Imported Debian patch 4.0.3-13debian/4.0.3-13

11 files changed, 188 insertions, 44 deletions

diff --git a/debian/README.Debian b/debian/README.Debian
index 6ad59ea..35f12d3 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -14,6 +14,32 @@ Debian Modifications
 Debian Screen Q&A
 -----------------
 
+Q: screen always complains about the permissions of /var/run/screen.
+   What's wrong?
+
+A: Simplified, the binary ensures that $SCREENDIR has just enough permission
+   bits enabled so that each user can create and access his socket directory.
+   This means:
+
+   /usr/bin/screen setuid root -> /var/run/screen 0755
+   /usr/bin/screen setgid utmp -> /var/run/screen 0775
+   /usr/bin/screen without setid bits -> /var/run/screen 0777
+
+   These cases are all handled by the init script. However, the actual test
+   is a bit more complicated. And as the variable names are all quite self-
+   explanatory, just have a look at the C code itself:
+
+]   n = (eff_uid == 0 && (real_uid || (st.st_mode & 0775) != 0775)) ? 0755 :
+]       (eff_gid == (int)st.st_gid && eff_gid != real_gid) ? 0775 :
+]       0777;
+]   if (((int)st.st_mode & 0777) != n)
+]     Panic(0, "Directory '%s' must have mode %03o.", SockDir, n);
+
+   If the invoking user has primary group utmp, the above assumption will fail.
+   The same holds if the underlying file system is mounted 'nosuid'. In these
+   cases you have to adapt the init script yourself.
+
+
 Q: shift+page up in xterm/gnome-terminal/konsole used to let me scroll back a
    bit, but now it doesn't. How can I make it work with scrollback?
 
diff --git a/debian/changelog b/debian/changelog
index c5b7d63..c1f361f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+screen (4.0.3-13) unstable; urgency=low
+
+  * Sync with Ubuntu, closes: #520359. New dpatches:
+    * 33increase_max_winmsg_renditions
+    * 35screen_invoked_with_a_command (cherry-picked from upstream)
+  * Bump Standards version to 3.8.1 (again, no changes).
+  * Accommodate initscript to adjust the $SCREENDIR permissions
+    correctly even if /usr/bin/screen is installed 0755.
+    Add a Q&A pair to README.Debian to clarify this problem.
+    Closes: #520317.
+  * Fix #433338 properly by keeping the umask instead of dropping
+    the 'public exchange file' concept. Modify dpatch 22.
+    Addresses CVE-2009-1214, CVE-2009-1215, closes: #521123.
+  * Depend on patch-stamp instead of patch in debian/rules.
+    (Phony targets as intermediates in a dep chain are braindead.)
+  * Fix job control and CTTY handling on our new kfreebsd archs.
+    Closes: #522689. Thanks to Axel Beckert for his support!
+
+ -- Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>  Fri, 10 Apr 2009 18:20:49 +0200
+
 screen (4.0.3-12) unstable; urgency=low
 
   * Back to work.
diff --git a/debian/control b/debian/control
index 6d2bfd2..9522e71 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: misc
 Priority: optional
 Maintainer: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
 Uploaders: Adam Lazur <zal@debian.org>
-Standards-Version: 3.8.0
+Standards-Version: 3.8.1
 Build-Depends: libncursesw5-dev, texinfo, libpam0g-dev, debhelper (>> 7), dpatch
 Homepage: http://www.gnu.org/software/screen
 
diff --git a/debian/init b/debian/init
index cee268e..e2dab62 100644
--- a/debian/init
+++ b/debian/init
@@ -25,12 +25,16 @@ start)
         chown root:utmp $SCREENDIR
     fi
     find $SCREENDIR -type p -print0 | xargs -0r rm -f --
-# If the local admin has used dpkg-statoverride to install screen setuid,
-# change the permissions of $SCREENDIR accordingly
-    if [ `stat -c%a /usr/bin/screen` -ge 4000 ]; then
+# If the local admin has used dpkg-statoverride to install the screen
+# binary with different set[ug]id bits, change the permissions of
+# $SCREENDIR accordingly
+    BINARYPERM=`stat -c%a /usr/bin/screen`
+    if [ "$BINARYPERM" -ge 4000 ]; then
         chmod 0755 $SCREENDIR
-    else
+    elif [ "$BINARYPERM" -ge 2000 ]; then
         chmod 0775 $SCREENDIR
+    else
+        chmod 0777 $SCREENDIR
     fi
     ;;
 stop|restart|reload|force-reload)
diff --git a/debian/patches/00list b/debian/patches/00list
index de90445..2eb485f 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -10,7 +10,7 @@
 # 10-49: "regular" code and documentation fixes
 10norootpassword
 11replace_doc_paths
-## <12 REMOVED>
+12kfreebsd_ctty
 13split_info_files
 14size_matters
 15manpage_typos
@@ -21,7 +21,7 @@
 19flowcontrol_lockup
 20defmonitor
 21manpage_nethack_activation
-22no_public_exchange
+22exchange_file_mode
 23exitcode_q_ls
 24option_parser
 25allow_symlink_sockdir
@@ -32,6 +32,8 @@
 30fix_fsf_address
 31upstream_cherries
 32misc_minor_fixes
+33increase_max_winmsg_renditions
+35screen_invoked_with_a_command
 40cjk_eastasian
 45suppress_remap
 # 50-99: experimental patches, new features etc.
diff --git a/debian/patches/12kfreebsd_ctty.dpatch b/debian/patches/12kfreebsd_ctty.dpatch
new file mode 100644
index 0000000..e2373d8
--- /dev/null
+++ b/debian/patches/12kfreebsd_ctty.dpatch
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 12kfreebsd_ctty.dpatch by  <hesso@pool.math.tu-berlin.de>
+##
+## DP: See inline documentation.
+
+@DPATCH@
+--- screen-4.0.3.orig/tty.sh	2009-04-10 18:15:51.923805915 +0200
++++ screen-4.0.3/tty.sh	2009-04-10 18:17:56.043804602 +0200
+@@ -801,18 +801,11 @@
+ 
+   mypid = getpid();
+ 
+-  /* The next lines should be obsolete. Can anybody check if they
+-   * are really needed on the BSD platforms?
+-   *
+-   * this is to avoid the message:
+-   *	fgtty: Not a typewriter (25)
++  /*
++   * Under BSD we have to set the controlling terminal again explicitly.
+    */
+-# if defined(__osf__) || (BSD >= 199103) || defined(ISC)
+-  if (separate_sids)
+-    setsid();	/* should be already done */
+-#  ifdef TIOCSCTTY
++# if defined(__FreeBSD_kernel__) && defined(TIOCSCTTY)
+   ioctl(fd, TIOCSCTTY, (char *)0);
+-#  endif
+ # endif
+ 
+ # ifdef POSIX
diff --git a/debian/patches/22exchange_file_mode.dpatch b/debian/patches/22exchange_file_mode.dpatch
new file mode 100644
index 0000000..730bf31
--- /dev/null
+++ b/debian/patches/22exchange_file_mode.dpatch
@@ -0,0 +1,38 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 22exchange_file_mode.dpatch by  <hesso@pool.math.tu-berlin.de>
+##
+## DP: Make it a bit harder to shoot oneself in the foot by
+## DP: keeping the umask tight by default when creating the
+## DP: screen exchange file. Fearless users may still chmod it.
+
+@DPATCH@
+--- screen-4.0.3.orig/fileio.c	2009-04-02 02:01:23.530568088 +0200
++++ screen-4.0.3/fileio.c	2009-04-02 02:02:18.155521670 +0200
+@@ -367,11 +367,6 @@
+   char *mode = "w";
+ #ifdef COPY_PASTE
+   int public = 0;
+-# ifdef _MODE_T
+-  mode_t old_umask;
+-# else
+-  int old_umask;
+-# endif
+ # ifdef HAVE_LSTAT
+   struct stat stb, stb2;
+   int fd, exists = 0;
+@@ -434,7 +429,6 @@
+ #ifdef COPY_PASTE
+       if (dump == DUMP_EXCHANGE && public)
+ 	{
+-          old_umask = umask(0);
+ # ifdef HAVE_LSTAT
+ 	  if (exists)
+ 	    {
+@@ -455,7 +449,6 @@
+ # else
+           f = fopen(fn, mode);
+ # endif
+-          umask(old_umask);
+ 	}
+       else
+ #endif /* COPY_PASTE */
diff --git a/debian/patches/22no_public_exchange.dpatch b/debian/patches/22no_public_exchange.dpatch
deleted file mode 100644
index 2fcc489..0000000
--- a/debian/patches/22no_public_exchange.dpatch
+++ /dev/null
@@ -1,28 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 22no_public_exchange.dpatch by  <hesso@pool.math.tu-berlin.de>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
-@DPATCH@
-diff -Naur screen-4.0.3.orig/fileio.c screen-4.0.3/fileio.c
---- screen-4.0.3.orig/fileio.c	2008-06-01 23:39:49.000000000 +0200
-+++ screen-4.0.3/fileio.c	2008-06-01 23:44:58.000000000 +0200
-@@ -414,7 +414,17 @@
- 	  fnbuf[sizeof(fnbuf) - 1] = 0;
- 	  fn = fnbuf;
- 	}
-+/**
-+ * I consider this 'public exchange file' feature a bad idea, at least
-+ * if this is the default case. I really don't like the idea of an admin
-+ * copying configuration file snippets around that might get changed
-+ * in that buffer file.
-+ * Drop the notion of a 'public' exchange file. If someone explictly wants
-+ * to share his copy buffer contents, he is free to chmod it after its
-+ * creation.
-+ * Jan Nordholz <hesso@pool.math.tu-berlin.de>, 2007/08/07
-       public = !strcmp(fn, DEFAULT_BUFFERFILE);
-+ */
- # ifdef HAVE_LSTAT
-       exists = !lstat(fn, &stb);
-       if (public && exists && (S_ISLNK(stb.st_mode) || stb.st_nlink > 1))
diff --git a/debian/patches/33increase_max_winmsg_renditions.dpatch b/debian/patches/33increase_max_winmsg_renditions.dpatch
new file mode 100644
index 0000000..74b90f0
--- /dev/null
+++ b/debian/patches/33increase_max_winmsg_renditions.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 33increase_max_winmsg_renditions.dpatch
+## by Dustin Kirkland <kirkland@canonical.com>
+##
+## DP: Increase MAX_WINMSG_REND constant from 16 to 80
+## DP: Allows for up to 64 formatting changes on a status line
+## DP: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315871
+
+@DPATCH@
+diff -uprN screen-4.0.3.orig/screen.c screen-4.0.3/screen.c
+--- screen-4.0.3.orig/screen.c	2003-09-08 09:26:41.000000000 -0500
++++ screen-4.0.3/screen.c	2009-01-10 12:06:34.698560196 -0600
+@@ -2026,7 +2026,7 @@ static const char months[] = "JanFebMarA
+ #endif
+ 
+ static char winmsg_buf[MAXSTR];
+-#define MAX_WINMSG_REND 16	/* rendition changes */
++#define MAX_WINMSG_REND 80	/* rendition changes */
+ static int winmsg_rend[MAX_WINMSG_REND];
+ static int winmsg_rendpos[MAX_WINMSG_REND];
+ static int winmsg_numrend;
diff --git a/debian/patches/35screen_invoked_with_a_command.dpatch b/debian/patches/35screen_invoked_with_a_command.dpatch
new file mode 100644
index 0000000..36a9474
--- /dev/null
+++ b/debian/patches/35screen_invoked_with_a_command.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 35screen_invoked_with_a_command.dpatch
+##
+## DP: Cherry-picked from upstream.
+## DP: From 25c4f34d19c9f7d7262ef2a173238fdab7e283be Mon Sep 17 00:00:00 2001
+## DP: From: Sadrul Habib Chowdhury <sadrul@users.sourceforge.net>
+## DP: Date: Mon, 26 Jan 2009 21:19:47 +0000
+## DP: Subject: Don't forget the startup command.
+
+## DP:Fixes savannah bug #25348, launchpad bug #311443.
+## DP:---
+## DP:diff --git a/src/screen.c b/src/screen.c
+## DP:index c914c59..7239560 100644
+
+@DPATCH@
+
+--- src/screen.c
++++ src/screen.c
+@@ -1420,6 +1420,10 @@ char **av;
+ 	  /* NOTREACHED */
+ 	}
+     }
++  else if (ac) /* Screen was invoked with a command */
++    {
++      MakeWindow(&nwin);
++    }
+ 
+ #ifdef HAVE_BRAILLE
+   StartBraille();
diff --git a/debian/rules b/debian/rules
index afcff18..549b3f1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,14 +17,14 @@ TTYGROUP := 5
 clean: unpatch
 	dh_testdir
 	dh_testroot
-	rm -f configure-stamp build-stamp
+	rm -f configure-stamp build-stamp install-stamp
 	test ! -s doc/Makefile || $(MAKE) -C doc realclean
 	test ! -s Makefile || ! grep -q clean Makefile || $(MAKE) realclean
 	rm -f config.log config.status Makefile
 	dh_clean
 
 configure: configure-stamp
-configure-stamp: patch
+configure-stamp: patch-stamp
 	dh_testdir
 	./configure --prefix=/usr \
 		    --infodir='$$(prefix)/share/info' \
@@ -41,13 +41,14 @@ configure-stamp: patch
 	touch $@
 
 build: build-stamp
-build-stamp: configure
+build-stamp: configure-stamp
 	dh_testdir
-	$(MAKE) CFLAGS+='-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers'
-	$(MAKE) CFLAGS+='-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers' -C doc
+	$(MAKE) CFLAGS+='-Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers'
+	$(MAKE) CFLAGS+='-Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers' -C doc
 	touch $@
 
-install: build
+install: install-stamp
+install-stamp: build-stamp
 	dh_testdir
 	dh_testroot
 	dh_clean
@@ -66,10 +67,11 @@ install: build
 	# lintian overrides for the setgid bin etc
 	install -m 755 -d $(ROOT)/usr/share/lintian/overrides
 	install -m 644 debian/screen.lintian.overrides $(ROOT)/usr/share/lintian/overrides/screen
+	touch $@
 
 binary: binary-arch
-binary-indep: build install
-binary-arch: build install
+binary-indep: install
+binary-arch: install
 	dh_testdir
 	dh_testroot
 	dh_installdocs
@@ -88,4 +90,4 @@ binary-arch: build install
 	dh_md5sums
 	dh_builddeb
 
-.PHONY: configure build clean binary-indep binary-arch binary install
+.PHONY: patch configure build clean binary-indep binary-arch binary install