From 3246138ee2115f52f7b3f261e262c11697f317ad Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Tue, 24 Jan 2017 12:38:51 +0100 Subject: [PATCH] Revert "Merge pull request #275 update-screen-from-4.0.3-to-4.5.0" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit c671e7a66017f7d13c0fae546abc4af58dcb7cf5, reversing changes made to df88465092777c02efc9e7204855540644e83b9b. We suspect that screen-4.5.0-0 has a severe security bug: logiles specified by -L name seem to be opened as root: > buczek@sigusr2:~$ rm bla.bla > rm: cannot remove ‘bla.bla’: No such file or directory > buczek@sigusr2:~$ screen -L bla.bla -- echo hallo > [screen is terminating] > buczek@sigusr2:~$ cat bla.bla > hallo > buczek@sigusr2:~$ ls -l bla.bla > -rw-rw---- 1 root buczek 7 Jan 24 12:52 bla.bla > buczek@sigusr2:~$ We were able to overwrite /etc/passwd. So for now undo the merge until the issue is analyzed. --- screen.be0 => screen-4.0.3-1.bee | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) rename screen.be0 => screen-4.0.3-1.bee (75%) diff --git a/screen.be0 b/screen-4.0.3-1.bee similarity index 75% rename from screen.be0 rename to screen-4.0.3-1.bee index 19c21c08a..a251c74b8 100755 --- a/screen.be0 +++ b/screen-4.0.3-1.bee @@ -1,7 +1,5 @@ #!/usr/bin/env beesh -# BEE_VERSION screen-4.5.0-0 - ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.) @@ -9,13 +7,13 @@ ## The source URL(s) define the location of the sources that will be ## downloaded. Version variables may be used to simplify reuse of this bee-file. -SRCURL[0]="https://ftp.gnu.org/gnu/screen/screen-${PKGVERSION}.tar.gz" +SRCURL[0]="ftp://ftp.gnu.org/gnu/screen/screen-${PKGVERSION}.tar.gz" ############################################################################### ## Add URLs/pathes to patch files to the PATCHURL array. ## The sources will be patched in the order of the array. -# PATCHURL+=() +PATCHURL+=( http://vsp4sdl.yuggoth.org/wrp_vertical_split_0.3_4.0.2.diff.bz2 ) ############################################################################### ## Add filename patterns to the EXCLUDE array of files that should not @@ -30,15 +28,6 @@ SRCURL[0]="https://ftp.gnu.org/gnu/screen/screen-${PKGVERSION}.tar.gz" # build_in_sourcedir -############################################################################### -## bee cannot detect buildtypes specified in subdirectories. -## Sometimes packages "hide" the real sources in a subdirectory named -## 'src' or 'cmake' or .. -## use 'sourcesubdir_append' to specify this directory if known. - -# sourcesubdir_append src - - ############################################################################### ## Change the default (auto-detected) steps to ## extract, patch, configure/setup, build and install the software. @@ -53,12 +42,9 @@ SRCURL[0]="https://ftp.gnu.org/gnu/screen/screen-${PKGVERSION}.tar.gz" # bee_patch "${@}" #} -mee_configure() { - bee_configure \ - --with-socket-dir=/run/uscreens \ - --with-pty-group=5 \ - --with-sys-screenrc=/etc/screenrc -} +#mee_configure() { +# bee_configure +#} #mee_build() { # bee_build @@ -76,7 +62,7 @@ mee_configure() { ## The name of this bee-file should follow the following naming convention: ## pkgname-pkgversion-pkgrevision.bee ## -## You may remove all comments as long as SRCURL[0] is set. +## You may remove all comments as long as SRCURL[0]="" is set. ## ## Everything in this file will be executed in a bash environment. ##