23:44 Cy Schubert (cy) 

sysutils/screen: Update to 4.9.0

Update screen to 4.9.0. From the release announcement:

New in this release:
  * Hardstatus option for used encoding (escape string '%e')
  * Fixes:
    - fix combining char handling that could lead to a segfault
    - CVE-2021-26937: possible denial of service via a crafted UTF-8
      character sequence (bug #60030)
    - make screen exit code be 0 when checking --help
    - session names limit is 80 symbols (bug #61534)
    - option -X ignores specified user in multiuser env (bug #37437)
    - a lot of reformations/fixes/cleanups (man page and source code)

For full list of changes see
https://git.savannah.gnu.org/cgit/screen.git/log/?h=v.4.9.0

Note that CVE-2021-26937 was fixed in the FreeBSD port in 2021.

    9bdc788

00:45 cy 

Fix CVE-2021-26937 for real: segfaults by displaying some UTF-8 characters

This is a recommit of r565281 fixing a typo in r565281, causing
a regression.

CVE-2021-26937 segfaults when displayingsome UTF-8 characters
described in
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html.

PR:		253515
Reported by:	daniel.engberg.lists at pyret.net
Obtained from:	https://build.opensuse.org/request/show/871482
MFH:		2020Q1
Security:	CVE-2021-26937

 

19:17 cy 

Revert r565281. It breaks UTF-8.

Reported by:	Trond.Endrestol at ximalas.info
		Christos Chatzaras <chris at cretaforce.gr>
PR:		253515

 

01:35 cy 

Fix CVE-2021-26937: segfaults by displaying some UTF-8 characters

CVE-2021-26937 segfaults when displayingsome UTF-8 characters
described in
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html.

PR:		253515
Reported by:	daniel.engberg.lists at pyret.net
Obtained from:	https://build.opensuse.org/request/show/871482
MFH:		2020Q1
Security:	CVE-2021-26937

 

19:34 cy 

Back out previous commit. It broke UTF8 functioning.

Submitted by:   Dmitry Marakasov <amdmi3@amdmi3.ru>

04:28 cy 

Add support for KOI8-U.

PR:             ports/156031
Submitted by:   Valentin Nechayev <netch@netch.kiev.ua>