screen: backport fix for CVE-2023-24626

(From OE-Core rev: c72eb91464b1a0792f87e6321bbdd02f0012ffd7) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 05c7f446ca790f3695d04665aad118e42b7a52be) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-04-02 02:49:11 +00:00 · 2023-04-19 14:41:42 +01:00 · 2023-04-19 14:41:42 +01:00 · aec8ff5fc3
commit aec8ff5fc3
parent 71719963b9
2 changed files with 41 additions and 0 deletions
--- a/meta/recipes-extended/screen/screen/signal-permission.patch
+++ b/meta/recipes-extended/screen/screen/signal-permission.patch
@ -0,0 +1,40 @@
+From e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Mon Sep 17 00:00:00 2001
+From: Alexander Naumov <alexander_naumov@opensuse.org>
+Date: Mon, 30 Jan 2023 17:22:25 +0200
+Subject: fix: missing signal sending permission check on failed query messages
+
+Signed-off-by: Alexander Naumov <alexander_naumov@opensuse.org>
+
+CVE: CVE-2023-24626
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ src/socket.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/socket.c b/src/socket.c
+index 147dc54..54d8cb8 100644
+--- a/socket.c
+++ b/socket.c
+@@ -1285,11 +1285,16 @@ ReceiveMsg()
+           else
+             queryflag = -1;
+ 
+-          Kill(m.m.command.apid,
+          if (CheckPid(m.m.command.apid)) {
+            Msg(0, "Query attempt with bad pid(%d)!", m.m.command.apid);
+          }
+          else {
+            Kill(m.m.command.apid,
+                (queryflag >= 0)
+                    ? SIGCONT
+                    : SIG_BYE); /* Send SIG_BYE if an error happened */
+-          queryflag = -1;
+            queryflag = -1;
+          }
+         }
+         break;
+       case MSG_COMMAND:
+-- 
+cgit v1.1
+
--- a/meta/recipes-extended/screen/screen_4.9.0.bb
+++ b/meta/recipes-extended/screen/screen_4.9.0.bb
@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
           file://0001-fix-for-multijob-build.patch \
           file://0001-Remove-more-compatibility-stuff.patch \
           file://0001-configure-Add-needed-system-headers-in-checks.patch \
+           file://signal-permission.patch \
           "

 SRC_URI[sha256sum] = "f9335281bb4d1538ed078df78a20c2f39d3af9a4e91c57d084271e0289c730f4"