[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#858403: marked as done (unblock: screen/4.5.0-4 (pre-approval))



Your message dated Wed, 29 Mar 2017 22:56:53 +0200
with message-id <20170329205651.GA7510@ugent.be>
and subject line Re: Bug#858403: unblock: screen/4.5.0-4 (pre-approval)
has caused the Debian Bug report #858403,
regarding unblock: screen/4.5.0-4 (pre-approval)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
858403: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858403
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

In the Debian Installer https://bugs.debian.org/857808 popped up and
Samuel Thibault found a patch for a workaround. See the upstream bug
at https://savannah.gnu.org/bugs/?50588 for an explanation how the
patch works.

I've prepared, but not yet uploaded version 4.5.0-4 of Debian's screen
package to address this. The package is prepared in the branch
"stretch":
https://anonscm.debian.org/cgit/collab-maint/screen.git/log/?h=stretch

Here's the current git diff between the package in Testing and the
stretch branch as I plan to upload the package:

diff --git a/debian/changelog b/debian/changelog
index 2f87ccd..36227ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,17 @@
+screen (4.5.0-4) unstable; urgency=low
+
+  * Add CVE-ID to previous changelog entry and
+    62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch.
+  * Apply patch by Samuel Thibault to fix terminal garbage in Debian
+    Installer over serial line. (Closes: #857808)
+
+ -- Axel Beckert <abe@debian.org>  Wed, 22 Mar 2017 01:13:07 +0100
+
 screen (4.5.0-3) unstable; urgency=medium
 
   * Add patch to revert upstream commit 5460f5d2 ("adding permissions
     check for the logfile name") which caused a privilege escalation.
-    (Closes: #852484)
+    (CVE-2017-5618, Closes: #852484)
 
  -- Axel Beckert <abe@debian.org>  Tue, 24 Jan 2017 22:57:44 +0100
 
diff --git a/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch b/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
index 32c6c61..0f62702 100644
--- a/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
+++ b/debian/patches/62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
@@ -1,7 +1,7 @@
-Description: Fix privilege escalation by reverting upstream commit 5460f5d2
+Description: [CVE-2017-5618] Fix privilege escalation by reverting upstream commit 5460f5d2
 Author: Axel Beckert <abe@debian.org>
 Bug-Debian: https://bugs.debian.org/852484
-Bug-CVE: http://www.openwall.com/lists/oss-security/2017/01/24/10
+Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5618
 Bug: https://savannah.gnu.org/bugs/?50142
      https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
 
diff --git a/debian/patches/63-fix-garbage-on-serial-terminal.patch b/debian/patches/63-fix-garbage-on-serial-terminal.patch
new file mode 100644
index 0000000..62a149a
--- /dev/null
+++ b/debian/patches/63-fix-garbage-on-serial-terminal.patch
@@ -0,0 +1,17 @@
+Description: Fix terminal garbage in Debian Installer over serial line
+Author: Samuel Thibault <sthibault@debian.org>
+Reviewed-By: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+Bug-Debian: https://bugs.debian.org/857808
+Bug: https://savannah.gnu.org/bugs/?50588
+
+--- a/termcap.c
++++ b/termcap.c
+@@ -486,6 +486,8 @@
+ 
+   D_tcinited = 1;
+   MakeTermcap(0);
++  /* Make sure libterm uses external term properties for our tputs() calls.  */
++  e_tgetent(tbuf, D_termname);
+ #ifdef MAPKEYS
+   CheckEscape();
+ #endif
diff --git a/debian/patches/series b/debian/patches/series
index f68461c..7c90770 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,7 @@
 61-default-PATH_MAX-if-undefined-for-hurd.patch
 62-reverse-cherry-pick-5460f5d2-to-fix-privilege-escalation.patch
 # 80-99: experimental patches, new features etc.
+63-fix-garbage-on-serial-terminal.patch
 80_session_creation_docs.patch
 81_session_creation_util.patch
 82_session_creation_core.patch

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

--- End Message ---
--- Begin Message ---
Hi,

On Tue, Mar 28, 2017 at 11:28:18PM +0200, Cyril Brulebois wrote:
> Ivo De Decker <ivodd@debian.org> (2017-03-25):
> > Unblocked. This needs an unblock-udeb as well. Cc'ing Kibi for that.
> > Full diff quoted below.
> 
> No objections, thanks.

Added unblock-udeb as well.

Cheers,

Ivo

--- End Message ---

Reply to: