1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1105892: [pre-approval request] unblock: screen/4.9.1-2.1 (2/2)

    From Salvatore Bonaccorso@21:1/5 to All on Fri May 16 18:40:01 2025
    [continued from previous message]

    + /* m->m_tty so far contains the actual name of the pts device in the +@@ -941,19 +946,19 @@ struct win *wi;
    + {
    + Msg(errno, "Attach: passed fd does not match tty: %s - %s!", m->m_tty, myttyname ? myttyname : "NULL");
    + close(i);
    +- Kill(pid, SIG_BYE);
    ++ KillUnpriv(pid, SIG_BYE);
    + return -1;
    + }
    + }
    + else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0)
    + {
    + Msg(errno, "Attach: Could not open %s!", m->m_tty);
    +- Kill(pid, SIG_BYE);
    ++ KillUnpriv(pid, SIG_BYE);
    + return -1;
    + }
    + #ifdef MULTIUSER
    + if (attach)
    +- Kill(pid, SIGCONT);
    ++ KillUnpriv(pid, SIGCONT);
    + #endif
    +
    + #if defined(ultrix) || defined(pyr) || defined(NeXT)
    +@@ -966,7 +971,7 @@ struct win *wi;
    + {
    + write(i, "Attaching from inside of screen?\n", 33);
    + close(i);
    +- Kill(pid, SIG_BYE);
    ++ KillUnpriv(pid, SIG_BYE);
    + Msg(0, "Attach msg ignored: coming from inside.");
    + return -1;
    + }
    +@@ -977,7 +982,7 @@ struct win *wi;
    + {
    + write(i, "Access to session denied.\n", 26);
    + close(i);
    +- Kill(pid, SIG_BYE);
    ++ KillUnpriv(pid, SIG_BYE);
    + Msg(0, "Attach: access denied for user %s.", user);
    + return -1;
    + }
    +@@ -1295,7 +1300,7 @@ ReceiveMsg()
    + Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
    + }
    + else {
    +- Kill(m.m.command.apid,
    ++ KillUnpriv(m.m.command.apid,
    + (queryflag >= 0)
    + ? SIGCONT
    + : SIG_BYE); /* Send SIG_BYE if an error happened */
    diff -Nru screen-4.9.1/debian/patches/series screen-4.9.1/debian/patches/series --- screen-4.9.1/debian/patches/series 2023-09-06 23:22:33.000000000 +0200
    +++ screen-4.9.1/debian/patches/series 2025-05-16 17:46:51.000000000 +0200
    @@ -1,4 +1,5 @@
    # 01-08: fixes to configure, altering preprocessor macros etc. +03disable-utmp.patch
    05prefer-libtinfo-over-libcurses.patch
    # 10-79: "regular" code and documentation fixes
    11replace_doc_paths.patch
    @@ -14,3 +15,6 @@
    81_session_creation_util.patch
    82_session_creation_core.patch
    85_bracketed-paste-patch-by-Unit193_dpaste.com_5KJ572GZM.patch +fix-CVE-2025-46802-attacher.c-prevent-temporary-0666.patch +fix-CVE-2025-46804-avoid-file-existence-test-informa.patch +fix-CVE-2025-46805-socket.c-don-t-send-signals-with-.patch
    diff -Nru screen-4.9.1/debian/rules screen-4.9.1/debian/rules
    --- screen-4.9.1/debian/rules 2021-08-05 15:30:52.000000000 +0200
    +++ screen-4.9.1/debian/rules 2025-05-16 17:46:51.000000000 +0200
    @@ -17,7 +17,7 @@
    TTYGROUP := 5
    # Common configure options for .deb and .udeb
    SCREEN_CONFIGURE=--with-socket-dir