[gentoo-commits] repo/gentoo:master commit in: app-misc/screen/files/, app-misc/screen/

["Sven Wegener" <swegener@gentoo.org>]

commit:     3673b1b7cfa56d2e8f5ebc4de3d028774f331c52
Author:     Sven Wegener <swegener <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 24 19:21:31 2021 +0000
Commit:     Sven Wegener <swegener <AT> gentoo <DOT> org>
CommitDate: Wed Feb 24 19:25:15 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3673b1b7

app-misc/screen: Revision bump, security bug #769770

Bug: https://bugs.gentoo.org/769770
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Sven Wegener <swegener <AT> gentoo.org>

 app-misc/screen/files/screen-CVE-2021-26937.patch |  61 +++++++++
 app-misc/screen/screen-4.8.0-r2.ebuild            | 159 ++++++++++++++++++++++
 2 files changed, 220 insertions(+)

diff --git a/app-misc/screen/files/screen-CVE-2021-26937.patch b/app-misc/screen/files/screen-CVE-2021-26937.patch
new file mode 100644
index 00000000000..9556278274e
--- /dev/null
+++ b/app-misc/screen/files/screen-CVE-2021-26937.patch
@@ -0,0 +1,61 @@
+ encoding.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git i/encoding.c w/encoding.c
+index e5db3e7..79f5d14 100644
+--- i/encoding.c
++++ w/encoding.c
+@@ -43,7 +43,7 @@ static int  encmatch __P((char *, char *));
+ # ifdef UTF8
+ static int   recode_char __P((int, int, int));
+ static int   recode_char_to_encoding __P((int, int));
+-static void  comb_tofront __P((int, int));
++static void  comb_tofront __P((int));
+ #  ifdef DW_CHARS
+ static int   recode_char_dw __P((int, int *, int, int));
+ static int   recode_char_dw_to_encoding __P((int, int *, int));
+@@ -1263,6 +1263,8 @@ int c;
+     {0x30000, 0x3FFFD},
+   };
+ 
++  if (c >= 0xdf00 && c <= 0xdfff)
++    return 1;          /* dw combining sequence */
+   return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
+           (cjkwidth &&
+            bisearch(c, ambiguous,
+@@ -1330,11 +1332,12 @@ int c;
+ }
+ 
+ static void
+-comb_tofront(root, i)
+-int root, i;
++comb_tofront(i)
++int i;
+ {
+   for (;;)
+     {
++      int root = i >= 0x700 ? 0x801 : 0x800;
+       debug1("bring to front: %x\n", i);
+       combchars[combchars[i]->prev]->next = combchars[i]->next;
+       combchars[combchars[i]->next]->prev = combchars[i]->prev;
+@@ -1396,9 +1399,9 @@ struct mchar *mc;
+     {
+       /* full, recycle old entry */
+       if (c1 >= 0xd800 && c1 < 0xe000)
+-        comb_tofront(root, c1 - 0xd800);
++        comb_tofront(c1 - 0xd800);
+       i = combchars[root]->prev;
+-      if (c1 == i + 0xd800)
++      if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
+ 	{
+ 	  /* completely full, can't recycle */
+ 	  debug("utf8_handle_comp: completely full!\n");
+@@ -1422,7 +1425,7 @@ struct mchar *mc;
+   mc->font  = (i >> 8) + 0xd8;
+   mc->fontx = 0;
+   debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+-  comb_tofront(root, i);
++  comb_tofront(i);
+ }
+ 
+ #else /* !UTF8 */

diff --git a/app-misc/screen/screen-4.8.0-r2.ebuild b/app-misc/screen/screen-4.8.0-r2.ebuild
new file mode 100644
index 00000000000..e5fef8fffea
--- /dev/null
+++ b/app-misc/screen/screen-4.8.0-r2.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic pam tmpfiles toolchain-funcs
+
+DESCRIPTION="screen manager with VT100/ANSI terminal emulation"
+HOMEPAGE="https://www.gnu.org/software/screen/"
+
+if [[ "${PV}" != 9999 ]] ; then
+	SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+else
+	inherit git-r3
+	EGIT_REPO_URI="https://git.savannah.gnu.org/git/screen.git"
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}" # needed for setting S later on
+	S="${WORKDIR}"/${P}/src
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug nethack pam selinux multiuser"
+
+CDEPEND="
+	>=sys-libs/ncurses-5.2:0=
+	pam? ( sys-libs/pam )"
+RDEPEND="${CDEPEND}
+	acct-group/utmp
+	selinux? ( sec-policy/selinux-screen )"
+DEPEND="${CDEPEND}
+	sys-apps/texinfo"
+
+PATCHES=(
+	# Don't use utempter even if it is found on the system.
+	"${FILESDIR}"/${PN}-4.3.0-no-utempter.patch
+	"${FILESDIR}"/${PN}-4.6.2-utmp-exit.patch
+	"${FILESDIR}"/${PN}-CVE-2021-26937.patch
+)
+
+src_prepare() {
+	default
+
+	# sched.h is a system header and causes problems with some C libraries
+	mv sched.h _sched.h || die
+	sed -i '/include/ s:sched.h:_sched.h:' screen.h || die
+
+	# Fix manpage.
+	sed -i \
+		-e "s:/usr/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \
+		-e "s:/usr/local/screens:${EPREFIX}/tmp/screen:g" \
+		-e "s:/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \
+		-e "s:/etc/utmp:${EPREFIX}/var/run/utmp:g" \
+		-e "s:/local/screens/S\\\-:${EPREFIX}/tmp/screen/S\\\-:g" \
+		doc/screen.1 || die
+
+	if [[ ${CHOST} == *-darwin* ]] || use elibc_musl ; then
+		sed -i -e '/^#define UTMPOK/s/define/undef/' acconfig.h || die
+	fi
+
+	# disable musl dummy headers for utmp[x]
+	use elibc_musl && append-cppflags "-D_UTMP_H -D_UTMPX_H"
+
+	# reconfigure
+	eautoreconf
+}
+
+src_configure() {
+	append-cppflags "-DMAXWIN=${MAX_SCREEN_WINDOWS:-100}"
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# enable msg_header by upping the feature standard compatible
+		# with c99 mode
+		append-cppflags -D_XOPEN_SOURCE=600
+	fi
+
+	use nethack || append-cppflags "-DNONETHACK"
+	use debug && append-cppflags "-DDEBUG"
+
+	local myeconfargs=(
+		--with-socket-dir="${EPREFIX}/tmp/${PN}"
+		--with-sys-screenrc="${EPREFIX}/etc/screenrc"
+		--with-pty-mode=0620
+		--with-pty-group=5
+		--enable-rxvt_osc
+		--enable-telnet
+		--enable-colors256
+		$(use_enable pam)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	LC_ALL=POSIX emake comm.h term.h
+	emake osdef.h
+
+	emake -C doc screen.info
+	default
+}
+
+src_install() {
+	local DOCS=(
+		README ChangeLog INSTALL TODO NEWS* patchlevel.h
+		doc/{FAQ,README.DOTSCREEN,fdpat.ps,window_to_display.ps}
+	)
+
+	emake DESTDIR="${D}" SCREEN="${P}" install
+
+	local tmpfiles_perms tmpfiles_group
+
+	if use multiuser || use prefix ; then
+		fperms 4755 /usr/bin/${P}
+		tmpfiles_perms="0755"
+		tmpfiles_group="root"
+	else
+		fowners root:utmp /usr/bin/${P}
+		fperms 2755 /usr/bin/${P}
+		tmpfiles_perms="0775"
+		tmpfiles_group="utmp"
+	fi
+
+	newtmpfiles - screen.conf <<<"d /tmp/screen ${tmpfiles_perms} root ${tmpfiles_group}"
+
+	insinto /usr/share/${PN}
+	doins terminfo/{screencap,screeninfo.src}
+
+	insinto /etc
+	doins "${FILESDIR}"/screenrc
+
+	if use pam; then
+		pamd_mimic_system screen auth
+	fi
+
+	dodoc "${DOCS[@]}"
+}
+
+pkg_postinst() {
+	if [[ -z ${REPLACING_VERSIONS} ]]
+	then
+		elog "Some dangerous key bindings have been removed or changed to more safe values."
+		elog "We enable some xterm hacks in our default screenrc, which might break some"
+		elog "applications. Please check /etc/screenrc for information on these changes."
+	fi
+
+	# Add /tmp/screen in case it doesn't exist yet. This should solve
+	# problems like bug #508634 where tmpfiles.d isn't in effect.
+	local rundir="${EROOT}/tmp/${PN}"
+	if [[ ! -d ${rundir} ]] ; then
+		if use multiuser || use prefix ; then
+			tmpfiles_group="root"
+		else
+			tmpfiles_group="utmp"
+		fi
+		mkdir -m 0775 "${rundir}"
+		chgrp ${tmpfiles_group} "${rundir}"
+	fi
+
+	ewarn "This revision changes the screen socket location to ${rundir}"
+}