From: Matthias Fischer Date: Fri, 6 Apr 2018 11:48:19 +0000 (+0200) Subject: beep 1.3: Fixes for CVE-2018-0492 X-Git-Tag: v2.21-core122~199 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=4217b4b6d84501ab437dfc0f2c8e711e8816e643 beep 1.3: Fixes for CVE-2018-0492 For details see: https://src.fedoraproject.org/cgit/rpms/beep.git https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492 Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- diff --git a/lfs/beep b/lfs/beep index 437677b737..c7d63134c6 100644 --- a/lfs/beep +++ b/lfs/beep @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2018 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -70,6 +70,15 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0001-Fixed-Makefile.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0002-Add-more-error-detection.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0007-Fix-identation-if-brace-error.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && install -m 0755 beep /usr/bin @rm -rf $(DIR_APP) diff --git a/src/patches/beep/0001-Fixed-Makefile.patch b/src/patches/beep/0001-Fixed-Makefile.patch new file mode 100644 index 0000000000..6b35ab0a9b --- /dev/null +++ b/src/patches/beep/0001-Fixed-Makefile.patch @@ -0,0 +1,44 @@ +From 8b32b8b088be1f29e8bfea57a97b9bfaa76ec8ee Mon Sep 17 00:00:00 2001 +From: Chris Wong +Date: Wed, 23 Nov 2011 10:39:53 +1300 +Subject: [PATCH] Fixed Makefile + +* Use /usr/share/man (see http://www.pathname.com/fhs/2.2/fhs-4.11.html#4.11.5) + +* Removed trailing spaces + +* Added optimization flag (must beep FAST!!!) +--- + Makefile | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index cc359c4..0f4f810 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,19 +1,19 @@ + CC=gcc +-FLAGS=-Wall ++FLAGS=-Wall -O2 + EXEC_NAME=beep + INSTALL_DIR=/usr/bin + MAN_FILE=beep.1.gz +-MAN_DIR=/usr/man/man1 ++MAN_DIR=/usr/share/man/man1 + + default : beep + +-clean : ++clean : + rm ${EXEC_NAME} + + beep : beep.c + ${CC} ${FLAGS} -o ${EXEC_NAME} beep.c + +-install : ++install : + cp ${EXEC_NAME} ${INSTALL_DIR} + # rm -f /usr/man/man1/beep.1.bz2 + cp ${MAN_FILE} ${MAN_DIR} +-- +2.7.5 diff --git a/src/patches/beep/0002-Add-more-error-detection.patch b/src/patches/beep/0002-Add-more-error-detection.patch new file mode 100644 index 0000000000..733af9b15f --- /dev/null +++ b/src/patches/beep/0002-Add-more-error-detection.patch @@ -0,0 +1,44 @@ +From d3aee6c489852108c91dc22abcacff364e9429f2 Mon Sep 17 00:00:00 2001 +From: Chris Wong +Date: Wed, 23 Nov 2011 11:34:55 +1300 +Subject: [PATCH] Add more error detection + +--- + beep.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/beep.c b/beep.c +index 452fc08..14fac3e 100644 +--- a/beep.c ++++ b/beep.c +@@ -98,11 +98,11 @@ char *console_device = NULL; + + + void do_beep(int freq) { +- if (console_type == BEEP_TYPE_CONSOLE) { +- if(ioctl(console_fd, KIOCSOUND, freq != 0 +- ? (int)(CLOCK_TICK_RATE/freq) +- : freq) < 0) { +- printf("\a"); /* Output the only beep we can, in an effort to fall back on usefulness */ ++ int period = (freq != 0 ? (int)(CLOCK_TICK_RATE/freq) : freq); ++ ++ if(console_type == BEEP_TYPE_CONSOLE) { ++ if(ioctl(console_fd, KIOCSOUND, period) < 0) { ++ putchar('\a'); /* Output the only beep we can, in an effort to fall back on usefulness */ + perror("ioctl"); + } + } else { +@@ -113,7 +113,10 @@ void do_beep(int freq) { + e.code = SND_TONE; + e.value = freq; + +- write(console_fd, &e, sizeof(struct input_event)); ++ if(write(console_fd, &e, sizeof(struct input_event)) < 0) { ++ putchar('\a'); /* See above */ ++ perror("write"); ++ } + } + } + +-- +2.7.5 diff --git a/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch b/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch new file mode 100644 index 0000000000..c11061e6a2 --- /dev/null +++ b/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch @@ -0,0 +1,32 @@ +From e1320c1da52ca92aa68b4224f9532982184fbe00 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=B4me?= +Date: Thu, 7 Feb 2013 12:54:53 +0100 +Subject: [PATCH] also catch SIGTERM for stopping the beep + +Signed-off-by: Gerfried Fuchs +--- + beep.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/beep.c b/beep.c +index 452fc08..9cb63bf 100644 +--- a/beep.c ++++ b/beep.c +@@ -130,6 +130,7 @@ void handle_signal(int signum) { + + switch(signum) { + case SIGINT: ++ case SIGTERM: + if(console_fd >= 0) { + /* Kill the sound, quit gracefully */ + do_beep(0); +@@ -324,6 +325,7 @@ int main(int argc, char **argv) { + parms->next = NULL; + + signal(SIGINT, handle_signal); ++ signal(SIGTERM, handle_signal); + parse_command_line(argc, argv, parms); + + /* this outermost while loop handles the possibility that -n/--new has been +-- +2.7.5 diff --git a/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch b/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch new file mode 100644 index 0000000000..9e2b481b31 --- /dev/null +++ b/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch @@ -0,0 +1,85 @@ +From 947a7e332908dcba1c7e523fbdc927d39ee6adb1 Mon Sep 17 00:00:00 2001 +From: Hans Ulrich Niedermann +Date: Tue, 19 Nov 2013 23:40:50 +0100 +Subject: [PATCH] Make build/install more user and packaging friendly + +Make the build and install more user and packaging friendly +by introducing the following features in the Makefile: + + * Honor the $(CFLAGS) set when calling make. + + * Prefix all install locations with $(DESTDIR) for + easy package building. + + * Use GNU Makefile conventions for defining installation + directories. This means $(bindir) and $(man1dir) + instead of the former $(INSTALL_DIR) and $(MAN_DIR). + + * Use install(1) for installing files and directories + so that permissions can be set properly. + + * Stop "make clean" failing when it has nothing to do. + + * Add 'uninstall' make target. + + * Make 'install' target build executable if necessary. +--- + Makefile | 40 +++++++++++++++++++++++++++++----------- + 1 file changed, 29 insertions(+), 11 deletions(-) + +diff --git a/Makefile b/Makefile +index 0f4f810..942a7a5 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,19 +1,37 @@ + CC=gcc + FLAGS=-Wall -O2 ++ ++INSTALL=install ++ + EXEC_NAME=beep +-INSTALL_DIR=/usr/bin + MAN_FILE=beep.1.gz +-MAN_DIR=/usr/share/man/man1 + +-default : beep ++# Use GNU makefile conventions for directory names with one notable ++# exception: prefix is not /usr/local in order to keep the default ++# installation location for beep. ++prefix=/usr ++exec_prefix=$(prefix) ++bindir=$(exec_prefix)/bin ++datarootdir=$(prefix)/share ++mandir=$(datarootdir)/man ++man1dir=$(mandir)/man1 ++ ++.PHONY: all ++all: $(EXEC_NAME) ++ ++.PHONY: clean ++clean: ++ rm -f $(EXEC_NAME) + +-clean : +- rm ${EXEC_NAME} ++$(EXEC_NAME): beep.c ++ $(CC) $(FLAGS) $(CFLAGS) -o $(EXEC_NAME) beep.c + +-beep : beep.c +- ${CC} ${FLAGS} -o ${EXEC_NAME} beep.c ++install: all ++ $(INSTALL) -m 0755 -d $(DESTDIR)$(bindir) ++ $(INSTALL) -m 0755 $(EXEC_NAME) $(DESTDIR)$(bindir)/ ++ $(INSTALL) -m 0755 -d $(DESTDIR)$(man1dir) ++ $(INSTALL) -m 0644 $(MAN_FILE) $(DESTDIR)$(man1dir)/ + +-install : +- cp ${EXEC_NAME} ${INSTALL_DIR} +- # rm -f /usr/man/man1/beep.1.bz2 +- cp ${MAN_FILE} ${MAN_DIR} ++uninstall: ++ rm -f $(DESTDIR)$(bindir)/$(EXEC_NAME) ++ rm -f $(DESTDIR)$(man1dir)/$(MAN_FILE) +-- +2.7.5 + diff --git a/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch b/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch new file mode 100644 index 0000000000..fe844e6f1c --- /dev/null +++ b/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch @@ -0,0 +1,32 @@ +From 4622dd15dc12dab47a0381a8a7188f0f0421e01d Mon Sep 17 00:00:00 2001 +From: Hans Ulrich Niedermann +Date: Wed, 20 Nov 2013 00:00:54 +0100 +Subject: [PATCH] Preserve file modification time on install + +Add -p option to install(1) invocation in order to preserve +the timestamps of the files being installed. +--- + Makefile | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index 942a7a5..290b8a4 100644 +--- a/Makefile ++++ b/Makefile +@@ -27,10 +27,10 @@ $(EXEC_NAME): beep.c + $(CC) $(FLAGS) $(CFLAGS) -o $(EXEC_NAME) beep.c + + install: all +- $(INSTALL) -m 0755 -d $(DESTDIR)$(bindir) +- $(INSTALL) -m 0755 $(EXEC_NAME) $(DESTDIR)$(bindir)/ +- $(INSTALL) -m 0755 -d $(DESTDIR)$(man1dir) +- $(INSTALL) -m 0644 $(MAN_FILE) $(DESTDIR)$(man1dir)/ ++ $(INSTALL) -m 0755 -d $(DESTDIR)$(bindir) ++ $(INSTALL) -m 0755 -p $(EXEC_NAME) $(DESTDIR)$(bindir)/ ++ $(INSTALL) -m 0755 -d $(DESTDIR)$(man1dir) ++ $(INSTALL) -m 0644 -p $(MAN_FILE) $(DESTDIR)$(man1dir)/ + + uninstall: + rm -f $(DESTDIR)$(bindir)/$(EXEC_NAME) +-- +2.7.5 diff --git a/src/patches/beep/0007-Fix-identation-if-brace-error.patch b/src/patches/beep/0007-Fix-identation-if-brace-error.patch new file mode 100644 index 0000000000..30ec414062 --- /dev/null +++ b/src/patches/beep/0007-Fix-identation-if-brace-error.patch @@ -0,0 +1,41 @@ +From 35ba84dccb8fc8dc43cb3f575904a33ffa27e7b7 Mon Sep 17 00:00:00 2001 +From: Hans Ulrich Niedermann +Date: Tue, 3 Apr 2018 19:11:07 +0200 +Subject: [PATCH] Fix indentation/if brace error + +As beep.c is not Python, the code blocks must be defined by +using braces instead of just indenting them differently. + +Once we do that, the outcome of multiple -f parameters will +actually match what the warning message documents beep does: +Only the last -f value will be used. + +Many projects proscribe using braces everywhere, but this +change keeps the beep.c coding style of using braces only +when absolutely necessary. + +This issue was discovered by compiling with gcc 6. +--- + beep.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/beep.c b/beep.c +index 7da2e70..d46adc8 100644 +--- a/beep.c ++++ b/beep.c +@@ -194,11 +194,12 @@ void parse_command_line(int argc, char **argv, beep_parms_t *result) { + if(!sscanf(optarg, "%f", &argfreq) || (argfreq >= 20000 /* ack! */) || + (argfreq <= 0)) + usage_bail(argv[0]); +- else ++ else { + if (result->freq != 0) + fprintf(stderr, "WARNING: multiple -f values given, only last " + "one is used.\n"); + result->freq = argfreq; ++ } + break; + case 'l' : /* length */ + if(!sscanf(optarg, "%d", &argval) || (argval < 0)) +-- +2.7.5 diff --git a/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch b/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch new file mode 100644 index 0000000000..ac1f0b5144 --- /dev/null +++ b/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch @@ -0,0 +1,117 @@ +From 3b67473e16aaf2f83cb8ac18c13c9183a8e3c7b2 Mon Sep 17 00:00:00 2001 +From: Hans Ulrich Niedermann +Date: Tue, 3 Apr 2018 18:37:33 +0200 +Subject: [PATCH] Apply CVE-2018-0492.patch from Debian package + +--- + beep.c | 53 ++++++++++++++++++++++++----------------------------- + 1 file changed, 24 insertions(+), 29 deletions(-) + +diff --git a/beep.c b/beep.c +index d46adc8..f6781e8 100644 +--- a/beep.c ++++ b/beep.c +@@ -109,6 +109,7 @@ void do_beep(int freq) { + /* BEEP_TYPE_EVDEV */ + struct input_event e; + ++ memset(&e, 0, sizeof(e)); + e.type = EV_SND; + e.code = SND_TONE; + e.value = freq; +@@ -124,10 +125,6 @@ void do_beep(int freq) { + /* If we get interrupted, it would be nice to not leave the speaker beeping in + perpetuity. */ + void handle_signal(int signum) { +- +- if(console_device) +- free(console_device); +- + switch(signum) { + case SIGINT: + case SIGTERM: +@@ -258,7 +255,7 @@ void parse_command_line(int argc, char **argv, beep_parms_t *result) { + result->verbose = 1; + break; + case 'e' : /* also --device */ +- console_device = strdup(optarg); ++ console_device = optarg; + break; + case 'h' : /* notice that this is also --help */ + default : +@@ -277,26 +274,6 @@ void play_beep(beep_parms_t parms) { + "%d delay after) @ %.2f Hz\n", + parms.reps, parms.length, parms.delay, parms.end_delay, parms.freq); + +- /* try to snag the console */ +- if(console_device) +- console_fd = open(console_device, O_WRONLY); +- else +- if((console_fd = open("/dev/tty0", O_WRONLY)) == -1) +- console_fd = open("/dev/vc/0", O_WRONLY); +- +- if(console_fd == -1) { +- fprintf(stderr, "Could not open %s for writing\n", +- console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0"); +- printf("\a"); /* Output the only beep we can, in an effort to fall back on usefulness */ +- perror("open"); +- exit(1); +- } +- +- if (ioctl(console_fd, EVIOCGSND(0)) != -1) +- console_type = BEEP_TYPE_EVDEV; +- else +- console_type = BEEP_TYPE_CONSOLE; +- + /* Beep */ + for (i = 0; i < parms.reps; i++) { /* start beep */ + do_beep(parms.freq); +@@ -306,8 +283,6 @@ void play_beep(beep_parms_t parms) { + if(parms.end_delay || (i+1 < parms.reps)) + usleep(1000*parms.delay); /* wait... */ + } /* repeat. */ +- +- close(console_fd); + } + + +@@ -329,6 +304,26 @@ int main(int argc, char **argv) { + signal(SIGTERM, handle_signal); + parse_command_line(argc, argv, parms); + ++ /* try to snag the console */ ++ if(console_device) ++ console_fd = open(console_device, O_WRONLY); ++ else ++ if((console_fd = open("/dev/tty0", O_WRONLY)) == -1) ++ console_fd = open("/dev/vc/0", O_WRONLY); ++ ++ if(console_fd == -1) { ++ fprintf(stderr, "Could not open %s for writing\n", ++ console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0"); ++ printf("\a"); /* Output the only beep we can, in an effort to fall back on usefulness */ ++ perror("open"); ++ exit(1); ++ } ++ ++ if (ioctl(console_fd, EVIOCGSND(0)) != -1) ++ console_type = BEEP_TYPE_EVDEV; ++ else ++ console_type = BEEP_TYPE_CONSOLE; ++ + /* this outermost while loop handles the possibility that -n/--new has been + used, i.e. that we have multiple beeps specified. Each iteration will + play, then free() one parms instance. */ +@@ -366,8 +361,8 @@ int main(int argc, char **argv) { + parms = next; + } + +- if(console_device) +- free(console_device); ++ close(console_fd); ++ console_fd = -1; + + return EXIT_SUCCESS; + } +-- +2.7.5