From bafa252a73556eaba1d496d69b3cb32261dec78b Mon Sep 17 00:00:00 2001
From: Hans Ulrich Niedermann <hun@n-dimensional.de>
Date: Apr 03 2018 17:31:04 +0000
Subject: beep-1.3-21: Apply CVE-2018-0492 patch.


Bump release to beep-1.3-21: Apply CVE-2018-0492 patch.

---

diff --git a/0008-Apply-CVE-2018-0492.patch-from-Debian-package.patch b/0008-Apply-CVE-2018-0492.patch-from-Debian-package.patch
new file mode 100644
index 0000000..29aa9f6
--- /dev/null
+++ b/0008-Apply-CVE-2018-0492.patch-from-Debian-package.patch
@@ -0,0 +1,118 @@
+From 3b67473e16aaf2f83cb8ac18c13c9183a8e3c7b2 Mon Sep 17 00:00:00 2001
+From: Hans Ulrich Niedermann <hun@n-dimensional.de>
+Date: Tue, 3 Apr 2018 18:37:33 +0200
+Subject: [PATCH] Apply CVE-2018-0492.patch from Debian package
+
+---
+ beep.c | 53 ++++++++++++++++++++++++-----------------------------
+ 1 file changed, 24 insertions(+), 29 deletions(-)
+
+diff --git a/beep.c b/beep.c
+index d46adc8..f6781e8 100644
+--- a/beep.c
++++ b/beep.c
+@@ -109,6 +109,7 @@ void do_beep(int freq) {
+      /* BEEP_TYPE_EVDEV */
+      struct input_event e;
+ 
++     memset(&e, 0, sizeof(e));
+      e.type = EV_SND;
+      e.code = SND_TONE;
+      e.value = freq;
+@@ -124,10 +125,6 @@ void do_beep(int freq) {
+ /* If we get interrupted, it would be nice to not leave the speaker beeping in
+    perpetuity. */
+ void handle_signal(int signum) {
+-
+-  if(console_device)
+-    free(console_device);
+-
+   switch(signum) {
+   case SIGINT:
+   case SIGTERM:
+@@ -258,7 +255,7 @@ void parse_command_line(int argc, char **argv, beep_parms_t *result) {
+       result->verbose = 1;
+       break;
+     case 'e' : /* also --device */
+-      console_device = strdup(optarg);
++      console_device = optarg;
+       break;
+     case 'h' : /* notice that this is also --help */
+     default :
+@@ -277,26 +274,6 @@ void play_beep(beep_parms_t parms) {
+ 	"%d delay after) @ %.2f Hz\n",
+ 	parms.reps, parms.length, parms.delay, parms.end_delay, parms.freq);
+ 
+-  /* try to snag the console */
+-  if(console_device)
+-    console_fd = open(console_device, O_WRONLY);
+-  else
+-    if((console_fd = open("/dev/tty0", O_WRONLY)) == -1)
+-      console_fd = open("/dev/vc/0", O_WRONLY);
+-
+-  if(console_fd == -1) {
+-    fprintf(stderr, "Could not open %s for writing\n",
+-      console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0");
+-    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
+-    perror("open");
+-    exit(1);
+-  }
+-
+-  if (ioctl(console_fd, EVIOCGSND(0)) != -1)
+-    console_type = BEEP_TYPE_EVDEV;
+-  else
+-    console_type = BEEP_TYPE_CONSOLE;
+-  
+   /* Beep */
+   for (i = 0; i < parms.reps; i++) {                    /* start beep */
+     do_beep(parms.freq);
+@@ -306,8 +283,6 @@ void play_beep(beep_parms_t parms) {
+     if(parms.end_delay || (i+1 < parms.reps))
+        usleep(1000*parms.delay);                        /* wait...    */
+   }                                                     /* repeat.    */
+-
+-  close(console_fd);
+ }
+ 
+ 
+@@ -329,6 +304,26 @@ int main(int argc, char **argv) {
+   signal(SIGTERM, handle_signal);
+   parse_command_line(argc, argv, parms);
+ 
++  /* try to snag the console */
++  if(console_device)
++    console_fd = open(console_device, O_WRONLY);
++  else
++    if((console_fd = open("/dev/tty0", O_WRONLY)) == -1)
++      console_fd = open("/dev/vc/0", O_WRONLY);
++
++  if(console_fd == -1) {
++    fprintf(stderr, "Could not open %s for writing\n",
++      console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0");
++    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
++    perror("open");
++    exit(1);
++  }
++
++  if (ioctl(console_fd, EVIOCGSND(0)) != -1)
++    console_type = BEEP_TYPE_EVDEV;
++  else
++    console_type = BEEP_TYPE_CONSOLE;
++
+   /* this outermost while loop handles the possibility that -n/--new has been
+      used, i.e. that we have multiple beeps specified. Each iteration will
+      play, then free() one parms instance. */
+@@ -366,8 +361,8 @@ int main(int argc, char **argv) {
+     parms = next;
+   }
+ 
+-  if(console_device)
+-    free(console_device);
++  close(console_fd);
++  console_fd = -1;
+ 
+   return EXIT_SUCCESS;
+ }
+-- 
+2.7.5
+
diff --git a/beep.spec b/beep.spec
index f96f8a1..e43fd86 100644
--- a/beep.spec
+++ b/beep.spec
@@ -1,7 +1,7 @@
 Summary:        Beep the PC speaker any number of ways
 Name:           beep
 Version:        1.3
-Release:        20%{?dist}
+Release:        21%{?dist}
 
 Group:          Applications/System
 License:        GPLv2+
@@ -48,6 +48,9 @@ Patch6:         0006-Preserve-file-modification-time-on-install.patch
 # Fix indentation/if brace error
 Patch7:         0007-Fix-indentation-if-brace-error.patch
 
+# Apply CVE-2018-0492.patch from Debian package
+Patch8:         0008-Apply-CVE-2018-0492.patch-from-Debian-package.patch
+
 BuildRequires:  glibc-kernheaders
 
 
@@ -68,6 +71,7 @@ what's interesting, but it's real good at that notifying part.
 %patch5 -p1 -b 0005
 %patch6 -p1 -b 0006
 %patch7 -p1 -b 0007
+%patch8 -p1 -b 0008
 cp -p %{SOURCE1} README.fedora
 
 
@@ -102,6 +106,9 @@ install -p -m 0644 %{SOURCE4} %{SOURCE5} "$RPM_BUILD_ROOT/%{_sysconfdir}/profile
 
 
 %changelog
+* Tue Apr  3 2018 Hans Ulrich Niedermann <hun@n-dimensional.de> - 1.3-21
+- Add CVE-2018-0492 fix
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3-20
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild