beep 1.3: Fixes for CVE-2018-0492
authorMatthias Fischer <matthias.fischer@ipfire.org>
Fri, 6 Apr 2018 11:48:19 +0000 (13:48 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 11 Apr 2018 19:03:19 +0000 (20:03 +0100)
For details see:
https://src.fedoraproject.org/cgit/rpms/beep.git
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/beep
src/patches/beep/0001-Fixed-Makefile.patch [new file with mode: 0644]
src/patches/beep/0002-Add-more-error-detection.patch [new file with mode: 0644]
src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch [new file with mode: 0644]
src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch [new file with mode: 0644]
src/patches/beep/0006-Preserve-file-modification-time-on-install.patch [new file with mode: 0644]
src/patches/beep/0007-Fix-identation-if-brace-error.patch [new file with mode: 0644]
src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch [new file with mode: 0644]

index 437677b..c7d6313 100644 (file)
--- a/lfs/beep
+++ b/lfs/beep
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -70,6 +70,15 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0001-Fixed-Makefile.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0002-Add-more-error-detection.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0007-Fix-identation-if-brace-error.patch
+       cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch
+
        cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
        cd $(DIR_APP) && install -m 0755 beep /usr/bin
        @rm -rf $(DIR_APP)
diff --git a/src/patches/beep/0001-Fixed-Makefile.patch b/src/patches/beep/0001-Fixed-Makefile.patch
new file mode 100644 (file)
index 0000000..6b35ab0
--- /dev/null
@@ -0,0 +1,44 @@
+From 8b32b8b088be1f29e8bfea57a97b9bfaa76ec8ee Mon Sep 17 00:00:00 2001
+From: Chris Wong <chrisyco@gmail.com>
+Date: Wed, 23 Nov 2011 10:39:53 +1300
+Subject: [PATCH] Fixed Makefile
+
+* Use /usr/share/man (see http://www.pathname.com/fhs/2.2/fhs-4.11.html#4.11.5)
+
+* Removed trailing spaces
+
+* Added optimization flag (must beep FAST!!!)
+---
+ Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index cc359c4..0f4f810 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,19 +1,19 @@
+ CC=gcc
+-FLAGS=-Wall
++FLAGS=-Wall -O2
+ EXEC_NAME=beep
+ INSTALL_DIR=/usr/bin
+ MAN_FILE=beep.1.gz
+-MAN_DIR=/usr/man/man1
++MAN_DIR=/usr/share/man/man1
+ default : beep
+-clean : 
++clean :
+       rm ${EXEC_NAME}
+ beep : beep.c
+       ${CC} ${FLAGS} -o ${EXEC_NAME} beep.c
+-install : 
++install :
+       cp ${EXEC_NAME} ${INSTALL_DIR}
+       # rm -f /usr/man/man1/beep.1.bz2
+       cp ${MAN_FILE} ${MAN_DIR}
+-- 
+2.7.5
diff --git a/src/patches/beep/0002-Add-more-error-detection.patch b/src/patches/beep/0002-Add-more-error-detection.patch
new file mode 100644 (file)
index 0000000..733af9b
--- /dev/null
@@ -0,0 +1,44 @@
+From d3aee6c489852108c91dc22abcacff364e9429f2 Mon Sep 17 00:00:00 2001
+From: Chris Wong <chrisyco@gmail.com>
+Date: Wed, 23 Nov 2011 11:34:55 +1300
+Subject: [PATCH] Add more error detection
+
+---
+ beep.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/beep.c b/beep.c
+index 452fc08..14fac3e 100644
+--- a/beep.c
++++ b/beep.c
+@@ -98,11 +98,11 @@ char *console_device = NULL;
+ void do_beep(int freq) {
+-  if (console_type == BEEP_TYPE_CONSOLE) {
+-    if(ioctl(console_fd, KIOCSOUND, freq != 0
+-      ? (int)(CLOCK_TICK_RATE/freq)
+-      : freq) < 0) {
+-      printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
++  int period = (freq != 0 ? (int)(CLOCK_TICK_RATE/freq) : freq);
++
++  if(console_type == BEEP_TYPE_CONSOLE) {
++    if(ioctl(console_fd, KIOCSOUND, period) < 0) {
++      putchar('\a');  /* Output the only beep we can, in an effort to fall back on usefulness */
+       perror("ioctl");
+     }
+   } else {
+@@ -113,7 +113,10 @@ void do_beep(int freq) {
+      e.code = SND_TONE;
+      e.value = freq;
+-     write(console_fd, &e, sizeof(struct input_event));
++     if(write(console_fd, &e, sizeof(struct input_event)) < 0) {
++       putchar('\a'); /* See above */
++       perror("write");
++     }
+   }
+ }
+-- 
+2.7.5
diff --git a/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch b/src/patches/beep/0004-also-catch-SIGTERM-for-stopping-the-beep.patch
new file mode 100644 (file)
index 0000000..c11061e
--- /dev/null
@@ -0,0 +1,32 @@
+From e1320c1da52ca92aa68b4224f9532982184fbe00 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=A9r=C3=B4me?= <jerome@jolimont.fr>
+Date: Thu, 7 Feb 2013 12:54:53 +0100
+Subject: [PATCH] also catch SIGTERM for stopping the beep
+
+Signed-off-by: Gerfried Fuchs <rhonda@deb.at>
+---
+ beep.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/beep.c b/beep.c
+index 452fc08..9cb63bf 100644
+--- a/beep.c
++++ b/beep.c
+@@ -130,6 +130,7 @@ void handle_signal(int signum) {
+   switch(signum) {
+   case SIGINT:
++  case SIGTERM:
+     if(console_fd >= 0) {
+       /* Kill the sound, quit gracefully */
+       do_beep(0);
+@@ -324,6 +325,7 @@ int main(int argc, char **argv) {
+   parms->next       = NULL;
+   signal(SIGINT, handle_signal);
++  signal(SIGTERM, handle_signal);
+   parse_command_line(argc, argv, parms);
+   /* this outermost while loop handles the possibility that -n/--new has been
+-- 
+2.7.5
diff --git a/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch b/src/patches/beep/0005-Make-build-install-more-user-and-packaging-friendly.patch
new file mode 100644 (file)
index 0000000..9e2b481
--- /dev/null
@@ -0,0 +1,85 @@
+From 947a7e332908dcba1c7e523fbdc927d39ee6adb1 Mon Sep 17 00:00:00 2001
+From: Hans Ulrich Niedermann <hun@n-dimensional.de>
+Date: Tue, 19 Nov 2013 23:40:50 +0100
+Subject: [PATCH] Make build/install more user and packaging friendly
+
+Make the build and install more user and packaging friendly
+by introducing the following features in the Makefile:
+
+  * Honor the $(CFLAGS) set when calling make.
+
+  * Prefix all install locations with $(DESTDIR) for
+    easy package building.
+
+  * Use GNU Makefile conventions for defining installation
+    directories. This means $(bindir) and $(man1dir)
+    instead of the former $(INSTALL_DIR) and $(MAN_DIR).
+
+  * Use install(1) for installing files and directories
+    so that permissions can be set properly.
+
+  * Stop "make clean" failing when it has nothing to do.
+
+  * Add 'uninstall' make target.
+
+  * Make 'install' target build executable if necessary.
+---
+ Makefile | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 0f4f810..942a7a5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,19 +1,37 @@
+ CC=gcc
+ FLAGS=-Wall -O2
++
++INSTALL=install
++
+ EXEC_NAME=beep
+-INSTALL_DIR=/usr/bin
+ MAN_FILE=beep.1.gz
+-MAN_DIR=/usr/share/man/man1
+-default : beep
++# Use GNU makefile conventions for directory names with one notable
++# exception: prefix is not /usr/local in order to keep the default
++# installation location for beep.
++prefix=/usr
++exec_prefix=$(prefix)
++bindir=$(exec_prefix)/bin
++datarootdir=$(prefix)/share
++mandir=$(datarootdir)/man
++man1dir=$(mandir)/man1
++
++.PHONY: all
++all: $(EXEC_NAME)
++
++.PHONY: clean
++clean:
++      rm -f $(EXEC_NAME)
+-clean :
+-      rm ${EXEC_NAME}
++$(EXEC_NAME): beep.c
++      $(CC) $(FLAGS) $(CFLAGS) -o $(EXEC_NAME) beep.c
+-beep : beep.c
+-      ${CC} ${FLAGS} -o ${EXEC_NAME} beep.c
++install: all
++      $(INSTALL) -m 0755 -d           $(DESTDIR)$(bindir)
++      $(INSTALL) -m 0755 $(EXEC_NAME) $(DESTDIR)$(bindir)/
++      $(INSTALL) -m 0755 -d           $(DESTDIR)$(man1dir)
++      $(INSTALL) -m 0644 $(MAN_FILE)  $(DESTDIR)$(man1dir)/
+-install :
+-      cp ${EXEC_NAME} ${INSTALL_DIR}
+-      # rm -f /usr/man/man1/beep.1.bz2
+-      cp ${MAN_FILE} ${MAN_DIR}
++uninstall:
++      rm -f $(DESTDIR)$(bindir)/$(EXEC_NAME)
++      rm -f $(DESTDIR)$(man1dir)/$(MAN_FILE)
+-- 
+2.7.5
+
diff --git a/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch b/src/patches/beep/0006-Preserve-file-modification-time-on-install.patch
new file mode 100644 (file)
index 0000000..fe844e6
--- /dev/null
@@ -0,0 +1,32 @@
+From 4622dd15dc12dab47a0381a8a7188f0f0421e01d Mon Sep 17 00:00:00 2001
+From: Hans Ulrich Niedermann <hun@n-dimensional.de>
+Date: Wed, 20 Nov 2013 00:00:54 +0100
+Subject: [PATCH] Preserve file modification time on install
+
+Add -p option to install(1) invocation in order to preserve
+the timestamps of the files being installed.
+---
+ Makefile | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 942a7a5..290b8a4 100644
+--- a/Makefile
++++ b/Makefile
+@@ -27,10 +27,10 @@ $(EXEC_NAME): beep.c
+       $(CC) $(FLAGS) $(CFLAGS) -o $(EXEC_NAME) beep.c
+ install: all
+-      $(INSTALL) -m 0755 -d           $(DESTDIR)$(bindir)
+-      $(INSTALL) -m 0755 $(EXEC_NAME) $(DESTDIR)$(bindir)/
+-      $(INSTALL) -m 0755 -d           $(DESTDIR)$(man1dir)
+-      $(INSTALL) -m 0644 $(MAN_FILE)  $(DESTDIR)$(man1dir)/
++      $(INSTALL) -m 0755 -d              $(DESTDIR)$(bindir)
++      $(INSTALL) -m 0755 -p $(EXEC_NAME) $(DESTDIR)$(bindir)/
++      $(INSTALL) -m 0755 -d              $(DESTDIR)$(man1dir)
++      $(INSTALL) -m 0644 -p $(MAN_FILE)  $(DESTDIR)$(man1dir)/
+ uninstall:
+       rm -f $(DESTDIR)$(bindir)/$(EXEC_NAME)
+-- 
+2.7.5
diff --git a/src/patches/beep/0007-Fix-identation-if-brace-error.patch b/src/patches/beep/0007-Fix-identation-if-brace-error.patch
new file mode 100644 (file)
index 0000000..30ec414
--- /dev/null
@@ -0,0 +1,41 @@
+From 35ba84dccb8fc8dc43cb3f575904a33ffa27e7b7 Mon Sep 17 00:00:00 2001
+From: Hans Ulrich Niedermann <hun@n-dimensional.de>
+Date: Tue, 3 Apr 2018 19:11:07 +0200
+Subject: [PATCH] Fix indentation/if brace error
+
+As beep.c is not Python, the code blocks must be defined by
+using braces instead of just indenting them differently.
+
+Once we do that, the outcome of multiple -f parameters will
+actually match what the warning message documents beep does:
+Only the last -f value will be used.
+
+Many projects proscribe using braces everywhere, but this
+change keeps the beep.c coding style of using braces only
+when absolutely necessary.
+
+This issue was discovered by compiling with gcc 6.
+---
+ beep.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/beep.c b/beep.c
+index 7da2e70..d46adc8 100644
+--- a/beep.c
++++ b/beep.c
+@@ -194,11 +194,12 @@ void parse_command_line(int argc, char **argv, beep_parms_t *result) {
+       if(!sscanf(optarg, "%f", &argfreq) || (argfreq >= 20000 /* ack! */) || 
+        (argfreq <= 0))
+       usage_bail(argv[0]);
+-      else
++      else {
+       if (result->freq != 0)
+         fprintf(stderr, "WARNING: multiple -f values given, only last "
+           "one is used.\n");
+       result->freq = argfreq;    
++      }
+       break;
+     case 'l' : /* length */
+       if(!sscanf(optarg, "%d", &argval) || (argval < 0))
+-- 
+2.7.5
diff --git a/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch b/src/patches/beep/0008-Apply-CVE-2018-0492-from-Debian-package.patch
new file mode 100644 (file)
index 0000000..ac1f0b5
--- /dev/null
@@ -0,0 +1,117 @@
+From 3b67473e16aaf2f83cb8ac18c13c9183a8e3c7b2 Mon Sep 17 00:00:00 2001
+From: Hans Ulrich Niedermann <hun@n-dimensional.de>
+Date: Tue, 3 Apr 2018 18:37:33 +0200
+Subject: [PATCH] Apply CVE-2018-0492.patch from Debian package
+
+---
+ beep.c | 53 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 24 insertions(+), 29 deletions(-)
+
+diff --git a/beep.c b/beep.c
+index d46adc8..f6781e8 100644
+--- a/beep.c
++++ b/beep.c
+@@ -109,6 +109,7 @@ void do_beep(int freq) {
+      /* BEEP_TYPE_EVDEV */
+      struct input_event e;
++     memset(&e, 0, sizeof(e));
+      e.type = EV_SND;
+      e.code = SND_TONE;
+      e.value = freq;
+@@ -124,10 +125,6 @@ void do_beep(int freq) {
+ /* If we get interrupted, it would be nice to not leave the speaker beeping in
+    perpetuity. */
+ void handle_signal(int signum) {
+-
+-  if(console_device)
+-    free(console_device);
+-
+   switch(signum) {
+   case SIGINT:
+   case SIGTERM:
+@@ -258,7 +255,7 @@ void parse_command_line(int argc, char **argv, beep_parms_t *result) {
+       result->verbose = 1;
+       break;
+     case 'e' : /* also --device */
+-      console_device = strdup(optarg);
++      console_device = optarg;
+       break;
+     case 'h' : /* notice that this is also --help */
+     default :
+@@ -277,26 +274,6 @@ void play_beep(beep_parms_t parms) {
+       "%d delay after) @ %.2f Hz\n",
+       parms.reps, parms.length, parms.delay, parms.end_delay, parms.freq);
+-  /* try to snag the console */
+-  if(console_device)
+-    console_fd = open(console_device, O_WRONLY);
+-  else
+-    if((console_fd = open("/dev/tty0", O_WRONLY)) == -1)
+-      console_fd = open("/dev/vc/0", O_WRONLY);
+-
+-  if(console_fd == -1) {
+-    fprintf(stderr, "Could not open %s for writing\n",
+-      console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0");
+-    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
+-    perror("open");
+-    exit(1);
+-  }
+-
+-  if (ioctl(console_fd, EVIOCGSND(0)) != -1)
+-    console_type = BEEP_TYPE_EVDEV;
+-  else
+-    console_type = BEEP_TYPE_CONSOLE;
+-  
+   /* Beep */
+   for (i = 0; i < parms.reps; i++) {                    /* start beep */
+     do_beep(parms.freq);
+@@ -306,8 +283,6 @@ void play_beep(beep_parms_t parms) {
+     if(parms.end_delay || (i+1 < parms.reps))
+        usleep(1000*parms.delay);                        /* wait...    */
+   }                                                     /* repeat.    */
+-
+-  close(console_fd);
+ }
+@@ -329,6 +304,26 @@ int main(int argc, char **argv) {
+   signal(SIGTERM, handle_signal);
+   parse_command_line(argc, argv, parms);
++  /* try to snag the console */
++  if(console_device)
++    console_fd = open(console_device, O_WRONLY);
++  else
++    if((console_fd = open("/dev/tty0", O_WRONLY)) == -1)
++      console_fd = open("/dev/vc/0", O_WRONLY);
++
++  if(console_fd == -1) {
++    fprintf(stderr, "Could not open %s for writing\n",
++      console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0");
++    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
++    perror("open");
++    exit(1);
++  }
++
++  if (ioctl(console_fd, EVIOCGSND(0)) != -1)
++    console_type = BEEP_TYPE_EVDEV;
++  else
++    console_type = BEEP_TYPE_CONSOLE;
++
+   /* this outermost while loop handles the possibility that -n/--new has been
+      used, i.e. that we have multiple beeps specified. Each iteration will
+      play, then free() one parms instance. */
+@@ -366,8 +361,8 @@ int main(int argc, char **argv) {
+     parms = next;
+   }
+-  if(console_device)
+-    free(console_device);
++  close(console_fd);
++  console_fd = -1;
+   return EXIT_SUCCESS;
+ }
+-- 
+2.7.5