From nobody Fri Mar 18 09:49:51 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 64F6A1A1ACEC for ; Fri, 18 Mar 2022 09:50:28 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KKfQD2D9Hz3kBb for ; Fri, 18 Mar 2022 09:50:28 +0000 (UTC) (envelope-from sunpoet@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647597028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ld89nXsfxhZ3X0xxpdP8OxChtfbUKISqDtCfdX8pYKU=; b=EQrRiR9NV38RmX+Ya3sQtmGLxOxksQa0D+URpMjWZPbgQSTaq4eBBW9+A3+5YI6/6qva5f tV3y3/wMyj2b14UQtrnLmHxeSRPb+yDtyzgOVGgVu47HaO5LO1TKtu953k9HvS4+Wbw8lg thNVTf3Sl5GMBXxzS86eyeYJhBs08kKyNV7YdxqIzBwR5IOEgWGmqFbNRkgCUhWSYkfP57 spNrwQKW+fLKO9xtnaeFO7EGBMYS1k+3+UymLreh7Wg5WIAJimSa7vP9Ebju7rTb70aFQg dYPtyHa+HsksihLgrrzuZlQ33VLmH4izvRUISLWE+9cbuDvEpbeVKNlGH0sNeg== Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com [209.85.217.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) (Authenticated sender: sunpoet) by smtp.freebsd.org (Postfix) with ESMTPSA id 287EA22A54 for ; Fri, 18 Mar 2022 09:50:28 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: by mail-vs1-f45.google.com with SMTP id i63so3652025vsi.5 for ; Fri, 18 Mar 2022 02:50:28 -0700 (PDT) X-Gm-Message-State: AOAM530MEPdxrpuyVMqcLZvLA5MFyqNxAjFf/7TAr+RSIa4eE8v7seqs JDin5RXpkHrbyJQwiT5OPJPgc2kOgizfjRkaEYAO6g== X-Google-Smtp-Source: ABdhPJwJuDhl6b3HkW08M5erS4qRmAL/7mT4bVzQPyqHwbv+DV21njT6M7OKQneJxUi6jBbr2Dfo8gco4rkyN3K+scQ= X-Received: by 2002:a05:6102:3c9e:b0:324:df0e:309e with SMTP id c30-20020a0561023c9e00b00324df0e309emr673284vsv.52.1647597027583; Fri, 18 Mar 2022 02:50:27 -0700 (PDT) List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 References: <202203172344.22HNifI6099252@gitrepo.freebsd.org> In-Reply-To: <202203172344.22HNifI6099252@gitrepo.freebsd.org> From: Po-Chuan Hsieh Date: Fri, 18 Mar 2022 17:49:51 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: git: 9bdc78861688 - main - sysutils/screen: Update to 4.9.0 To: Cy Schubert Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Content-Type: multipart/alternative; boundary="0000000000009000ac05da7b1350" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647597028; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ld89nXsfxhZ3X0xxpdP8OxChtfbUKISqDtCfdX8pYKU=; b=yyrhYZVMAiucfD6kXH5mM+1ZpkdE2r67tYg86oHkmSNZwoLlNus1dMkQUvo/ddXjVd0S3t TfvU9UJSim4Q0xtnqCeQ53s5NEmgR5UAv/LcqN4aDHbNKGnwuCscPUaTI2L7IeqL8trknK 7l2cl3Lzg15wSPBJ+sQb3piQY/GDAda/DWbq3c2SxGODdZoFFOlJVwry2u/TEhRKSvezlN SrjC2SzkXGbYQFc8o6fYCJOQMZMtq7poz7Wmb/25pzG4dHFqsLK0Df/PkoBGCu6G6x/Qaw 6JHz/R/wFS1wrJCc4kVT1YWePKc5frvMLtTR6AOUONuofH5pjPr9YkGwtigROw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1647597028; a=rsa-sha256; cv=none; b=Rhq6pr0zcvGPqesfHSju3du1IsuKT2E9c7tWRXG3X5RFEUQaxc6BvCRSmDpcYU7Zyl4GfK 220NGrQJU791tHr3ggvk/0CKBj2MO0U8hF52FQ88yBMvZEv2h5hZZ78lfPLoo0+ApmX78D LgXZ07CUUBLap+DJUzG/60nnLUT8uD1W0az1ZBldA6Cr1lM+7ZxMWOmJiTlgB6VmooAfoQ 2M+eX0EZPLIzMxqNI8Kp+u05d9IhqjNG7QR53kaMTnohOugt6h9S5KqPwTZo2uX6AXUvhq 6HAr8ub3be09IhpRD523nU3lO175ly2GfJwqajz41aazvtXkzSWkZeZtvMCVkA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N --0000000000009000ac05da7b1350 Content-Type: text/plain; charset="UTF-8" On Fri, Mar 18, 2022 at 7:44 AM Cy Schubert wrote: > The branch main has been updated by cy: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=9bdc788616889d0a2b3f9c8b8996610cdfe82be7 > > commit 9bdc788616889d0a2b3f9c8b8996610cdfe82be7 > Author: Cy Schubert > AuthorDate: 2022-03-17 17:54:50 +0000 > Commit: Cy Schubert > CommitDate: 2022-03-17 23:44:10 +0000 > > sysutils/screen: Update to 4.9.0 > > Update screen to 4.9.0. From the release announcement: > > New in this release: > * Hardstatus option for used encoding (escape string '%e') > Hi, It seems the SHOWENC option is no longer needed. And it breaks the build as follows: ===> Building for screen-4.9.0 gmake[1]: Entering directory '/usr/ports/works/usr/ports/sysutils/screen/work/screen-4.9.0' CPP="cpp -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"'" srcdir=. sh ./osdef.sh AWK=/usr/bin/awk CC="cc -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing " srcdir=. sh ./comm.sh AWK=/usr/bin/awk srcdir=. sh ./term.sh sh ./tty.sh tty.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing putenv.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing kmapdef.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing term.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing comm.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing screen.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing ansi.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing fileio.c cc -c -I. -I. -DETCSCREENRC='"/usr/local/etc/screenrc"' -DSCREENENCODINGS='"/usr/local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=\"\" \ -O2 -pipe -I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-aliasing mark.c screen.c:1215:5: warning: expression result unused [-Wunused-value] *--av; ^~~~~ screen.c:2789:10: error: duplicate case value '101' case 'e': ^ screen.c:2766:7: note: previous case defined here case 'e': ^ 1 warning and 1 error generated. Regards, sunpoet * Fixes: > - fix combining char handling that could lead to a segfault > - CVE-2021-26937: possible denial of service via a crafted UTF-8 > character sequence (bug #60030) > - make screen exit code be 0 when checking --help > - session names limit is 80 symbols (bug #61534) > - option -X ignores specified user in multiuser env (bug #37437) > - a lot of reformations/fixes/cleanups (man page and source code) > > For full list of changes see > https://git.savannah.gnu.org/cgit/screen.git/log/?h=v.4.9.0 > > Note that CVE-2021-26937 was fixed in the FreeBSD port in 2021. --0000000000009000ac05da7b1350 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Fri, Mar 18, 2022 at 7:44 AM Cy Schube= rt <cy@freebsd.org> wrote:
<= /div>=3D=3D=3D> =C2=A0Building for screen-4.9.0gmake[1]: Entering directory '/usr/ports/works/usr/ports/sysutils/scr= een/work/screen-4.9.0'
CPP=3D"cpp -DETCSCREENRC=3D'"/u= sr/local/etc/screenrc"' -DSCREENENCODINGS=3D'"/usr/local/= share/screen/utf8encodings"'" srcdir=3D. sh ./osdef.sh
AWK= =3D/usr/bin/awk CC=3D"cc -O2 -pipe =C2=A0-I/usr/include -DCOLORS256 -f= stack-protector-strong -fno-strict-aliasing " srcdir=3D. sh ./comm.sh<= br>AWK=3D/usr/bin/awk srcdir=3D. sh ./term.sh
sh ./tty.sh tty.c
cc -c= -I. -I. =C2=A0-DETCSCREENRC=3D'"/usr/local/etc/screenrc"'= ; -DSCREENENCODINGS=3D'"/usr/local/share/screen/utf8encodings"= ;' -DHAVE_CONFIG_H -DGIT_REV=3D\"\" \
=C2=A0 =C2=A0 =C2=A0= -O2 -pipe =C2=A0-I/usr/include -DCOLORS256 -fstack-protector-strong -fno-st= rict-aliasing =C2=A0putenv.c
cc -c -I. -I. =C2=A0-DETCSCREENRC=3D'&q= uot;/usr/local/etc/screenrc"' -DSCREENENCODINGS=3D'"/usr/= local/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=3D\&q= uot;\" \
=C2=A0 =C2=A0 =C2=A0-O2 -pipe =C2=A0-I/usr/include -DCOLOR= S256 -fstack-protector-strong -fno-strict-aliasing =C2=A0kmapdef.c
cc -c= -I. -I. =C2=A0-DETCSCREENRC=3D'"/usr/local/etc/screenrc"'= ; -DSCREENENCODINGS=3D'"/usr/local/share/screen/utf8encodings"= ;' -DHAVE_CONFIG_H -DGIT_REV=3D\"\" \
=C2=A0 =C2=A0 =C2=A0= -O2 -pipe =C2=A0-I/usr/include -DCOLORS256 -fstack-protector-strong -fno-st= rict-aliasing =C2=A0term.c
cc -c -I. -I. =C2=A0-DETCSCREENRC=3D'&quo= t;/usr/local/etc/screenrc"' -DSCREENENCODINGS=3D'"/usr/lo= cal/share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=3D\&quo= t;\" \
=C2=A0 =C2=A0 =C2=A0-O2 -pipe =C2=A0-I/usr/include -DCOLORS2= 56 -fstack-protector-strong -fno-strict-aliasing =C2=A0comm.c
cc -c -I. = -I. =C2=A0-DETCSCREENRC=3D'"/usr/local/etc/screenrc"' -DS= CREENENCODINGS=3D'"/usr/local/share/screen/utf8encodings"'= ; -DHAVE_CONFIG_H -DGIT_REV=3D\"\" \
=C2=A0 =C2=A0 =C2=A0-O2 -= pipe =C2=A0-I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-= aliasing =C2=A0screen.c
cc -c -I. -I. =C2=A0-DETCSCREENRC=3D'"/= usr/local/etc/screenrc"' -DSCREENENCODINGS=3D'"/usr/local= /share/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=3D\"\= " \
=C2=A0 =C2=A0 =C2=A0-O2 -pipe =C2=A0-I/usr/include -DCOLORS256 = -fstack-protector-strong -fno-strict-aliasing =C2=A0ansi.c
cc -c -I. -I.= =C2=A0-DETCSCREENRC=3D'"/usr/local/etc/screenrc"' -DSCRE= ENENCODINGS=3D'"/usr/local/share/screen/utf8encodings"' -= DHAVE_CONFIG_H -DGIT_REV=3D\"\" \
=C2=A0 =C2=A0 =C2=A0-O2 -pip= e =C2=A0-I/usr/include -DCOLORS256 -fstack-protector-strong -fno-strict-ali= asing =C2=A0fileio.c
cc -c -I. -I. =C2=A0-DETCSCREENRC=3D'"/usr= /local/etc/screenrc"' -DSCREENENCODINGS=3D'"/usr/local/sh= are/screen/utf8encodings"' -DHAVE_CONFIG_H -DGIT_REV=3D\"\&qu= ot; \
=C2=A0 =C2=A0 =C2=A0-O2 -pipe =C2=A0-I/usr/include -DCOLORS256 -fs= tack-protector-strong -fno-strict-aliasing =C2=A0mark.c
screen.c:1215:5:= warning: expression result unused [-Wunused-value]
=C2=A0 =C2=A0 *--av;=
=C2=A0 =C2=A0 ^~~~~
screen.c:2789:10: error: duplicate case value &#= 39;101'
=C2=A0 =C2=A0 case 'e':
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0^
screen.c:2766:7: note: previous case defined here
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 case 'e':
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0^
1 warning and 1 error generated.

<= /div>
Regards,
sunpoet

=C2=A0 =C2=A0 =C2=A0 * Fixes:
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - fix combining char handling that could lead t= o a segfault
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - CVE-2021-26937: possible denial of service vi= a a crafted UTF-8
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 character sequence (bug #60030)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - make screen exit code be 0 when checking --he= lp
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - session names limit is 80 symbols (bug #61534= )
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - option -X ignores specified user in multiuser= env (bug #37437)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 - a lot of reformations/fixes/cleanups (man pag= e and source code)

=C2=A0 =C2=A0 For full list of changes see
=C2=A0 =C2=A0
https://git.savannah.gnu.= org/cgit/screen.git/log/?h=3Dv.4.9.0

=C2=A0 =C2=A0 Note that CVE-2021-26937 was fixed in the FreeBSD port in 202= 1.
--0000000000009000ac05da7b1350--