Hello Adolf, Thank you for this patch. I had merged this into next, but I will revert this again.
screen seems to ship binary objects in the source tarball: root@arm64-01:/build/ipfire-2.x# tar tvfa cache/screen-5.0.1.tar.gz | grep \.o$ -rw-rw-r-- alex/alex 16712 2025-05-12 11:59 screen-5.0.1/sched.o -rw-rw-r-- alex/alex 43808 2025-05-12 11:59 screen-5.0.1/backtick.o -rw-rw-r-- alex/alex 9080 2025-05-12 11:59 screen-5.0.1/winmsgcond.o -rw-rw-r-- alex/alex 81728 2025-05-12 11:59 screen-5.0.1/canvas.o -rw-rw-r-- alex/alex 50680 2025-05-12 11:59 screen-5.0.1/search.o -rw-rw-r-- alex/alex 32752 2025-05-12 11:59 screen-5.0.1/winmsgbuf.o -rw-rw-r-- alex/alex 11888 2025-05-12 11:59 screen-5.0.1/term.o -rw-rw-r-- alex/alex 2800 2025-05-12 11:59 screen-5.0.1/telnet.o -rw-rw-r-- alex/alex 54224 2025-05-12 11:59 screen-5.0.1/layout.o -rw-rw-r-- alex/alex 107776 2025-05-12 11:59 screen-5.0.1/mark.o -rw-rw-r-- alex/alex 58640 2025-05-12 11:59 screen-5.0.1/list_generic.o -rw-rw-r-- alex/alex 55912 2025-05-12 11:59 screen-5.0.1/input.o -rw-rw-r-- alex/alex 97520 2025-05-12 11:59 screen-5.0.1/winmsg.o -rw-rw-r-- alex/alex 108256 2025-05-12 11:59 screen-5.0.1/layer.o -rw-rw-r-- alex/alex 50344 2025-05-12 11:59 screen-5.0.1/misc.o -rw-rw-r-- alex/alex 166432 2025-05-12 11:59 screen-5.0.1/window.o -rw-rw-r-- alex/alex 72440 2025-05-12 11:59 screen-5.0.1/help.o -rw-rw-r-- alex/alex 154704 2025-05-12 11:59 screen-5.0.1/termcap.o -rw-rw-r-- alex/alex 300672 2025-05-12 11:59 screen-5.0.1/display.o -rw-rw-r-- alex/alex 73432 2025-05-12 11:59 screen-5.0.1/list_window.o -rw-rw-r-- alex/alex 85392 2025-05-12 11:59 screen-5.0.1/resize.o -rw-rw-r-- alex/alex 650104 2025-05-12 11:59 screen-5.0.1/process.o -rw-rw-r-- alex/alex 218400 2025-05-12 11:59 screen-5.0.1/ansi.o -rw-rw-r-- alex/alex 6704 2025-05-12 11:59 screen-5.0.1/kmapdef.o -rw-rw-r-- alex/alex 27016 2025-05-12 11:59 screen-5.0.1/logfile.o -rw-rw-r-- alex/alex 6760 2025-05-12 11:59 screen-5.0.1/pty.o -rw-rw-r-- alex/alex 42704 2025-05-12 11:59 screen-5.0.1/list_display.o -rw-rw-r-- alex/alex 14160 2025-05-12 11:59 screen-5.0.1/comm.o -rw-rw-r-- alex/alex 231600 2025-05-12 12:08 screen-5.0.1/doc/screen.texinfo -rw-rw-r-- alex/alex 42936 2025-05-12 11:59 screen-5.0.1/list_license.o -rw-rw-r-- alex/alex 146368 2025-05-12 11:59 screen-5.0.1/socket.o -rw-rw-r-- alex/alex 4176 2025-05-12 11:59 screen-5.0.1/utmp.o -rw-rw-r-- alex/alex 78792 2025-05-12 11:59 screen-5.0.1/acls.o -rw-rw-r-- alex/alex 53560 2025-05-12 11:59 screen-5.0.1/attacher.o -rw-rw-r-- alex/alex 237472 2025-05-12 11:59 screen-5.0.1/screen.o -rw-rw-r-- alex/alex 101016 2025-05-12 11:59 screen-5.0.1/fileio.o -rw-rw-r-- alex/alex 98056 2025-05-12 11:59 screen-5.0.1/encoding.o -rw-rw-r-- alex/alex 29592 2025-05-12 11:59 screen-5.0.1/viewport.o -rw-rw-r-- alex/alex 77104 2025-05-12 11:59 screen-5.0.1/tty.o They seem to be x86_64, and so the build fails on ARM. This is however either a mistake or I would consider this a way to ship any backdoored software. I have no time to investigate so I am going to assume the latter for now and will be *very* careful. -Michael > On 15 May 2025, at 17:25, Adolf Belka <adolf.be...@ipfire.org> wrote: > > - Update from version 5.0.0 to 5.0.1 > - Update of rootfile > - 5 CVE fixes included in this version > - Changelog > 5.0.1 > Security fix > CVE-2025-46805: do NOT send signals with root privileges > CVE-2025-46804: avoid file existence test information leaks > CVE-2025-46803: apply safe PTY default mode of 0620 > CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher > CVE-2025-23395: reintroduce lf_secreopen() for logfile > buffer overflow due bad strncpy() > uninitialized variables warnings > typos > combining char handling that could lead to a segfault > > Signed-off-by: Adolf Belka <adolf.be...@ipfire.org> > --- > config/rootfiles/common/screen | 3 +-- > lfs/screen | 6 +++--- > 2 files changed, 4 insertions(+), 5 deletions(-) > > diff --git a/config/rootfiles/common/screen b/config/rootfiles/common/screen > index 3442bff2b..e8b72aaa2 100644 > --- a/config/rootfiles/common/screen > +++ b/config/rootfiles/common/screen > @@ -1,7 +1,6 @@ > etc/screenrc > usr/bin/screen > -usr/bin/screen-5.0.0 > -#usr/share/info/screen.info > +usr/bin/screen-5.0.1 > #usr/share/man/man1/screen.1 > #usr/share/screen > #usr/share/screen/utf8encodings > diff --git a/lfs/screen b/lfs/screen > index 6388002cf..d1c0380fb 100644 > --- a/lfs/screen > +++ b/lfs/screen > @@ -1,7 +1,7 @@ > ############################################################################### > # > # > # IPFire.org - A linux based firewall > # > -# Copyright (C) 2007-2024 IPFire Team <i...@ipfire.org> > # > +# Copyright (C) 2007-2025 IPFire Team <i...@ipfire.org> > # > # > # > # This program is free software: you can redistribute it and/or modify > # > # it under the terms of the GNU General Public License as published by > # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 5.0.0 > +VER = 5.0.1 > > THISAPP = screen-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = > 5ff218afc1692ae201776f759ff2217a51dcf02202e4ba5d12de50a768df83e0e2a7a3511a5f85a3b21362892f31a4fd90d6444918915165ae12a8c0c2b3af39 > +$(DL_FILE)_BLAKE2 = > f33f985bb9855a5335b72f93b3e8cf8fccddc7c18d3db3fd7493da2825b17002d798e6cf95d35fc39194eb6933018be96efa0b4f6aa4894657ab258f86002220 > > install : $(TARGET) > > -- > 2.49.0 > >
