@HIDDEN>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 14 May 2025 12:19:08 -0700 (PDT)
Message-ID: <cover.1747250195.git.liliana.prikler@HIDDEN>
From: Liliana Marie Prikler <liliana.prikler@HIDDEN>
Date: Wed, 14 May 2025 21:16:35 +0200
Subject: [PATCH 0/2] Fix vulnerabilities in GNU Screen
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
to: guix-patches@HIDDEN
Received-SPF: pass client-ip=2a00:1450:4864:20::442;
 envelope-from=liliana.prikler@HIDDEN; helo=mail-wr1-x442.google.com
X-Spam_score_int: 0
X-Spam_score: 0.0
X-Spam_bar: /
X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 MALFORMED_FREEMAIL=2.117, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_MXG_LOWER_HDR_SPAM=0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 3.1 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi Guix, as outlined in [1],
 the current version of GNU Screen
 packaged in Guix suffers from multiple vulnerabilities. This series first
 cleans up the package style and then applies the patches that fix them. 
 Content analysis details:   (3.1 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (liliana.prikler[at]gmail.com)
 2.1 MALFORMED_FREEMAIL     Bad headers on message from free email
 service 0.0 T_MXG_LOWER_HDR_SPAM   Lower case header spam
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi Guix, as outlined in [1], the current version of GNU Screen
    packaged in Guix suffers from multiple vulnerabilities. This series first
    cleans up the package style and then applies the patches that fix them. 
 
 Content analysis details:   (2.1 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2001:470:142:0:0:0:0:17 listed in]
                             [list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (liliana.prikler[at]gmail.com)
  2.1 MALFORMED_FREEMAIL     Bad headers on message from free email
                             service
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  0.0 T_MXG_LOWER_HDR_SPAM   Lower case header spam

Hi Guix,

as outlined in [1], the current version of GNU Screen packaged in Guix
suffers from multiple vulnerabilities.  This series first cleans up the
package style and then applies the patches that fix them.

Cheers

[1] https://www.openwall.com/lists/oss-security/2025/05/12/1

Liliana Marie Prikler (2):
  gnu: screen: Use new package style.
  gnu: screen: Fix multiple CVEs.

 gnu/local.mk                                  |   5 +
 .../patches/screen-fix-CVE-2025-233.patch     | 137 ++++++++++++++++++
 .../patches/screen-fix-CVE-2025-46802.patch   | 113 +++++++++++++++
 .../patches/screen-fix-CVE-2025-46804.patch   | 130 +++++++++++++++++
 .../patches/screen-fix-CVE-2025-46805.patch   | 115 +++++++++++++++
 .../patches/screen-fix-bad-strncpy.patch      |  60 ++++++++
 gnu/packages/screen.scm                       |  27 +++-
 7 files changed, 579 insertions(+), 8 deletions(-)
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-233.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46802.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46804.patch
 create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46805.patch
 create mode 100644 gnu/packages/patches/screen-fix-bad-strncpy.patch


base-commit: 5f5d84beccc180f1b51474c0e47eb6e0d0c9175f
-- 
2.49.0





Acknowledgement sent to Liliana Marie Prikler <liliana.prikler@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#78430; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sat, 17 May 2025 15:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.