diff options
| author |   Justin Lecher <jlec@gentoo.org> | 2012-11-07 21:21:35 +0000 |
|---|---|---|
| committer | Justin Lecher <jlec@gentoo.org> | 2012-11-07 21:21:35 +0000 |
| commit | 068cfd227fb1d1fd49b02bfc217ad57f2e3fa26d (patch) | |
| tree | 01ccd20d236cac136e2897452baa20dcb867fe6e /app-misc/dtach | |
| parent | Slot gstreamer dependencies in preparation for gstreamer-1.0. (diff) | |
| download | historical-068cfd227fb1d1fd49b02bfc217ad57f2e3fa26d.tar.gz historical-068cfd227fb1d1fd49b02bfc217ad57f2e3fa26d.tar.bz2 historical-068cfd227fb1d1fd49b02bfc217ad57f2e3fa26d.zip | |
app-misc/dtach: Backport fix for CVE-2012-3368, #426496
Package-Manager: portage-2.2.0_alpha142/cvs/Linux x86_64
Manifest-Sign-Key: 0x8009D6F070EB7916
Diffstat (limited to 'app-misc/dtach')
| -rw-r--r-- | app-misc/dtach/ChangeLog | 10 | ||||
| -rw-r--r-- | app-misc/dtach/Manifest | 14 | ||||
| -rw-r--r-- | app-misc/dtach/dtach-0.8-r1.ebuild | 26 | ||||
| -rw-r--r-- | app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch | 35 |
4 files changed, 82 insertions, 3 deletions
diff --git a/app-misc/dtach/ChangeLog b/app-misc/dtach/ChangeLog index fda68d5291e9..138cf1388949 100644 --- a/app-misc/dtach/ChangeLog +++ b/app-misc/dtach/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-misc/dtach -# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-misc/dtach/ChangeLog,v 1.17 2011/01/04 17:55:39 jlec Exp $ +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-misc/dtach/ChangeLog,v 1.18 2012/11/07 21:21:34 jlec Exp $ + +*dtach-0.8-r1 (07 Nov 2012) + + 07 Nov 2012; Justin Lecher <jlec@gentoo.org> +dtach-0.8-r1.ebuild, + +files/dtach-0.8-CVE-2012-3368.patch: + Backport fix for CVE-2012-3368, #426496 04 Jan 2011; Justin Lecher <jlec@gentoo.org> dtach-0.8.ebuild: Some Clean up diff --git a/app-misc/dtach/Manifest b/app-misc/dtach/Manifest index 5ed1fa6fdd0d..9d4e92e9fa94 100644 --- a/app-misc/dtach/Manifest +++ b/app-misc/dtach/Manifest @@ -1,4 +1,16 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +AUX dtach-0.8-CVE-2012-3368.patch 1040 SHA256 2366af67282d85b1a84739db2d4b186c9038d02712baf15367bd51c5d8871499 SHA512 64ab0e8384e4f04e43b8565440b0ec3f0d43b87e142cd15dda0eec2b320aa3e8ed437524dcdbd390b83f4cb39c13df3575318be4de5f8eec50fb710c9ec1170b WHIRLPOOL 0b098b5726f8da149911f39f988b9ba4c907286bbc4717356b47ebdd7135b97456f754ebd9513f24beb49ea363690d8596a1a677bdb25ce09c9bf0f8b698f21f DIST dtach-0.8.tar.gz 55472 SHA256 16614ebddf8ab2811d3dc0e7f329c7de88929ac6a9632d4cb4aef7fe11b8f2a9 SHA512 ad0a788d10a5e1e1be4c353b64e1e4a0dc8c888492a638b2442d7c59ef31d67975357116435a1059141bfc2c82a3a6e9e490faa87cf81e5fc3bc7457a99c1193 WHIRLPOOL 271236b493a36e159081570c1a2bea41cc58e151a9cdfd99d2a4f27486dd62d4c1955a4b858b356ef0d6613e1a9c5c8958ca3bd143e0fb07a12f3cb92370f989 +EBUILD dtach-0.8-r1.ebuild 570 SHA256 2ddcc1734cf57a5ae382789049f17a93317ad4ffe90f513511fde40d1938a276 SHA512 6906f9256ff7b7e93c47808fb7c0dddea25555e81a5bc45801bfcca897511b6055f03a7b178b68e357f6be80ee6dabaeb4a2adfb8191559eb4ea7265217f850e WHIRLPOOL 14b89672b19e8357fed6603a67628c1de687b3bdd0128b9f3e5d666e6a2acc8cf5a68e1adb40c7a7a45114c8a3c1ff035c4a42afa9b6e0d3133d0049a19602e9 EBUILD dtach-0.8.ebuild 555 SHA256 34fa74df8797b397f5f83a7dd37c6f2ca4c179aa54afd736a4f31e2f3d1951da SHA512 4c0a9071d7d9700de690e3244a6fe96010b73b330dd07efe8d574b09e32e72fb52b5953114ec809c18f236f4281620229defb74837c656eb4204809be2a95099 WHIRLPOOL 20dbfffee53f1b85afababae057fe21652a251c6959d03055236d609528d1a1414c5ec9876d992774f7869a0bd46c2c7baa22b2356643c221e8ad753d9ef9a18 -MISC ChangeLog 1834 SHA256 225e683ae10e2ce55fa4b077df9ee84f9983a1717d1e0f01e136a7df0552c733 SHA512 d76822d26fd62e3d4ee7c8a9e8c6641933095410595a5c639c946ff736a2aa765eb28c478af4cca44edb77b78f298320240e08c36e6a0ba88b80adfcde88cdd8 WHIRLPOOL e89c63b826a493944c268fab15b3f28fb9e30a31370436bb56c057093a62d6cc39a7e7cc726c0d455e6be9224f1b08eaad6920a2d3434b7b50b808939a5d2f4f +MISC ChangeLog 2015 SHA256 5c0fcdaeac2fe7f6bcfe0f39d97902f3b02fba264a1ecc88de41acf53698fc78 SHA512 2f4fdbd3820f9afaec979592aa230f1e0fcb59f6eeb778349617682aaeaa6222d285191234313c16fc41de122f55b2f91d4e5ea79f49674b56c7d3355f1b5b85 WHIRLPOOL 6765a20ffcc5a9832f0e32f1a42543937d621170a31a215cb684a6a3d1b075accb745da41f3c926d955c77d307fe2611bb89617ea47dfbc8c93d9a4bca5e2ca0 MISC metadata.xml 259 SHA256 36f9f0904d122ba5db28f73561f8191aa9c5136d68d0abf75308104c736c5d18 SHA512 30d8762119eede1720a73580333b0523786c26d4f09cb9a1ac9582c8c2bbcf5c7ff06a1ddba87941fef51ef85e7bde87f0fa4458f71677fc784ce3ae3915e415 WHIRLPOOL 2fd72cd4466a8681c60f5f2ef3bc8cfcb947e13b374d18a5259c523bb79e725efd4e79a5280b0f59fc84449004f870d466c69d79a6d521ce2d38183f2fc616d4 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (GNU/Linux) + +iEYEAREKAAYFAlCa0N8ACgkQgAnW8HDreRZyUgCcC7idaXVj4iMT7Ko5p0BSiP0S ++tQAn0bxwSo9VOPiQbHhGdVmq2SvRgUC +=k5gT +-----END PGP SIGNATURE----- diff --git a/app-misc/dtach/dtach-0.8-r1.ebuild b/app-misc/dtach/dtach-0.8-r1.ebuild new file mode 100644 index 000000000000..af5d42545172 --- /dev/null +++ b/app-misc/dtach/dtach-0.8-r1.ebuild @@ -0,0 +1,26 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-misc/dtach/dtach-0.8-r1.ebuild,v 1.1 2012/11/07 21:21:34 jlec Exp $ + +EAPI=4 + +inherit eutils + +DESCRIPTION="Emulates the detach feature of screen" +HOMEPAGE="http://dtach.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2012-3368.patch +} + +src_install() { + dobin dtach + doman dtach.1 + dodoc README +} diff --git a/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch b/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch new file mode 100644 index 000000000000..82d5f0e1e159 --- /dev/null +++ b/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch @@ -0,0 +1,35 @@ +Fix error handling for read from stdin in attach.c + +attach.c did not correctly handle a read from stdin when read returned +an error. The code assigned the return value of read to pkt.len (an +unsigned char) before checking the value. This prevented the error check +from working correctly, since an unsigned integer can never be < 0. + +A packet with an invalid length was then sent to the master, which then +sent 255 bytes of garbage to the program. + +Fix the bug in attach.c and the unchecked packet length bug in master.c. + +Report and initial patch by Enrico Scholz. + +--- attach.c 2012/07/01 21:26:10 1.12 ++++ attach.c 2012/07/01 21:44:34 1.13 +@@ -237,12 +237,16 @@ + /* stdin activity */ + if (n > 0 && FD_ISSET(0, &readfds)) + { ++ ssize_t len; ++ + pkt.type = MSG_PUSH; + memset(pkt.u.buf, 0, sizeof(pkt.u.buf)); +- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); ++ len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); + +- if (pkt.len <= 0) ++ if (len <= 0) + exit(1); ++ ++ pkt.len = len; + process_kbd(s, &pkt); + n--; + } |