Hi, Niels Thykier wrote: > > In the Debian Installer https://bugs.debian.org/857808 popped up and > > Samuel Thibault found a patch for a workaround. See the upstream bug > > at https://savannah.gnu.org/bugs/?50588 for an explanation how the > > patch works. > > > > I've prepared, but not yet uploaded version 4.5.0-4 of Debian's screen > > package to address this. The package is prepared in the branch > > "stretch": > > https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch [...] > Please go ahead. It will also need a d-i ack, but we will deal with > that after the upload.
Uploaded. Full final debdiff attached. There's one minor and no-op change compared to the git diff I posted initially: diff --git a/debian/patches/series b/debian/patches/series index 7c90770..c1d448c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -11,8 +11,8 @@ 60-screen-4.2.1-debian4.1.0-compatibility.patch 61-default-PATH_MAX-if-undefined-for-hurd.patch 62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch -# 80-99: experimental patches, new features etc. 63-fix-garbage-on-serial-terminal.patch +# 80-99: experimental patches, new features etc. 80_session_creation_docs.patch 81_session_creation_util.patch 82_session_creation_core.patch i.e. I moved that comment back to the right position as the patch was added behind that comment by quilt.. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
diff -Nru screen-4.5.0/debian/changelog screen-4.5.0/debian/changelog --- screen-4.5.0/debian/changelog 2017-01-24 22:57:44.000000000 +0100 +++ screen-4.5.0/debian/changelog 2017-03-22 01:13:07.000000000 +0100 @@ -1,8 +1,17 @@ +screen (4.5.0-4) unstable; urgency=low + + * Add CVE-ID to previous changelog entry and + 62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch. + * Apply patch by Samuel Thibault to fix terminal garbage in Debian + Installer over serial line. (Closes: #857808) + + -- Axel Beckert <a...@debian.org> Wed, 22 Mar 2017 01:13:07 +0100 + screen (4.5.0-3) unstable; urgency=medium * Add patch to revert upstream commit 5460f5d2 ("adding permissions check for the logfile name") which caused a privilege escalation. - (Closes: #852484) + (CVE-2017-5618, Closes: #852484) -- Axel Beckert <a...@debian.org> Tue, 24 Jan 2017 22:57:44 +0100 diff -Nru screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch --- screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch 2017-01-24 22:48:04.000000000 +0100 +++ screen-4.5.0/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch 2017-03-22 01:13:07.000000000 +0100 @@ -1,7 +1,7 @@ -Description: Fix privilege escalation by reverting upstream commit 5460f5d2 +Description: [CVE-2017-5618] Fix privilege escalation by reverting upstream commit 5460f5d2 Author: Axel Beckert <a...@debian.org> Bug-Debian: https://bugs.debian.org/852484 -Bug-CVE: http://www.openwall.com/lists/oss-security/2017/01/24/10 +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618 Bug: https://savannah.gnu.org/bugs/?50142 https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html diff -Nru screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch --- screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch 1970-01-01 01:00:00.000000000 +0100 +++ screen-4.5.0/debian/patches/63-fix-garbage-on-serial-terminal.patch 2017-03-22 01:13:07.000000000 +0100 @@ -0,0 +1,17 @@ +Description: Fix terminal garbage in Debian Installer over serial line +Author: Samuel Thibault <sthiba...@debian.org> +Reviewed-By: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> +Bug-Debian: https://bugs.debian.org/857808 +Bug: https://savannah.gnu.org/bugs/?50588 + +--- a/termcap.c ++++ b/termcap.c +@@ -486,6 +486,8 @@ + + D_tcinited = 1; + MakeTermcap(0); ++ /* Make sure libterm uses external term properties for our tputs() calls. */ ++ e_tgetent(tbuf, D_termname); + #ifdef MAPKEYS + CheckEscape(); + #endif diff -Nru screen-4.5.0/debian/patches/series screen-4.5.0/debian/patches/series --- screen-4.5.0/debian/patches/series 2017-01-24 22:46:11.000000000 +0100 +++ screen-4.5.0/debian/patches/series 2017-03-22 01:13:07.000000000 +0100 @@ -11,6 +11,7 @@ 60-screen-4.2.1-debian4.1.0-compatibility.patch 61-default-PATH_MAX-if-undefined-for-hurd.patch 62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch +63-fix-garbage-on-serial-terminal.patch # 80-99: experimental patches, new features etc. 80_session_creation_docs.patch 81_session_creation_util.patch
signature.asc
Description: Digital signature