Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package screen for openSUSE:Factory checked
in at 2025-05-26 18:31:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/screen (Old)
and /work/SRC/openSUSE:Factory/.screen.new.2732 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "screen"
Mon May 26 18:31:50 2025 rev:67 rq:1279269 version:4.9.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/screen/screen.changes 2025-03-31
11:36:57.964705668 +0200
+++ /work/SRC/openSUSE:Factory/.screen.new.2732/screen.changes 2025-05-26
18:32:49.052568756 +0200
@@ -1,0 +2,11 @@
+Thu May 22 13:30:23 CEST 2025 - m...@suse.de
+
+- also use tty fd passing after a suspend (MSG_CONT)
+ new patch: sendfdcont.diff
+- do not chmod the tty for multiattach, rely on tty fd passing
+ instead [bsc#1242269] [CVE-2025-46802]
+ new patch: nottychmod.diff
+- fix resume after suspend in multiuser mode
+ new patch: multicont.diff
+
+-------------------------------------------------------------------
New:
----
multicont.diff
nottychmod.diff
sendfdcont.diff
BETA DEBUG BEGIN:
New:- fix resume after suspend in multiuser mode
new patch: multicont.diff
New: instead [bsc#1242269] [CVE-2025-46802]
new patch: nottychmod.diff
- fix resume after suspend in multiuser mode
New:- also use tty fd passing after a suspend (MSG_CONT)
new patch: sendfdcont.diff
- do not chmod the tty for multiattach, rely on tty fd passing
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ screen.spec ++++++
--- /var/tmp/diff_new_pack.B9Bh3k/_old 2025-05-26 18:32:49.584591061 +0200
+++ /var/tmp/diff_new_pack.B9Bh3k/_new 2025-05-26 18:32:49.584591061 +0200
@@ -35,6 +35,9 @@
Source4: screen.pam
Patch0: global_screenrc.patch
Patch6: libtinfo.diff
+Patch7: sendfdcont.diff
+Patch8: nottychmod.diff
+Patch9: multicont.diff
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: makeinfo
@@ -60,6 +63,9 @@
%patch -P 0
# libtinfo.diff
%patch -P 6
+%patch -P 7
+%patch -P 8
+%patch -P 9
%build
sh ./autogen.sh
@@ -69,6 +75,7 @@
--with-socket-dir='(eff_uid ?
"%{rundir}/uscreens" : "%{rundir}/screens")' \
--with-sys-screenrc=%{_sysconfdir}/screenrc \
--with-pty-group=5 \
+ --with-pty-mode=0620 \
--enable-use-locale \
--enable-telnet \
--enable-pam \
++++++ multicont.diff ++++++
--- attacher.c.orig 2025-05-22 11:29:37.805021734 +0000
+++ attacher.c 2025-05-22 11:29:42.281014540 +0000
@@ -148,7 +148,7 @@ int how;
struct msg m;
struct stat st;
char *s;
- bool is_socket;
+ bool is_socket = 0;
debug2("Attach: how=%d, tty=%s\n", how, attach_tty);
#ifdef MULTIUSER
@@ -225,9 +225,16 @@ int how;
strncpy(m.m_tty, attach_tty_is_in_new_ns ? attach_tty_name_in_ns :
attach_tty, sizeof(m.m_tty) - 1);
m.m_tty[sizeof(m.m_tty) - 1] = 0;
- is_socket = IsSocket(SockPath);
if (how == MSG_WINCH)
{
+#if defined(MULTIUSER) && defined(USE_SETEUID)
+ if (multiattach)
+ {
+ xseteuid(real_uid);
+ xsetegid(real_gid);
+ }
+#endif
+ is_socket = IsSocket(SockPath);
if ((lasts = MakeClientSocket(0, is_socket)) >= 0)
{
WriteMessage(lasts, &m);
@@ -238,6 +245,14 @@ int how;
if (how == MSG_CONT)
{
+#if defined(MULTIUSER) && defined(USE_SETEUID)
+ if (multiattach)
+ {
+ xseteuid(real_uid);
+ xsetegid(real_gid);
+ }
+#endif
+ is_socket = IsSocket(SockPath);
if ((lasts = MakeClientSocket(0, is_socket)) < 0)
{
Panic(0, "Sorry, cannot contact session \"%s\" again.\r\n",
++++++ nottychmod.diff ++++++
--- attacher.c.orig 2025-05-22 11:26:20.505338847 +0000
+++ attacher.c 2025-05-22 11:27:45.393202410 +0000
@@ -73,7 +73,6 @@ extern int MasterPid, attach_fd;
#ifdef MULTIUSER
extern char *multi;
extern int multiattach, multi_uid, own_uid;
-extern int tty_mode, tty_oldmode;
# ifndef USE_SETEUID
static int multipipe[2];
# endif
@@ -160,9 +159,6 @@ int how;
if (pipe(multipipe))
Panic(errno, "pipe");
- if (chmod(attach_tty, 0666))
- Panic(errno, "chmod %s", attach_tty);
- tty_oldmode = tty_mode;
eff_uid = -1; /* make UserContext fork */
real_uid = multi_uid;
if ((ret = UserContext()) <= 0)
@@ -174,11 +170,6 @@ int how;
Panic(errno, "UserContext");
close(multipipe[1]);
read(multipipe[0], &dummy, 1);
- if (tty_oldmode >= 0)
- {
- chmod(attach_tty, tty_oldmode);
- tty_oldmode = -1;
- }
ret = UserStatus();
#ifdef LOCK
if (ret == SIG_LOCK)
@@ -224,9 +215,6 @@ int how;
xseteuid(multi_uid);
xseteuid(own_uid);
#endif
- if (chmod(attach_tty, 0666))
- Panic(errno, "chmod %s", attach_tty);
- tty_oldmode = tty_mode;
}
# endif /* USE_SETEUID */
#endif /* MULTIUSER */
@@ -423,13 +411,6 @@ int how;
ContinuePlease = 0;
# ifndef USE_SETEUID
close(multipipe[1]);
-# else
- xseteuid(own_uid);
- if (tty_oldmode >= 0)
- if (chmod(attach_tty, tty_oldmode))
- Panic(errno, "chmod %s", attach_tty);
- tty_oldmode = -1;
- xseteuid(real_uid);
# endif
}
#endif
@@ -505,14 +486,6 @@ AttacherFinit SIGDEFARG
close(s);
}
}
-#ifdef MULTIUSER
- if (tty_oldmode >= 0)
- {
- if (setuid(own_uid))
- Panic(errno, "setuid");
- chmod(attach_tty, tty_oldmode);
- }
-#endif
exit(0);
SIGRETURN;
}
--- screen.c.orig 2023-08-16 00:29:26.000000000 +0000
+++ screen.c 2025-05-22 11:26:40.577306586 +0000
@@ -230,8 +230,6 @@ char *multi_home;
int multi_uid;
int own_uid;
int multiattach;
-int tty_mode;
-int tty_oldmode = -1;
#endif
char HostName[MAXSTR];
@@ -1009,9 +1007,6 @@ int main(int ac, char** av)
/* ttyname implies isatty */
SetTtyname(true, &st);
-#ifdef MULTIUSER
- tty_mode = (int)st.st_mode & 0777;
-#endif
fl = fcntl(0, F_GETFL, 0);
if (fl != -1 && (fl & (O_RDWR|O_RDONLY|O_WRONLY)) == O_RDWR)
@@ -2170,20 +2165,6 @@ DEFINE_VARARGS_FN(Panic)
if (D_userpid)
Kill(D_userpid, SIG_BYE);
}
-#ifdef MULTIUSER
- if (tty_oldmode >= 0) {
-
-# ifdef USE_SETEUID
- if (setuid(own_uid))
- xseteuid(own_uid); /* may be a loop. sigh. */
-# else
- setuid(own_uid);
-# endif
-
- debug1("Panic: changing back modes from %s\n", attach_tty);
- chmod(attach_tty, tty_oldmode);
- }
-#endif
eexit(1);
}
++++++ sendfdcont.diff ++++++
--- attacher.c.orig 2025-05-22 09:23:03.861076640 +0000
+++ attacher.c 2025-05-22 09:29:29.060392092 +0000
@@ -112,7 +112,7 @@ QueryResultFail SIGDEFARG
* Understands MSG_ATTACH, MSG_DETACH, MSG_POW_DETACH
* MSG_CONT, MSG_WINCH and nothing else!
*
- * if type == MSG_ATTACH and sockets are used, attaches
+ * if type == MSG_ATTACH or MSG_CONT and sockets are used, attaches
* tty file descriptor.
*/
@@ -125,7 +125,7 @@ struct msg *m;
bool is_socket;
is_socket = IsSocket(SockPath);
- if (is_socket && m->type == MSG_ATTACH)
+ if (is_socket && (m->type == MSG_ATTACH || m->type == MSG_CONT))
return SendAttachMsg(s, m, attach_fd);
while(l > 0)
--- socket.c.orig 2025-05-22 09:23:09.261067045 +0000
+++ socket.c 2025-05-22 09:25:24.044827531 +0000
@@ -1169,7 +1169,7 @@ ReceiveMsg()
}
debug2("*** RecMsg: type %d tty %s\n", m.type, m.m_tty);
- if (m.type != MSG_ATTACH && recvfd != -1)
+ if (m.type != MSG_ATTACH && m.type != MSG_CONT && recvfd != -1)
{
close(recvfd);
recvfd = -1;
@@ -1222,7 +1222,11 @@ ReceiveMsg()
break;
case MSG_CONT:
if (display && D_userpid != 0 && kill(D_userpid, 0) == 0)
- break; /* Intruder Alert */
+ {
+ if (recvfd != -1)
+ close(recvfd);
+ break; /* Intruder Alert */
+ }
debug2("RecMsg: apid=%d,was %d\n", m.m.attach.apid,
display ? D_userpid : 0);
/* FALLTHROUGH */
