diff mbox series

[master,walnascar,1/1] screen: update 5.0.0 -> 5.0.1

Message ID 20250530115209.2077098-1-divya.chellam@windriver.com
State New
Headers show
Series [master,walnascar,1/1] screen: update 5.0.0 -> 5.0.1 | expand

Commit Message

dchellam May 30, 2025, 11:52 a.m. UTC 
From: Divya Chellam <divya.chellam@windriver.com>

This includes CVE-fix for CVE-2025-46805, CVE-2025-46804,
CVE-2025-46803, CVE-2025-46802 and CVE-2025-23395.

Changelog:
=========
https://cgit.git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.5.0.1

* Fixes:
	- CVE-2025-46805: do NOT send signals with root privileges
	- CVE-2025-46804: avoid file existence test information leaks
	- CVE-2025-46803: apply safe PTY default mode of 0620
	- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
	- CVE-2025-23395: reintroduce lf_secreopen() for logfile
	- buffer overflow due bad strncpy()
	- uninitialized variables warnings
	- typos
	- combining char handling that could lead to a segfault

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
 .../screen/{screen_5.0.0.bb => screen_5.0.1.bb}                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-extended/screen/{screen_5.0.0.bb => screen_5.0.1.bb} (95%)

Comments

dchellam July 8, 2025, 10:15 a.m. UTC | #1 
Hi,

Gentle reminder that the patch I have submitted on May 30th hasn't been merged yet.
Please let me know if anything is blocking it or if any changes are needed.

Thanks,
Divya Chellam.
diff mbox series

Patch

diff --git a/meta/recipes-extended/screen/screen_5.0.0.bb b/meta/recipes-extended/screen/screen_5.0.1.bb
similarity index 95%
rename from meta/recipes-extended/screen/screen_5.0.0.bb
rename to meta/recipes-extended/screen/screen_5.0.1.bb
index fec5663fc2..69f4098519 100644
--- a/meta/recipes-extended/screen/screen_5.0.0.bb
+++ b/meta/recipes-extended/screen/screen_5.0.1.bb
@@ -20,7 +20,7 @@  SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \
            "
 
-SRC_URI[sha256sum] = "f04a39d00a0e5c7c86a55338808903082ad5df4d73df1a2fd3425976aed94971"
+SRC_URI[sha256sum] = "2dae36f4db379ffcd14b691596ba6ec18ac3a9e22bc47ac239789ab58409869d"
 
 inherit autotools-brokensep texinfo