git: 8f528507e9ca - main - sysutils/screen: Disable multiuser mode by default

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Tue, 29 Mar 2022 15:43:16 UTC 
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8f528507e9ca0e4f9020269ac69fc7d87249417d

commit 8f528507e9ca0e4f9020269ac69fc7d87249417d
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-03-29 15:02:19 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-03-29 15:39:28 +0000

    sysutils/screen: Disable multiuser mode by default
    
    Multiuser mode is a handy way to share a screen among people who do
    not reside in the same location. Unforutnately it requires that screen
    be setuid root. GNU screen has had a number of CVEs over the years.
    See https://www.cvedetails.com/vulnerability-list/vendor_id-72/\
    product_id-1860/GNU-Screen.html. Removing the setuid bit mitigates this
    at the expense of breaking the multuser feature.
    
    Red Hat removed GNU screen's setuid bit over a dozen years ago. Their
    rationale is documented in their bugzilla bug 580339, where they stated
    that most users don't use the multiuser feature. (Personally, I'm the only
    person I know of who uses that feature.)
    
    Users who use the multuser feature should enable the MUILTUSER option
    prior to building screen or using poudriere-options. Alternatively, users
    can chmod the setuid bit on when needed.
    
    PR:             262903
    Submitted by:   david@isnic.is (mostly)
    Reported by:    david@isnic.is
---
 sysutils/screen/Makefile  | 7 +++++--
 sysutils/screen/pkg-plist | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sysutils/screen/Makefile b/sysutils/screen/Makefile
index 8929ce4e5ef7..664bc585e091 100644
--- a/sysutils/screen/Makefile
+++ b/sysutils/screen/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	screen
 PORTVERSION=	4.9.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	sysutils
 MASTER_SITES=	GNU \
 		ftp://ftp.gnu.org/gnu/screen/ \
@@ -18,7 +18,7 @@ COMMENT=	Multi-screen window manager
 
 LICENSE=	GPLv3
 
-OPTIONS_DEFINE=		INFO NETHACK XTERM_256 SYSTEM_SCREENRC
+OPTIONS_DEFINE=		INFO NETHACK XTERM_256 SYSTEM_SCREENRC MULTIUSER
 OPTIONS_DEFAULT=	INFO NETHACK XTERM_256 SOCKETS SYSTEM_SCREENRC \
 			NCURSES_DEFAULT
 OPTIONS_SINGLE=		IPC NCURSES
@@ -29,6 +29,9 @@ XTERM_256_DESC=		Enable support for 256 colour xterm
 SOCKETS_DESC=		Use new (4.2.1+) sockets for IPC (default)
 NAMED_PIPES_DESC=	Use legacy (4.0.3) named pipes for IPC (override)
 SYSTEM_SCREENRC_DESC=	Install system screenrc with helpful status line
+MULTIUSER_DESC=		Install setuid-root screen to support multiuser
+MULTIUSER_PLIST_SUB=	MULTIUSER_SCREEN="@(,,4755) "
+MULTUSER_PLIST_SUB_OFF=	MULTIUSER_SCREEN="@(,,0755) "
 NCURSES_DEFAULT_DESC=	Depend on ncurses (ports if installed, otherwise base)
 NCURSES_BASE_DESC=	Depend on ncurses in base
 NCURSES_PORT_DESC=	Depend on devel/ncurses in ports
diff --git a/sysutils/screen/pkg-plist b/sysutils/screen/pkg-plist
index faddf89b1799..e1afe2d637e4 100644
--- a/sysutils/screen/pkg-plist
+++ b/sysutils/screen/pkg-plist
@@ -1,5 +1,5 @@
 bin/screen
-bin/screen-4.9.0
+%%MULTIUSER_SCREEN%%bin/screen-4.9.0
 man/man1/screen.1.gz
 %%DATADIR%%/utf8encodings/01
 %%DATADIR%%/utf8encodings/02