app-misc/screen: Patch sources to mitigate a stack overflow. Fixes security bug 559394.

Package-Manager: portage-2.2.18
Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

2 files changed, 191 insertions, 0 deletions

diff --git a/app-misc/screen/files/screen-4.3.1-ansi.c.patch b/app-misc/screen/files/screen-4.3.1-ansi.c.patch
new file mode 100644
index 000000000000..8dca52d463e4
--- /dev/null
+++ b/app-misc/screen/files/screen-4.3.1-ansi.c.patch
@@ -0,0 +1,37 @@
+--- ansi.c.orig	2015-09-15 22:55:48.274486000 +0000
++++ ansi.c	2015-09-15 22:59:14.368486000 +0000
+@@ -2502,13 +2502,13 @@
+     return;
+   if (n > 0)
+     {
++      if (ye - ys + 1 < n)
++	n = ye - ys + 1;
+       if (n > 256)
+ 	{
+ 	  MScrollV(p, n - 256, ys, ye, bce);
+ 	  n = 256;
+ 	}
+-      if (ye - ys + 1 < n)
+-	n = ye - ys + 1;
+ #ifdef COPY_PASTE
+       if (compacthist)
+ 	{
+@@ -2562,15 +2562,14 @@
+     }
+   else
+     {
++      n = -n;
++      if (ye - ys + 1 < n)
++	n = ye - ys + 1;
+       if (n < -256)
+ 	{
+ 	  MScrollV(p, n + 256, ys, ye, bce);
+ 	  n = -256;
+ 	}
+-      n = -n;
+-      if (ye - ys + 1 < n)
+-	n = ye - ys + 1;
+-
+       ml = p->w_mlines + ye;
+       /* Clear lines */
+       for (i = ye; i > ye - n; i--, ml--)
diff --git a/app-misc/screen/screen-4.3.1-r1.ebuild b/app-misc/screen/screen-4.3.1-r1.ebuild
new file mode 100644
index 000000000000..cb859368bbb2
--- /dev/null
+++ b/app-misc/screen/screen-4.3.1-r1.ebuild
@@ -0,0 +1,154 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools eutils flag-o-matic pam toolchain-funcs user
+
+DESCRIPTION="Full-screen window manager that multiplexes physical terminals between several processes"
+HOMEPAGE="https://www.gnu.org/software/screen/"
+SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~hppa-hpux ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="debug nethack pam selinux multiuser"
+
+CDEPEND="
+	>=sys-libs/ncurses-5.2:0=
+	pam? ( virtual/pam )"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-screen )"
+DEPEND="${CDEPEND}
+	sys-apps/texinfo"
+
+# Patches:
+# - Don't use utempter even if it is found on the system.
+# - Bug 559394.
+PATCHES=(
+	"${FILESDIR}"/${PN}-4.3.0-no-utempter.patch
+	"${FILESDIR}"/${PN}-4.3.1-ansi.c.patch
+)
+
+pkg_setup() {
+	# Make sure utmp group exists, as it's used later on.
+	enewgroup utmp 406
+}
+
+src_prepare() {
+	# Apply patches.
+	epatch "${PATCHES[@]}"
+
+	# sched.h is a system header and causes problems with some C libraries
+	mv sched.h _sched.h || die
+	sed -i '/include/ s:sched.h:_sched.h:' screen.h || die
+
+	# Fix manpage.
+	sed -i \
+		-e "s:/usr/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \
+		-e "s:/usr/local/screens:${EPREFIX}/tmp/screen:g" \
+		-e "s:/local/etc/screenrc:${EPREFIX}/etc/screenrc:g" \
+		-e "s:/etc/utmp:${EPREFIX}/var/run/utmp:g" \
+		-e "s:/local/screens/S-:${EPREFIX}/tmp/screen/S-:g" \
+		doc/screen.1 \
+		|| die
+
+	# reconfigure
+	eautoreconf
+}
+
+src_configure() {
+	append-cppflags "-DMAXWIN=${MAX_SCREEN_WINDOWS:-100}"
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# https://lists.gnu.org/archive/html/screen-devel/2014-04/msg00095.html
+		append-cppflags -D_XOPEN_SOURCE \
+			-D_XOPEN_SOURCE_EXTENDED=1 \
+			-D__EXTENSIONS__
+		append-libs -lsocket -lnsl
+	fi
+
+	use nethack || append-cppflags "-DNONETHACK"
+	use debug && append-cppflags "-DDEBUG"
+
+	econf \
+		--with-socket-dir="${EPREFIX}/tmp/screen" \
+		--with-sys-screenrc="${EPREFIX}/etc/screenrc" \
+		--with-pty-mode=0620 \
+		--with-pty-group=5 \
+		--enable-rxvt_osc \
+		--enable-telnet \
+		--enable-colors256 \
+		$(use_enable pam)
+}
+
+src_compile() {
+	LC_ALL=POSIX emake comm.h term.h
+	emake osdef.h
+
+	emake -C doc screen.info
+	default
+}
+
+src_install() {
+	local tmpfiles_perms tmpfiles_group
+
+	dobin screen
+
+	if use multiuser || use prefix
+	then
+		fperms 4755 /usr/bin/screen
+		tmpfiles_perms="0755"
+		tmpfiles_group="root"
+	else
+		fowners root:utmp /usr/bin/screen
+		fperms 2755 /usr/bin/screen
+		tmpfiles_perms="0775"
+		tmpfiles_group="utmp"
+	fi
+
+	dodir /etc/tmpfiles.d
+	echo "d /tmp/screen ${tmpfiles_perms} root ${tmpfiles_group}" \
+		> "${ED}"/etc/tmpfiles.d/screen.conf
+
+	insinto /usr/share/screen
+	doins terminfo/{screencap,screeninfo.src}
+	insinto /usr/share/screen/utf8encodings
+	doins utf8encodings/??
+	insinto /etc
+	doins "${FILESDIR}"/screenrc
+
+	pamd_mimic_system screen auth
+
+	dodoc \
+		README ChangeLog INSTALL TODO NEWS* patchlevel.h \
+		doc/{FAQ,README.DOTSCREEN,fdpat.ps,window_to_display.ps}
+
+	doman doc/screen.1
+	doinfo doc/screen.info
+}
+
+pkg_postinst() {
+	if [[ -z ${REPLACING_VERSIONS} ]]
+	then
+		elog "Some dangerous key bindings have been removed or changed to more safe values."
+		elog "We enable some xterm hacks in our default screenrc, which might break some"
+		elog "applications. Please check /etc/screenrc for information on these changes."
+	fi
+
+	# Add /tmp/screen in case it doesn't exist yet. This should solve
+	# problems like bug #508634 where tmpfiles.d isn't in effect.
+	local rundir="${EROOT%/}/tmp/screen"
+	if [[ ! -d ${rundir} ]] ; then
+		if use multiuser || use prefix ; then
+			tmpfiles_group="root"
+		else
+			tmpfiles_group="utmp"
+		fi
+		mkdir -m 0775 "${rundir}"
+		chgrp ${tmpfiles_group} "${rundir}"
+	fi
+
+	ewarn "This revision changes the screen socket location to ${rundir}"
+}