mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

screen: patch CVE-2025-46805

Browse Source 
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/screen/patch/?id=aa9f51f996a22470b8461d2b6a32e62c7ec30ed5
Upstream commit https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4]

(From OE-Core rev: 69dd9b16fbd18a1a960887ee9479a2e731b5a184)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Ashish Sharma
2025-05-30 09:57:17 +05:30
committed by Steve Sakoman
parent d56536a618
commit f8d52ece40
2 changed files with 102 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
meta/recipes-extended/screen/screen/CVE-2025-46805.patch Normal file
View File

@@ -0,0 +1,101 @@
From aa9f51f996a22470b8461d2b6a32e62c7ec30ed5 Mon Sep 17 00:00:00 2001
From: Axel Beckert <abe@debian.org>
Date: Mon, 19 May 2025 00:42:42 +0200
Subject: fix CVE-2025-46805: socket.c - don't send signals with root
Gbp-Pq: fix-CVE-2025-46805-socket.c-don-t-send-signals-with-.patch.
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/screen/patch/?id=aa9f51f996a22470b8461d2b6a32e62c7ec30ed5
Upstream commit https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4]
CVE: CVE-2025-46805
Signed-off-by: Ashish Sharma <asharma@mvista.com>
socket.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/socket.c b/socket.c
index e268e3d..11b5e59 100644
--- a/socket.c
+++ b/socket.c
@@ -832,6 +832,11 @@ int pid;
return UserStatus();
}
+static void KillUnpriv(pid_t pid, int sig) {
+ UserContext();
+ UserReturn(kill(pid, sig));
+}
+
#ifdef hpux
/*
* From: "F. K. Bruner" <napalm@ugcs.caltech.edu>
@@ -917,14 +922,14 @@ struct win *wi;
{
Msg(errno, "Could not perform necessary sanity checks on pts device.");
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
if (strcmp(ttyname_in_ns, m->m_tty))
{
Msg(errno, "Attach: passed fd does not match tty: %s - %s!", ttyname_in_ns, m->m_tty[0] != '\0' ? m->m_tty : "(null)");
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
/* m->m_tty so far contains the actual name of the pts device in the
@@ -941,19 +946,19 @@ struct win *wi;
{
Msg(errno, "Attach: passed fd does not match tty: %s - %s!", m->m_tty, myttyname ? myttyname : "NULL");
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
}
else if ((i = secopen(m->m_tty, O_RDWR | O_NONBLOCK, 0)) < 0)
{
Msg(errno, "Attach: Could not open %s!", m->m_tty);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
return -1;
}
#ifdef MULTIUSER
if (attach)
- Kill(pid, SIGCONT);
+ KillUnpriv(pid, SIGCONT);
#endif
#if defined(ultrix) || defined(pyr) || defined(NeXT)
@@ -966,7 +971,7 @@ struct win *wi;
{
write(i, "Attaching from inside of screen?\n", 33);
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
Msg(0, "Attach msg ignored: coming from inside.");
return -1;
}
@@ -977,7 +982,7 @@ struct win *wi;
{
write(i, "Access to session denied.\n", 26);
close(i);
- Kill(pid, SIG_BYE);
+ KillUnpriv(pid, SIG_BYE);
Msg(0, "Attach: access denied for user %s.", user);
return -1;
}
@@ -1295,7 +1300,7 @@ ReceiveMsg()
Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
}
else {
- Kill(m.m.command.apid,
+ KillUnpriv(m.m.command.apid,
(queryflag >= 0)
? SIGCONT
: SIG_BYE); /* Send SIG_BYE if an error happened */
--
cgit v1.2.3

1
meta/recipes-extended/screen/screen_4.9.1.bb
View File

@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
file://0002-comm.h-now-depends-on-term.h.patch \
file://0001-fix-for-multijob-build.patch \
file://0001-Remove-more-compatibility-stuff.patch \
file://CVE-2025-46805.patch \
"
SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69"