diff options
Diffstat (limited to 'app-misc/dtach')
| -rw-r--r-- | app-misc/dtach/Manifest | 1 | ||||
| -rw-r--r-- | app-misc/dtach/dtach-0.8-r1.ebuild | 26 | ||||
| -rw-r--r-- | app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch | 35 | ||||
| -rw-r--r-- | app-misc/dtach/metadata.xml | 8 |
4 files changed, 70 insertions, 0 deletions
diff --git a/app-misc/dtach/Manifest b/app-misc/dtach/Manifest new file mode 100644 index 00000000000..238d0df3fba --- /dev/null +++ b/app-misc/dtach/Manifest @@ -0,0 +1 @@ +DIST dtach-0.8.tar.gz 55472 SHA256 16614ebddf8ab2811d3dc0e7f329c7de88929ac6a9632d4cb4aef7fe11b8f2a9 SHA512 ad0a788d10a5e1e1be4c353b64e1e4a0dc8c888492a638b2442d7c59ef31d67975357116435a1059141bfc2c82a3a6e9e490faa87cf81e5fc3bc7457a99c1193 WHIRLPOOL 271236b493a36e159081570c1a2bea41cc58e151a9cdfd99d2a4f27486dd62d4c1955a4b858b356ef0d6613e1a9c5c8958ca3bd143e0fb07a12f3cb92370f989 diff --git a/app-misc/dtach/dtach-0.8-r1.ebuild b/app-misc/dtach/dtach-0.8-r1.ebuild new file mode 100644 index 00000000000..1ec191c669a --- /dev/null +++ b/app-misc/dtach/dtach-0.8-r1.ebuild @@ -0,0 +1,26 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit eutils + +DESCRIPTION="Emulates the detach feature of screen" +HOMEPAGE="http://dtach.sourceforge.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="amd64 ~arm ppc x86" +IUSE="" + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2012-3368.patch +} + +src_install() { + dobin dtach + doman dtach.1 + dodoc README +} diff --git a/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch b/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch new file mode 100644 index 00000000000..82d5f0e1e15 --- /dev/null +++ b/app-misc/dtach/files/dtach-0.8-CVE-2012-3368.patch @@ -0,0 +1,35 @@ +Fix error handling for read from stdin in attach.c + +attach.c did not correctly handle a read from stdin when read returned +an error. The code assigned the return value of read to pkt.len (an +unsigned char) before checking the value. This prevented the error check +from working correctly, since an unsigned integer can never be < 0. + +A packet with an invalid length was then sent to the master, which then +sent 255 bytes of garbage to the program. + +Fix the bug in attach.c and the unchecked packet length bug in master.c. + +Report and initial patch by Enrico Scholz. + +--- attach.c 2012/07/01 21:26:10 1.12 ++++ attach.c 2012/07/01 21:44:34 1.13 +@@ -237,12 +237,16 @@ + /* stdin activity */ + if (n > 0 && FD_ISSET(0, &readfds)) + { ++ ssize_t len; ++ + pkt.type = MSG_PUSH; + memset(pkt.u.buf, 0, sizeof(pkt.u.buf)); +- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); ++ len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); + +- if (pkt.len <= 0) ++ if (len <= 0) + exit(1); ++ ++ pkt.len = len; + process_kbd(s, &pkt); + n--; + } diff --git a/app-misc/dtach/metadata.xml b/app-misc/dtach/metadata.xml new file mode 100644 index 00000000000..31d4e7b5558 --- /dev/null +++ b/app-misc/dtach/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>shell-tools</herd> + <upstream> + <remote-id type="sourceforge">dtach</remote-id> + </upstream> +</pkgmetadata> |