* [PATCH v2] screen: Update to version 5.0.1
@ 2025-05-23 16:03 Adolf Belka
2025-05-26 9:04 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Adolf Belka @ 2025-05-23 16:03 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- This v2 version is with the correct tarball, without the binary object files.
- Update from version 5.0.0 to 5.0.1
- Update of rootfile
- 5 CVE fixes included in this version
- Changelog
5.0.1
Security fix
CVE-2025-46805: do NOT send signals with root privileges
CVE-2025-46804: avoid file existence test information leaks
CVE-2025-46803: apply safe PTY default mode of 0620
CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
CVE-2025-23395: reintroduce lf_secreopen() for logfile
buffer overflow due bad strncpy()
uninitialized variables warnings
typos
combining char handling that could lead to a segfault
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/screen | 3 +--
lfs/screen | 6 +++---
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/config/rootfiles/common/screen b/config/rootfiles/common/screen
index 3442bff2b..e8b72aaa2 100644
--- a/config/rootfiles/common/screen
+++ b/config/rootfiles/common/screen
@@ -1,7 +1,6 @@
etc/screenrc
usr/bin/screen
-usr/bin/screen-5.0.0
-#usr/share/info/screen.info
+usr/bin/screen-5.0.1
#usr/share/man/man1/screen.1
#usr/share/screen
#usr/share/screen/utf8encodings
diff --git a/lfs/screen b/lfs/screen
index 6388002cf..5c7201985 100644
--- a/lfs/screen
+++ b/lfs/screen
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 5.0.0
+VER = 5.0.1
THISAPP = screen-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5ff218afc1692ae201776f759ff2217a51dcf02202e4ba5d12de50a768df83e0e2a7a3511a5f85a3b21362892f31a4fd90d6444918915165ae12a8c0c2b3af39
+$(DL_FILE)_BLAKE2 = ce8478718903ea4f9f7d5de2c77008cee304fef1065f3d564844844cb3ba7acb88bfe2cda051cecee0f034b19ea4e52a0fcc1549f9339eac33e7748ab59cd0f5
install : $(TARGET)
--
2.49.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH v2] screen: Update to version 5.0.1
2025-05-23 16:03 [PATCH v2] screen: Update to version 5.0.1 Adolf Belka
@ 2025-05-26 9:04 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2025-05-26 9:04 UTC (permalink / raw)
To: Adolf Belka; +Cc: development
Thank you. This seems to iron out any problems from the first tarball.
Best,
-Michael
> On 23 May 2025, at 17:03, Adolf Belka <adolf.belka@ipfire.org> wrote:
>
> - This v2 version is with the correct tarball, without the binary object files.
> - Update from version 5.0.0 to 5.0.1
> - Update of rootfile
> - 5 CVE fixes included in this version
> - Changelog
> 5.0.1
> Security fix
> CVE-2025-46805: do NOT send signals with root privileges
> CVE-2025-46804: avoid file existence test information leaks
> CVE-2025-46803: apply safe PTY default mode of 0620
> CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
> CVE-2025-23395: reintroduce lf_secreopen() for logfile
> buffer overflow due bad strncpy()
> uninitialized variables warnings
> typos
> combining char handling that could lead to a segfault
>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/common/screen | 3 +--
> lfs/screen | 6 +++---
> 2 files changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/config/rootfiles/common/screen b/config/rootfiles/common/screen
> index 3442bff2b..e8b72aaa2 100644
> --- a/config/rootfiles/common/screen
> +++ b/config/rootfiles/common/screen
> @@ -1,7 +1,6 @@
> etc/screenrc
> usr/bin/screen
> -usr/bin/screen-5.0.0
> -#usr/share/info/screen.info
> +usr/bin/screen-5.0.1
> #usr/share/man/man1/screen.1
> #usr/share/screen
> #usr/share/screen/utf8encodings
> diff --git a/lfs/screen b/lfs/screen
> index 6388002cf..5c7201985 100644
> --- a/lfs/screen
> +++ b/lfs/screen
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 5.0.0
> +VER = 5.0.1
>
> THISAPP = screen-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 5ff218afc1692ae201776f759ff2217a51dcf02202e4ba5d12de50a768df83e0e2a7a3511a5f85a3b21362892f31a4fd90d6444918915165ae12a8c0c2b3af39
> +$(DL_FILE)_BLAKE2 = ce8478718903ea4f9f7d5de2c77008cee304fef1065f3d564844844cb3ba7acb88bfe2cda051cecee0f034b19ea4e52a0fcc1549f9339eac33e7748ab59cd0f5
>
> install : $(TARGET)
>
> --
> 2.49.0
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-26 9:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-05-23 16:03 [PATCH v2] screen: Update to version 5.0.1 Adolf Belka
2025-05-26 9:04 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox