[dtach/f18] Properly handle close.

Lon Hohberger lon at fedoraproject.org
Fri Feb 22 21:28:30 UTC 2013 

commit 389350d76be0827ae02bee3dfaec34a657d42005
Author: Lon Hohberger <lhh at redhat.com>
Date:   Fri Feb 22 15:48:31 2013 -0500

    Properly handle close.
    
    Patch from Luk Claes.
    
    Resolves: rhbz#835853

 bz835853-properly-handle-close.patch |   37 ++++++++++++++++++++++++++++++++++
 dtach.spec                           |    9 +++++++-
 2 files changed, 45 insertions(+), 1 deletions(-)
---
diff --git a/bz835853-properly-handle-close.patch b/bz835853-properly-handle-close.patch
new file mode 100644
index 0000000..20eba5f
--- /dev/null
+++ b/bz835853-properly-handle-close.patch
@@ -0,0 +1,37 @@
+#diff -u dtach-0.8/debian/changelog dtach-0.8/debian/changelog
+#--- dtach-0.8/debian/changelog
+#+++ dtach-0.8/debian/changelog
+#@@ -1,3 +1,10 @@
+#+dtach (0.8-2.1) unstable; urgency=high
+#+
+#+  * Non-maintainer upload by the Security Team.
+#+  * Fix CVE-2012-3368: properly handle close request (Closes: #625302).
+#+
+#+ -- Luk Claes <luk at debian.org>  Mon, 02 Jul 2012 01:53:44 +0200
+#+
+# dtach (0.8-2) unstable; urgency=low
+# 
+#   * Updated to Policy version 3.8.1
+#only in patch2:
+#unchanged:
+--- dtach-0.8.orig/attach.c
++++ dtach-0.8/attach.c
+@@ -237,12 +237,16 @@
+ 		/* stdin activity */
+ 		if (n > 0 && FD_ISSET(0, &readfds))
+ 		{
++			ssize_t l;
++
+ 			pkt.type = MSG_PUSH;
+ 			memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
+-			pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
++			l = read(0, pkt.u.buf, sizeof(pkt.u.buf));
+ 
+-			if (pkt.len <= 0)
++			if (l <= 0)
+ 				exit(1);
++
++			pkt.len = l;
+ 			process_kbd(s, &pkt);
+ 			n--;
+ 		}
diff --git a/dtach.spec b/dtach.spec
index 74faee8..aca0b02 100644
--- a/dtach.spec
+++ b/dtach.spec
@@ -1,12 +1,13 @@
 Summary: A simple program that emulates the detach feature of screen
 Name: dtach
 Version: 0.8
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 URL: http://dtach.sourceforge.net
 Group: Applications/System
 Source: http://prdownloads.sourceforge.net/dtach/dtach-%{version}.tar.gz
 Buildroot: %{_tmppath}/%{name}-%{version}-root
+Patch0: bz835853-properly-handle-close.patch 
  
 %description
 
@@ -18,9 +19,11 @@ full-screen applications such as emacs.
   
 %prep
 %setup -q
+%patch0 -p1
  
 %build
 %configure
+
 make %{?_smp_mflags}
  
 %install
@@ -41,6 +44,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*
 
 %changelog
+* Fri Feb 22 2013 Lon Hohberger <lhh at redhat.com> - 0.8-8
+- Properly handle closes.  Patch from Luk Claes <luk at debian dot org>
+- Resolves: rhbz#835853
+
 * Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

More information about the scm-commits mailing list