Skip to content
Jump to bottom

Update GRU Screen from 4.0.3 to 4.5.0 #275

Merged
merged 2 commits into from
Jan 20, 2017
Merged

Update GRU Screen from 4.0.3 to 4.5.0 #275

merged 2 commits into from
Jan 20, 2017

Conversation

pmenzel
Copy link
Collaborator

@pmenzel pmenzel commented Jan 20, 2017

No description provided.

@pmenzel
screen: Update version from 4.0.3 to 4.5.0
0c791df 
Change-log [1][2]:

> Version 4.5.0 (17/01/2017)
>
> The 4.5.0 release is mostly a bugfix release:
> -> broken handling of "bind u digraph U+" (bug #48691)
> -> crash with long $TERM (bug #48983)
> -> crash when bumping blank window
> -> build for AIX (bug #49149)
> -> %x improperly separating arguments
> -> install with custom DESTDIR (bug #48370)

> Version 4.4.0 (19/06/2016):
>   * Support up to 24 function keys
>   * Fix runtime issues
>   * 'logfile' command, starts logging into new file upon changing
>
> Version 4.3.1 (28/06/2015):
>   * Fix resize bug
>
> Version 4.3.0 (13/06/2015):
>   * Introduce Xx string escape showing the executed command of a window
>   * Implement dead/zombie window polling, allowing for auto reconnecting
>   * Allow setting hardstatus on first line
>
>   New Commands:
>   * 'sort' command sorting windows by title
>   * 'bumpleft', 'bumpright' - manually move windows on window list
>   * 'collapse' removing numbering 'gaps' between windows, by renumbering
>   * 'windows' command now accepts arguments for use with querying

Create the bee file from scratch, and configure it as in the BLFS book
[3].

```
$ bee init https://ftp.gnu.org/gnu/screen/screen-4.4.0.tar.gz
creating screen-4.4.0-0.bee from template '/etc/default/bee/templates/fallback'
```

Keep `/run/uscreens` as directory for the user sockets as done in
earlier versions.

>  --with-socket-dir=/run/screen: This option places the per-user
>  sockets in a standard location.
>
> --with-sys-screenrc=/etc/screenrc: This option places the global
> screenrc file in /etc.
>
> --with-pty-group=5: This option sets the gid to the value used by LFS.

[1] https://lists.gnu.org/archive/html/screen-users/2017-01/msg00004.html
[2] http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog
[3] http://www.linuxfromscratch.org/blfs/view/7.9/general/screen.html
@pmenzel
screen: Convert to versionless bee file
1a82eaf
@donald
Copy link
Collaborator

donald commented Jan 20, 2017

tested on theinternet

@donald donald merged commit c671e7a into master Jan 20, 2017
@pmenzel
Copy link
Collaborator Author

pmenzel commented Jan 20, 2017

For the record:

$ sudo bee update screen
installing /src/mariux/beeroot/packages/screen-4.5.0-0.x86_64.bee.tar.bz2 ..
adding screen.info to /usr/share/info/dir
removing screen-4.0.3-1.x86_64 ..
removing screen.info from /usr/share/info/dir
removing screen.info-1 from /usr/share/info/dir
install-info: warning: no entries found for `/usr/share/info/screen.info-1'; nothing deleted
removing screen.info-2 from /usr/share/info/dir
install-info: warning: no entries found for `/usr/share/info/screen.info-2'; nothing deleted
removing screen.info-3 from /usr/share/info/dir
install-info: warning: no entries found for `/usr/share/info/screen.info-3'; nothing deleted
removing screen.info-4 from /usr/share/info/dir
install-info: warning: no entries found for `/usr/share/info/screen.info-4'; nothing deleted
removing screen.info-5 from /usr/share/info/dir
install-info: warning: no entries found for `/usr/share/info/screen.info-5'; nothing deleted

@donald
Copy link
Collaborator

donald commented Jan 20, 2017

Seen that, too. Don't care :-)

donald added a commit that referenced this pull request Jan 24, 2017
@donald
Revert "Merge pull request #275 /update-screen-from-4.0.3-to-4.5.0"
77124f4 
This reverts commit c671e7a, reversing
changes made to df88465.

We suspect that screen-4.5.0-0 has a severe security bug: logiles
specified by -L name seem to be opened as root:

> buczek@sigusr2:~$ rm bla.bla
> rm: cannot remove ‘bla.bla’: No such file or directory
> buczek@sigusr2:~$ screen -L bla.bla -- echo hallo
> [screen is terminating]
> buczek@sigusr2:~$ cat bla.bla
> hallo
> buczek@sigusr2:~$ ls -l bla.bla
> -rw-rw---- 1 root buczek 7 Jan 24 12:52 bla.bla
> buczek@sigusr2:~$

We were able to overwrite /etc/passwd.

So for now undo the merge until the issue is analyzed.
donald added a commit that referenced this pull request Jan 24, 2017
@donald
Revert "Merge pull request #275 update-screen-from-4.0.3-to-4.5.0"
3246138 
This reverts commit c671e7a, reversing
changes made to df88465.

We suspect that screen-4.5.0-0 has a severe security bug: logiles
specified by -L name seem to be opened as root:

> buczek@sigusr2:~$ rm bla.bla
> rm: cannot remove ‘bla.bla’: No such file or directory
> buczek@sigusr2:~$ screen -L bla.bla -- echo hallo
> [screen is terminating]
> buczek@sigusr2:~$ cat bla.bla
> hallo
> buczek@sigusr2:~$ ls -l bla.bla
> -rw-rw---- 1 root buczek 7 Jan 24 12:52 bla.bla
> buczek@sigusr2:~$

We were able to overwrite /etc/passwd.

So for now undo the merge until the issue is analyzed.
@donald donald mentioned this pull request Jan 24, 2017
Closed
@donald donald deleted the update-screen-from-4.0.3-to-4.5.0 branch February 12, 2017 13:51
Sign in to join this conversation on GitHub.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pmenzel @donald