CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2025/05/15 07:08:21
Modified files:
misc/screen : Tag: OPENBSD_7_7 Makefile distinfo
misc/screen/patches: Tag: OPENBSD_7_7 patch-doc_screen_1
patch-doc_screen_texinfo
Added files:
misc/screen/patches: Tag: OPENBSD_7_7 patch-tests_mallocmock_c
Log message:
update -stable to screen-5.0.1
our package was not installing screen setuid root (unlike some other OS)
so isn't particularly badly affected by the recently announced problems
but updating seems sensible anyway
from the upstream release notes:
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault
some ports fiddling required to clean the extracted distfile because the
upstream tarball includes configure-generated files and compiled objects.
