Upgrade screen 4.9.0 -> 4.9.1 to address CVE-2023-24626 (#6147)

- screen: refresh patches
- screen: lint spec

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

SPECS-EXTENDED/screen/screen-4.3.1-crypt.patch

@@ -1,15 +1,35 @@
-check crypt output (rhbz#815605)
+From de1b63fabfb353f24910da2673e348c731c623b5 Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <falakreyaz@gmail.com>
+Date: Sat, 2 Sep 2023 10:32:36 +0530
+Subject: [PATCH 5/5] check crypt output (rhbz#815605)
+
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ misc.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
 
 diff --git a/misc.c b/misc.c
-index 2022a06..235c82f 100644
+index 95093a9..bd5a050 100644
 --- a/misc.c
 +++ b/misc.c
-@@ -57,6 +57,8 @@ register const char *str;
+@@ -68,11 +68,13 @@ SaveStr(register const char *str)
+ char *
+ SaveStrn(register const char *str, int n)
  {
-   register char *cp;
+-	register char *cp;
++  register char *cp;
  
+-	if ((cp = malloc(n + 1)) == NULL)
+-		Panic(0, "%s", strnomem);
+-	else {
 +  if(str == NULL)
 +    Panic(0, "SaveStr() received NULL - possibly failed crypt()");
-   if ((cp = malloc(strlen(str) + 1)) == NULL)
-     Panic(0, "%s", strnomem);
-   else
++  if ((cp = malloc(strlen(str) + 1)) == NULL)
++    Panic(0, "%s", strnomem);
++  else {
+ 		bcopy((char *)str, cp, n);
+ 		cp[n] = 0;
+ 	}
+-- 
+2.40.1
+

SPECS-EXTENDED/screen/screen-4.3.1-libs.patch

@@ -1,8 +1,18 @@
+From 6ec99107916b9d7b6486ea5fadbd8071eef1388f Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <falakreyaz@gmail.com>
+Date: Sat, 2 Sep 2023 10:26:24 +0530
+Subject: [PATCH 1/5] patch1
+
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ configure.ac | 18 +++++-------------
+ 1 file changed, 5 insertions(+), 13 deletions(-)
+
 diff --git a/configure.ac b/configure.ac
-index c0f02df..b76c8f5 100644
+index 1a12c04..5b3a883 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -188,7 +188,8 @@ AC_EGREP_CPP(yes,
+@@ -189,7 +189,8 @@ AC_EGREP_CPP(yes,
  ], AC_NOTE(- you have a SVR4 system) AC_DEFINE(SVR4) svr4=1)
  if test -n "$svr4" ; then
  oldlibs="$LIBS"
@@ -10,17 +20,20 @@ index c0f02df..b76c8f5 100644
 +# Humm we don't actually need to link against libelf for Linux
 +LIBS="$LIBS"
  AC_CHECKING(SVR4)
- AC_TRY_LINK([#include <utmpx.h>
+ AC_TRY_LINK([
+     #include <utmpx.h>
+@@ -669,17 +670,13 @@ AC_TRY_LINK([
+     tgetent((char *)0, (char *)0);
  ],,
-@@ -626,14 +627,10 @@ dnl
- AC_CHECKING(for tgetent)
- AC_TRY_LINK(,tgetent((char *)0, (char *)0);,,
  olibs="$LIBS"
 -LIBS="-lcurses $olibs"
 -AC_CHECKING(libcurses)
 +LIBS="-ltinfo $olibs"
 +AC_CHECKING(libtinfo)
- AC_TRY_LINK(,[
+ AC_TRY_LINK([
+     #include <curses.h>
+     #include <term.h>
+ ],[
 -#ifdef __hpux
 -__sorry_hpux_libcurses_is_totally_broken_in_10_10();
 -#else
@@ -29,16 +42,16 @@ index c0f02df..b76c8f5 100644
  ],,
  LIBS="-ltermcap $olibs"
  AC_CHECKING(libtermcap)
-@@ -658,7 +655,7 @@ AC_MSG_ERROR(!!! no tgetent - no screen)))))))))
- AC_TRY_RUN([
+@@ -739,7 +736,7 @@ AC_TRY_RUN([
+ int
  main()
  {
-- exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
+- return(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
 +    return 1;
  }], AC_NOTE(- you use the termcap database),
  AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO),
  AC_NOTE(- skipping check because we are cross compiling; assuming terminfo database is used) AC_DEFINE(TERMINFO))
-@@ -864,11 +861,6 @@ fi
+@@ -953,11 +950,6 @@ fi
  dnl
  dnl    ****  loadav  ****
  dnl
@@ -49,4 +62,8 @@ index c0f02df..b76c8f5 100644
 -fi
  
  AC_CHECKING(getloadavg)
- AC_TRY_LINK(,[getloadavg((double *)0, 0);],
+ AC_TRY_LINK([
+-- 
+2.40.1
+
+

SPECS-EXTENDED/screen/screen-4.3.1-screenrc.patch

@@ -1,6 +1,18 @@
-diff -up screen-4.0.3/etc/etcscreenrc.screenrc screen-4.0.3/etc/etcscreenrc
---- screen-4.0.3/etc/etcscreenrc.screenrc	2003-12-05 14:46:13.000000000 +0100
-+++ screen-4.0.3/etc/etcscreenrc	2009-09-25 14:20:31.000000000 +0200
+From 6470f541ed0877c0f82d59da351e636cfdf94c74 Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <falakreyaz@gmail.com>
+Date: Sat, 2 Sep 2023 10:27:42 +0530
+Subject: [PATCH 2/5] patch2
+
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ etc/etcscreenrc | 12 ++++-----
+ etc/screenrc    | 65 +++++++++++++------------------------------------
+ 2 files changed, 23 insertions(+), 54 deletions(-)
+
+diff --git a/etc/etcscreenrc b/etc/etcscreenrc
+index a51d64a..9235e27 100644
+--- a/etc/etcscreenrc
++++ b/etc/etcscreenrc
 @@ -36,8 +36,8 @@ vbell_msg "   Wuff  ----  Wuff!!  "
  # IC    insert multiple chars
  # nx    terminal uses xon/xoff
@@ -12,7 +24,7 @@ diff -up screen-4.0.3/etc/etcscreenrc.screenrc screen-4.0.3/etc/etcscreenrc
  
  #the vt100 description does not mention "dl". *sigh*
  termcap  vt100 dl=5\E[M
-@@ -55,15 +55,15 @@ terminfo sun 'up=^K:AL=\E[%p1%dL:DL=\E[%
+@@ -55,15 +55,15 @@ terminfo sun 'up=^K:AL=\E[%p1%dL:DL=\E[%p1%dM:UP=\E[%p1%dA:DO=\E[%p1%dB:LE=\E[%p
  #xterm understands both im/ic and doesn't have a status line.
  #Note: Do not specify im and ic in the real termcap/info file as
  #some programs (e.g. vi) will (no,no, may (jw)) not work anymore.
@@ -32,9 +44,10 @@ diff -up screen-4.0.3/etc/etcscreenrc.screenrc screen-4.0.3/etc/etcscreenrc
  
  #
  # Do not use xterms alternate window buffer. 
-diff -up screen-4.0.3/etc/screenrc.screenrc screen-4.0.3/etc/screenrc
---- screen-4.0.3/etc/screenrc.screenrc	2006-10-23 15:06:32.000000000 +0200
-+++ screen-4.0.3/etc/screenrc	2009-09-25 14:31:30.000000000 +0200
+diff --git a/etc/screenrc b/etc/screenrc
+index ca6561d..2dffb38 100644
+--- a/etc/screenrc
++++ b/etc/screenrc
 @@ -1,21 +1,11 @@
 -#
 -# Example of a user's .screenrc file
@@ -155,3 +168,6 @@ diff -up screen-4.0.3/etc/screenrc.screenrc screen-4.0.3/etc/screenrc
  # bind = resize =
  # bind + resize +1
  # bind - resize -1
+-- 
+2.40.1
+

SPECS-EXTENDED/screen/screen-4.3.1-suppress_remap.patch

@@ -1,10 +1,17 @@
-Author: Loic Minier <lool@dooz.org>
-Description: Unbreak several useful keybindings.
+From 729f1df0fcf8165dfc557b00c06fd47e57955149 Mon Sep 17 00:00:00 2001
+From: Loic Minier <lool@dooz.org>
+Date: Sat, 2 Sep 2023 10:29:02 +0530
+Subject: [PATCH 4/5] Unbreak several useful keybindings.
 
 fix for nonworking ^a backspace (rhbz#708698)
 
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ termcap.c | 2 --
+ 1 file changed, 2 deletions(-)
+
 diff --git a/termcap.c b/termcap.c
-index 26cba62..ed9e838 100644
+index 26c8f5a..29684cf 100644
 --- a/termcap.c
 +++ b/termcap.c
 @@ -553,8 +553,6 @@ int map;
@@ -16,3 +23,6 @@ index 26cba62..ed9e838 100644
    if (map == 0 && domap)
      return 0;
    if (map && !domap)
+-- 
+2.40.1
+

SPECS-EXTENDED/screen/screen-4.9.0-braille.patch

@@ -1,12 +0,0 @@
-diff -urNp a/braille_tsi.c b/braille_tsi.c
---- a/braille_tsi.c	2022-03-08 13:31:31.054957126 +0100
-+++ b/braille_tsi.c	2022-03-08 13:32:02.888173116 +0100
-@@ -49,7 +49,7 @@ static int  tsi_line_type; /* indicates
- 
- static int  display_status_tsi __P((void));
- static int  write_line_tsi __P((char*, int, int));
--static void buttonpress_tsi __P((structkey2rc*));
-+static void buttonpress_tsi __P((struct key2rc*));
- static void buttonpress_navigator_40 __P((void));
- static void buttonpress_powerbraille_40 __P((void));
- static void buttonpress_powerbraille_80 __P((void));

SPECS-EXTENDED/screen/screen-E3.patch

@@ -1,15 +1,27 @@
-Clear scrollback buffer when locking terminal
+From 036bf692ea8c4e821a8af8bff8304e683c06ffa4 Mon Sep 17 00:00:00 2001
+From: Muhammad Falak R Wani <falakreyaz@gmail.com>
+Date: Sat, 2 Sep 2023 10:28:37 +0530
+Subject: [PATCH 3/5] Clear scrollback buffer when locking terminal
     
 Linux kernel 3.0 adds a new command to clear the scrollback buffer in
 the linux console. It's available in the ncurses terminfo entry as
 extended capability E3. This is useful to prevent an attacker to read
 content of a locked terminal via Shift-PgUp key.
 
+
+Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
+---
+ display.c | 6 ++++++
+ extern.h  | 1 +
+ screen.c  | 1 +
+ term.c    | 1 +
+ 4 files changed, 9 insertions(+)
+
 diff --git a/display.c b/display.c
-index d0ed6a4..7b534c0 100644
+index a1afbe6..1c56b3e 100644
 --- a/display.c
 +++ b/display.c
-@@ -4079,4 +4079,10 @@ char **cmdv;
+@@ -4080,4 +4080,10 @@ char **cmdv;
  
  #endif /* BLANKER_PRG */
  
@@ -33,10 +45,10 @@ index d4e57df..4564581 100644
  /* resize.c */
  extern int   ChangeWindowSize __P((struct win *, int, int, int));
 diff --git a/screen.c b/screen.c
-index 7dcb9af..c934d75 100644
+index 7653cd1..85d52ac 100644
 --- a/screen.c
 +++ b/screen.c
-@@ -1952,6 +1952,7 @@ void Detach(int mode)
+@@ -1970,6 +1970,7 @@ void Detach(int mode)
  
      case D_LOCK:
        ClearAll();
@@ -56,3 +68,6 @@ index c7a13c9..f49b3a7 100644
  
  /* initialise */
    { "is", T_STR  },
+-- 
+2.40.1
+

SPECS-EXTENDED/screen/screen.signatures.json

@@ -1,6 +1,6 @@
 {
   "Signatures": {
     "screen.pam": "0efded3536f5803b583f9101ced3d5e9987476c0cb3596fe19d8c8084553ba3f",
-    "screen-4.9.0.tar.gz": "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"
+    "screen-4.9.1.tar.gz": "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"
   }
 }

SPECS-EXTENDED/screen/screen.spec

@@ -1,29 +1,31 @@
-Vendor:         Microsoft Corporation
-Distribution:   Mariner
 %bcond_with multiuser
 %global _hardened_build 1
 
 Summary:        A screen manager that supports multiple logins on one terminal
 Name:           screen
-Version:        4.9.0
+Version:        4.9.1
 Release:        1%{?dist}
 License:        GPLv3+
-URL:            http://www.gnu.org/software/screen
-Requires(pre):  /usr/sbin/groupadd
-BuildRequires:  ncurses-devel pam-devel libutempter-devel autoconf texinfo
-BuildRequires:  automake gcc
-# for %%_tmpfilesdir macro
-BuildRequires:  systemd
-
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+URL:            https://www.gnu.org/software/screen
 Source0:        https://ftp.gnu.org/gnu/screen/screen-%{version}.tar.gz
 Source1:        screen.pam
-
 Patch1:         screen-4.3.1-libs.patch
 Patch2:         screen-4.3.1-screenrc.patch
 Patch3:         screen-E3.patch
 Patch4:         screen-4.3.1-suppress_remap.patch
 Patch5:         screen-4.3.1-crypt.patch
-Patch6:         screen-4.9.0-braille.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  gcc
+BuildRequires:  libutempter-devel
+BuildRequires:  ncurses-devel
+BuildRequires:  pam-devel
+# for %%_tmpfilesdir macro
+BuildRequires:  systemd
+BuildRequires:  texinfo
+Requires(pre):  %{_sbindir}/groupadd
 
 %description
 The screen utility allows you to have multiple logins on just one
@@ -34,7 +36,6 @@ login.
 Install the screen package if you need a screen manager that can
 support multiple logins on one terminal.
 
-
 %prep
 %autosetup -p1
 
@@ -55,7 +56,7 @@ autoreconf -i
 # We would like to have braille support.
 sed -i -e 's/.*#.*undef.*HAVE_BRAILLE.*/#define HAVE_BRAILLE 1/;' config.h
 
-sed -i -e 's/\(\/usr\)\?\/local\/etc/\/etc/g;' doc/screen.{1,texinfo}
+sed -i -e 's/\(\/usr\)\?\/local\%{_sysconfdir}/\%{_sysconfdir}/g;' doc/screen.{1,texinfo}
 
 for i in doc/screen.texinfo; do
     iconv -f iso8859-1 -t utf-8 < $i > $i.utf8 && mv -f ${i}{.utf8,}
@@ -67,23 +68,23 @@ rm -f doc/screen.info*
 make
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
-mv -f $RPM_BUILD_ROOT%{_bindir}/screen{-%{version},}
+make install DESTDIR=%{buildroot}
+mv -f %{buildroot}%{_bindir}/screen{-%{version},}
 
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
-install -m 0644 etc/etcscreenrc $RPM_BUILD_ROOT%{_sysconfdir}/screenrc
-cat etc/screenrc >> $RPM_BUILD_ROOT%{_sysconfdir}/screenrc
+mkdir -p %{buildroot}%{_sysconfdir}
+install -m 0644 etc/etcscreenrc %{buildroot}%{_sysconfdir}/screenrc
+cat etc/screenrc >> %{buildroot}%{_sysconfdir}/screenrc
 
 # Better not forget to copy the pam file around
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
-install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/screen
+mkdir -p %{buildroot}%{_sysconfdir}/pam.d
+install -p -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/screen
 
 # Create the socket dir
-mkdir -p $RPM_BUILD_ROOT%{_rundir}/screen
+mkdir -p %{buildroot}%{_rundir}/screen
 
 # And tell systemd to recreate it on start with tmpfs
-mkdir -p $RPM_BUILD_ROOT%{_tmpfilesdir}
-cat <<EOF > $RPM_BUILD_ROOT%{_tmpfilesdir}/screen.conf
+mkdir -p %{buildroot}%{_tmpfilesdir}
+cat <<EOF > %{buildroot}%{_tmpfilesdir}/screen.conf
 # screen needs directory in /run
 %if %{with multiuser}
 d %{_rundir}/screen 0755 root root
@@ -93,10 +94,10 @@ d %{_rundir}/screen 0775 root screen
 EOF
 
 # Remove files from the buildroot which we don't want packaged
-rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+rm -f %{buildroot}%{_infodir}/dir
 
 %pre
-/usr/sbin/groupadd -g 84 -r -f screen
+%{_sbindir}/groupadd -g 84 -r -f screen
 :
 
 %files
@@ -117,6 +118,10 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %endif
 
 %changelog
+* Thu Aug 31 2023 Muhammad Falak <mwani@microsoft.com> - 4.9.1-1
+- Upgrade version to adress CVE-2021-20230
+- Lint spec
+
 * Wed Nov 09 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 4.9.0-1
 - Auto-upgrade to 4.9.0 - CVE-2021-26937
 

cgmanifest.json

@@ -27335,8 +27335,8 @@
         "type": "other",
         "other": {
           "name": "screen",
-          "version": "4.9.0",
-          "downloadUrl": "https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz"
+          "version": "4.9.1",
+          "downloadUrl": "https://ftp.gnu.org/gnu/screen/screen-4.9.1.tar.gz"
         }
       }
     },