screen: 5.0.0 -> 5.0.1

Fixes CVE-2025-46805, CVE-2025-46804, CVE-2025-46803, CVE-2025-46802, CVE-2025-23395. https://lists.gnu.org/archive/html/screen-devel/2025-05/msg00008.html
2025-06-09 19:13:26 +03:00 · 2025-05-16 12:05:09 +02:00 · 2025-05-16 12:05:09 +02:00 · 0932102402
commit 0932102402
parent a369fdd2c7
2 changed files with 2 additions and 22 deletions
--- a/pkgs/by-name/sc/screen/buffer-overflow-SendCmdMessage.patch
+++ b/pkgs/by-name/sc/screen/buffer-overflow-SendCmdMessage.patch
@ -1,13 +0,0 @@
--- a/attacher.c	2025-02-24 20:15:31.701820351 +0100
-+++ b/attacher.c	2025-02-24 20:17:05.893826559 +0100
-@@ -461,8 +461,8 @@
- 		size_t len;
- 		len = strlen(*av) + 1;
- 		if (p + len >= m.m.command.cmd + ARRAY_SIZE(m.m.command.cmd) - 1)
-			break;
-+			Panic(0, "Total length of the command to send too large.\n");
-		strncpy(p, *av, MAXPATHLEN);
-+		memcpy(p, *av, len);
- 		p += len;
- 	}
- 	*p = 0;
--- a/pkgs/by-name/sc/screen/package.nix
+++ b/pkgs/by-name/sc/screen/package.nix
@ -10,11 +10,11 @@

 stdenv.mkDerivation rec {
  pname = "screen";
-  version = "5.0.0";
+  version = "5.0.1";

  src = fetchurl {
    url = "mirror://gnu/screen/screen-${version}.tar.gz";
-    hash = "sha256-8Eo50AoOXHyGpVM4gIkDCCrV301z3xov00JZdq7ZSXE=";
+    hash = "sha256-La429Ns3n/zRS2kVlrpuwYrDqeIrxHrCOXiatYQJhp0=";
  };

  configureFlags = [
@ -25,13 +25,6 @@ stdenv.mkDerivation rec {
  # We need _GNU_SOURCE so that mallocmock_reset() is defined: https://savannah.gnu.org/bugs/?66416
  NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE=1 -Wno-int-conversion -Wno-incompatible-pointer-types";

-  patches = [
-    # GNU Screen 5.0 uses strncpy incorrectly in SendCmdMessage
-    # This causes issues detected when using -D_FORTIFY_SOURCE=3
-    # e.g. https://savannah.gnu.org/bugs/index.php?66215
-    ./buffer-overflow-SendCmdMessage.patch
-  ];
-
  nativeBuildInputs = [
    autoreconfHook
  ];