Re: [ptxdist] [PATCH] screen: Version bump. 5.0.0 -> 5.0.1

Christian Melki Fri, 16 May 2025 09:26:43 -0700

Hi Michael.

Yeah. Looks like release mishaps.
They didn't release the tarball for +72h after the announcement.
And it seems that the first one (the one I sent) was botched.
You can see the my (and others) complaint in these threads:


https://www.phoronix.com/forums/forum/software/general-linux-open-source/1546098-gnu-screen-5-0-1-released-due-to-several-security-vulnerabilities/page2

https://lists.gnu.org/archive/html/screen-devel/2025-05/msg00018.html

At this point I'd just update the md5 since they reused the same version
number. Do you want me to send a new one?

Regards,
Christian


On 5/16/25 9:46 AM, Michael Olbrich wrote:
> On Thu, May 15, 2025 at 07:38:51PM +0200, Christian Melki wrote:
>> Security and other fixes.
>> https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00002.html
>>
>> Security fixes:
>> CVE-2025-46805: do NOT send signals with root privileges
>> CVE-2025-46804: avoid file existence test information leaks
>> CVE-2025-46803: apply safe PTY default mode of 0620
>> CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
>> CVE-2025-23395: reintroduce lf_secreopen() for logfile
>>
>> * Forward patchset, applies cleanly.
>>
>> Signed-off-by: Christian Melki <[email protected]>
>> ---
>>  .../{screen-5.0.0 => screen-5.0.1}/0001-suppress_remap.patch  | 0
>>  patches/{screen-5.0.0 => screen-5.0.1}/autogen.sh             | 0
>>  patches/{screen-5.0.0 => screen-5.0.1}/series                 | 0
>>  rules/screen.make                                             | 4 ++--
>>  4 files changed, 2 insertions(+), 2 deletions(-)
>>  rename patches/{screen-5.0.0 => screen-5.0.1}/0001-suppress_remap.patch 
>> (100%)
>>  rename patches/{screen-5.0.0 => screen-5.0.1}/autogen.sh (100%)
>>  rename patches/{screen-5.0.0 => screen-5.0.1}/series (100%)
>>
>> diff --git a/patches/screen-5.0.0/0001-suppress_remap.patch 
>> b/patches/screen-5.0.1/0001-suppress_remap.patch
>> similarity index 100%
>> rename from patches/screen-5.0.0/0001-suppress_remap.patch
>> rename to patches/screen-5.0.1/0001-suppress_remap.patch
>> diff --git a/patches/screen-5.0.0/autogen.sh 
>> b/patches/screen-5.0.1/autogen.sh
>> similarity index 100%
>> rename from patches/screen-5.0.0/autogen.sh
>> rename to patches/screen-5.0.1/autogen.sh
>> diff --git a/patches/screen-5.0.0/series b/patches/screen-5.0.1/series
>> similarity index 100%
>> rename from patches/screen-5.0.0/series
>> rename to patches/screen-5.0.1/series
>> diff --git a/rules/screen.make b/rules/screen.make
>> index 1bac9b8b8..69a65a9b8 100644
>> --- a/rules/screen.make
>> +++ b/rules/screen.make
>> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_SCREEN) += screen
>>  #
>>  # Paths and names
>>  #
>> -SCREEN_VERSION              := 5.0.0
>> -SCREEN_MD5          := befc115989242ed4bceeff8d8bfeb4e6
>> +SCREEN_VERSION              := 5.0.1
>> +SCREEN_MD5          := 4306c5446abd48b7899a211c4d0456b2
> 
> Hmm, I'm getting a different md5 here. Can you check what is going on here?
> 
> Michael
> 
>>  SCREEN                      := screen-$(SCREEN_VERSION)
>>  SCREEN_SUFFIX               := tar.gz
>>  SCREEN_URL          := $(call ptx/mirror, GNU, 
>> screen/$(SCREEN).$(SCREEN_SUFFIX))
>> -- 
>> 2.34.1
>>
>>
>>
>

Re: [ptxdist] [PATCH] screen: Version bump. 5.0.0 -> 5.0.1

Reply via email to