CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2025/05/15 07:08:03
Modified files:
misc/screen : Makefile distinfo
misc/screen/patches: patch-doc_screen_1 patch-doc_screen_texinfo
Added files:
misc/screen/patches: patch-tests_mallocmock_c
Log message:
update to screen-5.0.1
our package was not installing screen setuid root (unlike some other OS)
so isn't particularly badly affected by the recently announced problems
but updating seems sensible anyway
from the upstream release notes:
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault
some ports fiddling required to clean the extracted distfile because the
upstream tarball includes configure-generated files and compiled objects.
