Debian Patches
Status for screen/4.9.1-3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 03disable-utmp.patch | Disable UTMP updating feature. | no | debian | |||
| 05prefer-libtinfo-over-libcurses.patch | Prefer libtinfo over libcurses Try to link with -ltinfo before -lcurses to avoid a spurious dependency on systems where ncurses is built with "--with-termlib". |
Sven Joachim <svenjoac@gmx.de> | no | debian | https://bugs.debian.org/cgi-bin/bugreport.cgi?filename=0001-Prefer-libtinfo-over-libcurses.patch;att=1;msg=14;bug=819789 | 2016-04-02 |
| 11replace_doc_paths.patch | Fix the references to configuration and pipe paths to match the locations Debian uses. | Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> | not-needed | |||
| 13split_info_files.patch | Split the info files at 50k This matches the distribution style of the orig tarball. | Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> | no | debian | ||
| 26source_encoding.patch | Replace the composed characters with their respective description. =================================================================== |
Ben Finney <ben@benfinney.id.au> | no | |||
| 45suppress_remap.patch | Unbreak several useful keybindings. | Loic Minier <lool@dooz.org> | no | |||
| 60-screen-4.2.1-debian4.1.0-compatibility.patch | Patch to make 4.2.1 compatible with Debian's 4.1.0 and 4.2.0 packages 4.2.1 includes the Debian patches to extend the login name and $TERM length, but uses even larger values. This causes screen clients to no more be able to talk to older screen servers. See #644788 for a discussion of the same issue with earlier release combinations (4.1.0 vs 4.0.3). . For now this patch sets the mentioned values back to those which werew in use in Debian before (and seemed to be large enough for use in Debian). |
Axel Beckert <abe@debian.org> | not-needed | |||
| 61-default-PATH_MAX-if-undefined-for-hurd.patch | Set PATH_MAX to 4096 if undefined Fixes FTBFS since 4.4.0 on GNU/Hurd. Updated to add one more occurrence for 4.5.0. | Axel Beckert <abe@debian.org> | yes | upstream | ||
| 63-add-utempter-switch.patch | Add guarding commandline option around libutempter check | Axel Beckert <abe@debian.org> | invalid | debian | ||
| 65-wcwidth.patch | Use wcwdith instead of a hardcoded list of wide characters (It is currently unclear if this patch is suitable for upstream usage.) | Aurelien Jarno <aurelien@aurel32.net> | no | debian | https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1027733;filename=screen.wcwidth.v2.patch;msg=80 | |
| 80_session_creation_docs.patch | Add lookup code for the creation time of each session. Requires digging in /proc/$pid and /proc/uptime, though, so it's definitely no candidate for the Beautiful C contest. . Affects screen's behaviour in the following situations: . * 'screen -ls' lists available sessions sorted chronologically * 'screen -RR' now picks the youngest session instead of an arbitrary one . Patch 1/3: documentation |
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> | invalid | debian | ||
| 81_session_creation_util.patch | Add lookup code for the creation time of each session. Requires digging in /proc/$pid and /proc/uptime, though, so it's definitely no candidate for the Beautiful C contest. . Affects screen's behaviour in the following situations: . * 'screen -ls' lists available sessions sorted chronologically * 'screen -RR' now picks the youngest session instead of an arbitrary one . Patch 2/3: new utility functions |
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> | invalid | debian | ||
| 82_session_creation_core.patch | Add lookup code for the creation time of each session. Requires digging in /proc/$pid and /proc/uptime, though, so it's definitely no candidate for the Beautiful C contest. . Affects screen's behaviour in the following situations: . * 'screen -ls' lists available sessions sorted chronologically * 'screen -RR' now picks the youngest session instead of an arbitrary one . Patch 3/3: implementation of actual new feature |
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> | invalid | debian | ||
| 85_bracketed-paste-patch-by-Unit193_dpaste.com_5KJ572GZM.patch | Support "bracket paste mode" and cursor-style manipulation Hello, lists This patch adds the following two features to GNU Screen: - Bracket Paste Mode (DECSET/DECRST 2004) - DECSCUSR(cursor style manipulation) By using "bracketed paste mode", the pasted text is bracketed with special control sequences. DECSCUSR can change cursor style and shape (blink/steady, block/Vertical bar/horizontal bar). These days, many of xterm-compatible terminal emulators support these features. But current GNU Screen blocks them. This patch manages states of "Bracket Paste Mode (DECSET/DECRST 2004)" and DECSCUSR(cursor style manipulation), for each of screens. Please check it. Hayaki Saito <user@zuse.jp> https://lists.gnu.org/archive/html/screen-devel/2013-03/msg00000.html |
Hayaki Saito <user@zuse.jp> | yes | debian upstream | https://savannah.gnu.org/bugs/download.php?file_id=52911 | 2013-03-15 |
| fix-CVE-2025-46802-attacher.c-prevent-temporary-0666.patch | fix CVE-2025-46802: attacher.c - prevent temporary 0666 mode on PTYs This temporary chmod of the PTY to mode 0666 is most likely a remnant of past times, before the PTY file descriptor was passed to the target session via the UNIX domain socket. This chmod() causes a race condition during which any other user in the system can open the PTY for reading and writing, and thus allows PTY hijacking. Simply remove this logic completely. |
Matthias Gerstner <matthias.gerstner@suse.de> | no | debian | https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a | 2025-05-12 |
| fix-CVE-2025-46804-avoid-file-existence-test-informa.patch | fix CVE-2025-46804: avoid file existence test information leaks In setuid-root context the current error messages give away whether certain paths not accessible by the real user exist and what type they have. To prevent this only output generic error messages in setuid-root context. In some situations, when an error is pertaining a directory and the directory is owner by the real user then we can still output more detailed diagnostics. This change can lead to less helpful error messages when Screen is install setuid-root. More complex changes would be needed to avoid this (e.g. only open the `SocketPath` with raised privileges when multi-attach is requested). There might still be lingering some code paths that allow such information leaks, since `SocketPath` is a global variable that is used across the code base. The majority of issues should be caught with this fix, however. |
Matthias Gerstner <matthias.gerstner@suse.de> | no | https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30 | 2025-05-12 | |
| fix-CVE-2025-46805-socket.c-don-t-send-signals-with-.patch | fix CVE-2025-46805: socket.c - don't send signals with root privileges The CheckPid() function was introduced to address CVE-2023-24626, to prevent sending SIGCONT and SIGHUP to arbitrary PIDs in the system. This fix still suffers from a TOCTOU race condition. The client can replace itself by a privileged process, or try to cycle PIDs until a privileged process receives the original PID. To prevent this, always send signals using the real privileges. Keep CheckPid() for error diagnostics. If sending the actual signal fails later on then there will be no more error reporting. It seems the original bugfix already introduced a regression when attaching to another's user session that is not owned by root. In this case the target sessions runs with real uid X, while for sending a signal to the `pid` provided by the client real uid Y (or root privileges) are required. This is hard to properly fix without this regression. On Linux pidfds could be used to allow safely sending signals to other PIDs as root without involving race conditions. In this case the client PID should also be obtained via the UNIX domain socket's SO_PEERCRED option, though. |
Matthias Gerstner <matthias.gerstner@suse.de> | no | https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4 | 2025-05-12 |