| Message ID | cover.1747250195.git.liliana.prikler@gmail.com |
|---|---|
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1F01727BC4B; Wed, 14 May 2025 20:28:29 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5E1AA27BC49 for <patchwork@mira.cbaines.net>; Wed, 14 May 2025 20:28:28 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1uFHlS-0008HA-Qk; Wed, 14 May 2025 15:27:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uFHe8-0004aC-0h for guix-patches@gnu.org; Wed, 14 May 2025 15:20:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uFHe7-0004is-JZ for guix-patches@gnu.org; Wed, 14 May 2025 15:20:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=; b=FUlxULfc8nv3duq/SD07GYS0rEqsq7Ij3NHn/bomuEZqanBns27eceAUNynvhEoaNbrLQU3g0gqYwd+c46pood8YzNPdZCp/cG/QI0rvJfldudS/u7RDOPv9Gm+14H/C+Q7uPc3NB30P7bn+ukkRchRfQLi7Jvb1y3cxOGICjDSNayMlJwyn1ky7U2IpyIA6o0qgnfeMpPtC80oA4eB+wimCwwbzCDpgmI2Ejf2WoToT6CSaqK5rWn+qshvpQJQ5xVXsWzexARgReHqLIYW04VRB9+/sfaQ95N+6VrIr8T3j9CDgWOAUWOfkwBJ4cR3WiqvzBiJS/TCQDaoAVvJ8XA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uFHe7-0002qS-47 for guix-patches@gnu.org; Wed, 14 May 2025 15:20:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78430] [PATCH 0/2] Fix vulnerabilities in GNU Screen Resent-From: Liliana Marie Prikler <liliana.prikler@gmail.com> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 14 May 2025 19:20:02 +0000 Resent-Message-ID: <handler.78430.B.174725038310737@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 78430 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78430@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.174725038310737 (code B ref -1); Wed, 14 May 2025 19:20:02 +0000 Received: (at submit) by debbugs.gnu.org; 14 May 2025 19:19:43 +0000 Received: from localhost ([127.0.0.1]:45475 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1uFHdl-0002mw-0p for submit@debbugs.gnu.org; Wed, 14 May 2025 15:19:42 -0400 Received: from lists.gnu.org ([2001:470:142::17]:39560) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <liliana.prikler@gmail.com>) id 1uFHde-0002kE-4o for submit@debbugs.gnu.org; Wed, 14 May 2025 15:19:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <liliana.prikler@gmail.com>) id 1uFHdM-0003so-Ud for guix-patches@gnu.org; Wed, 14 May 2025 15:19:18 -0400 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <liliana.prikler@gmail.com>) id 1uFHdJ-0004SR-24 for guix-patches@gnu.org; Wed, 14 May 2025 15:19:16 -0400 Received: by mail-wr1-x442.google.com with SMTP id ffacd0b85a97d-3a1fb18420aso128611f8f.1 for <guix-patches@gnu.org>; Wed, 14 May 2025 12:19:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747250350; x=1747855150; darn=gnu.org; h=to:content-transfer-encoding:mime-version:subject:date:from :message-id:from:to:cc:subject:date:message-id:reply-to; bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=; b=WsorUq6VBiI5ZnOCTMtGZs7mApTUKDV0EbFTuFItL6B9AVcYSAWxE0HrtJeGl0Wb4z fdTKtrLBE3NQSrD+jr26XRaJB06whzU6E8Y8IemfvlCTFkp+2rtrNY9hmfuXlo5X0anO z2wk+QCXyCZaBym6z0umN85KsL3FzdALBsw8H3+1jw8K6pUI3JAh+ryPdNytWpYtoxyg pfxN9jitDGu4dSNzVt2mC4U6JFDms4v31zYRZAZtrnJDM4InRQDL8oejwlr0QDdpW1FO 9wBH/whsIAO+aYHQItMa24GyvtRXG632DxpYrdpp2eQtpVJ+4AS7xhT4QUL6TQn0lvI5 MJ7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747250350; x=1747855150; h=to:content-transfer-encoding:mime-version:subject:date:from :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mTxJukJ8uwo6grN0aVwbWtF5qTpuc7fDV5yJxtZWV38=; b=WPkgOrjULGvVI3KlF+xF0aD7OzlMi8Zke2lA9oUqwriHmCcNaG1NfN3b/Xsj996sLY FJy0ZTi0WcVBw1FIe7L3qsEOAweTSSEGVjzK/bp/YqVnkKqQzckHoLUMKHsIHbJ5Oyo7 2j+iwAPga4o7LKoC6x1S1o2ndTrin8IJBnRvEAc7Wz9aZKqHqcQeUsCvCQaxgvJT8UI9 i9SOgD9vnu7GHKOqb8Pect9oA5tt9eEuTp5xv2vx3gpx8+bA4idCsZXzM7VElNeZgzH9 i1fniubDZJx3s+MeIrdGuS06s9qWq1Pca63nAvFtsj+8xhG2RTQbS6mwr0VK+2YXiW+x mjnA== X-Gm-Message-State: AOJu0Yy+v4eoDvOjvyixUzAznWg1LcCqWGNof5SrWhWjbQx1b8G5fkKN /wcGitpCBzQATSddlPFfYYVgSlo0JXmSm+5YISbkRzdBCyBd955NSzCEQOtA X-Gm-Gg: ASbGncuJ/lGXP/ZUacVywNcnBwVn9cpZF4xyUTZTkbqBtd0cv+v5DgwJ4HtWO0vfJCX CJ7gplYv4k5CDpbnCJ3Az+I9WxKFpAIcig7VZbvvCLVNJTtSalVNlSRCSnA9dPwKmxCpzBLuZcc dvpCEzWQUyIgOlRtCeJxqnIttsYE7TR4m+9CgNXeDeoz1to+n85iV1IzoXrQAIKF/kRp52jnNvg uK7TzdxRdEUmiy9gX2zwzzBvgpGXNK3VkQZIwuSYUxJSsv2k0IlK2yFAnhpd1ZazUvsGvqkpv9z 4imSFw6gZ4YxxtCi49CYulLrrHpb0XMfTQp0lgN6qhkDBjK2A1ey1Lzuob+6F5EDP3N6cf9avXs /Ub+OkCoSGVjNItFvkk20Z6YkIQ6uCVO2Dj6omg== X-Google-Smtp-Source: AGHT+IFRKR+PqphOd3OK2LrrMzeiBB2Hb2dynCtd2AGlhYXKwalHGr3WvuBdSRJCJH7S+qoylTSXYA== X-Received: by 2002:a5d:5848:0:b0:3a1:fdfd:8f9f with SMTP id ffacd0b85a97d-3a3496954edmr4394474f8f.1.1747250349658; Wed, 14 May 2025 12:19:09 -0700 (PDT) Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at. [85.127.114.32]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a1f58ebe00sm20918375f8f.38.2025.05.14.12.19.08 for <guix-patches@gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 May 2025 12:19:08 -0700 (PDT) Message-ID: <cover.1747250195.git.liliana.prikler@gmail.com> From: Liliana Marie Prikler <liliana.prikler@gmail.com> Date: Wed, 14 May 2025 21:16:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::442; envelope-from=liliana.prikler@gmail.com; helo=mail-wr1-x442.google.com X-Spam_score_int: 0 X-Spam_score: 0.0 X-Spam_bar: / X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MALFORMED_FREEMAIL=2.117, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_MXG_LOWER_HDR_SPAM=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
Fix vulnerabilities in GNU Screen
|
|
Message
Liliana Marie Prikler
May 14, 2025, 7:16 p.m. UTC
Hi Guix, as outlined in [1], the current version of GNU Screen packaged in Guix suffers from multiple vulnerabilities. This series first cleans up the package style and then applies the patches that fix them. Cheers [1] https://www.openwall.com/lists/oss-security/2025/05/12/1 Liliana Marie Prikler (2): gnu: screen: Use new package style. gnu: screen: Fix multiple CVEs. gnu/local.mk | 5 + .../patches/screen-fix-CVE-2025-233.patch | 137 ++++++++++++++++++ .../patches/screen-fix-CVE-2025-46802.patch | 113 +++++++++++++++ .../patches/screen-fix-CVE-2025-46804.patch | 130 +++++++++++++++++ .../patches/screen-fix-CVE-2025-46805.patch | 115 +++++++++++++++ .../patches/screen-fix-bad-strncpy.patch | 60 ++++++++ gnu/packages/screen.scm | 27 +++- 7 files changed, 579 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-233.patch create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46802.patch create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46804.patch create mode 100644 gnu/packages/patches/screen-fix-CVE-2025-46805.patch create mode 100644 gnu/packages/patches/screen-fix-bad-strncpy.patch base-commit: 5f5d84beccc180f1b51474c0e47eb6e0d0c9175f