Circumvent a trivial root privilege escalation.

See:
https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html

Reported by:	Tim Zingelman <tez@pkgsrc.org>
Security:	CVE not assigned yet

2 files changed, 18 insertions, 2 deletions

diff --git a/sysutils/screen/Makefile b/sysutils/screen/Makefile
index c5aab2594cba..423ee5cb9ee9 100644
--- a/sysutils/screen/Makefile
+++ b/sysutils/screen/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	screen
 PORTVERSION=	4.5.0
+PORTREVISION=	1
 CATEGORIES=	sysutils
 MASTER_SITES=	http://ftp.gnu.org/gnu/screen/ \
 		ftp://ftp.gnu.org/gnu/screen/ \
diff --git a/sysutils/screen/files/patch-screen.c b/sysutils/screen/files/patch-screen.c
index b374c0985f3d..141285c558cf 100644
--- a/sysutils/screen/files/patch-screen.c
+++ b/sysutils/screen/files/patch-screen.c
@@ -1,6 +1,21 @@
 --- screen.c.orig	2017-01-17 11:28:29.397404660 -0800
-+++ screen.c	2017-01-18 04:54:50.874421000 -0800
-@@ -2222,7 +2222,7 @@
++++ screen.c	2017-01-24 17:31:24.342944000 -0800
+@@ -674,11 +674,14 @@
+               if (strlen(screenlogfile) > PATH_MAX)
+                 Panic(0, "-L: logfile name too long. (max. %d char)", PATH_MAX);
+ 
++#if 0
++/* see https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html */
+               FILE *w_check;
+               if ((w_check = fopen(screenlogfile, "w")) == NULL)
+                 Panic(0, "-L: logfile name access problem");
+               else
+                 fclose(w_check);
++#endif
+             }
+             nwin_options.Lflag = 1;
+             break;
+@@ -2222,7 +2225,7 @@
    pn2 = pn = p + padlen;
    r = winmsg_numrend;
    while (p >= buf) {