From 1ca049c6566226de66e73b5d8c115985da956222 Mon Sep 17 00:00:00 2001
From: Rhonda D'Vine <rhonda@debian.org>
Date: Thu, 12 Apr 2018 14:59:14 +0200
Subject: [PATCH 1/3] make the make clean not fail if the binary isn't there

(originally written in jan. 2016 for the Debian package)
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 0f4f810..c2d3612 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ MAN_DIR=/usr/share/man/man1
 default : beep
 
 clean :
-	rm ${EXEC_NAME}
+	-rm ${EXEC_NAME}
 
 beep : beep.c
 	${CC} ${FLAGS} -o ${EXEC_NAME} beep.c

From e19f217f22bfc6f17610c1061e45fcea3c94b4c4 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 12 Apr 2018 15:02:51 +0200
Subject: [PATCH 2/3] Fix CVE-2018-0492: race condition if setuid

(directly taken from Debian's version 1.3-4+deb9u1)
---
 beep.c | 53 ++++++++++++++++++++++++-----------------------------
 1 file changed, 24 insertions(+), 29 deletions(-)

diff --git a/beep.c b/beep.c
index 7da2e70..4323d31 100644
--- a/beep.c
+++ b/beep.c
@@ -109,6 +109,7 @@ void do_beep(int freq) {
      /* BEEP_TYPE_EVDEV */
      struct input_event e;
 
+     memset(&e, 0, sizeof(e));
      e.type = EV_SND;
      e.code = SND_TONE;
      e.value = freq;
@@ -124,10 +125,6 @@ void do_beep(int freq) {
 /* If we get interrupted, it would be nice to not leave the speaker beeping in
    perpetuity. */
 void handle_signal(int signum) {
-
-  if(console_device)
-    free(console_device);
-
   switch(signum) {
   case SIGINT:
   case SIGTERM:
@@ -257,7 +254,7 @@ void parse_command_line(int argc, char **argv, beep_parms_t *result) {
       result->verbose = 1;
       break;
     case 'e' : /* also --device */
-      console_device = strdup(optarg);
+      console_device = optarg;
       break;
     case 'h' : /* notice that this is also --help */
     default :
@@ -276,26 +273,6 @@ void play_beep(beep_parms_t parms) {
 	"%d delay after) @ %.2f Hz\n",
 	parms.reps, parms.length, parms.delay, parms.end_delay, parms.freq);
 
-  /* try to snag the console */
-  if(console_device)
-    console_fd = open(console_device, O_WRONLY);
-  else
-    if((console_fd = open("/dev/tty0", O_WRONLY)) == -1)
-      console_fd = open("/dev/vc/0", O_WRONLY);
-
-  if(console_fd == -1) {
-    fprintf(stderr, "Could not open %s for writing\n",
-      console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0");
-    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
-    perror("open");
-    exit(1);
-  }
-
-  if (ioctl(console_fd, EVIOCGSND(0)) != -1)
-    console_type = BEEP_TYPE_EVDEV;
-  else
-    console_type = BEEP_TYPE_CONSOLE;
-  
   /* Beep */
   for (i = 0; i < parms.reps; i++) {                    /* start beep */
     do_beep(parms.freq);
@@ -305,8 +282,6 @@ void play_beep(beep_parms_t parms) {
     if(parms.end_delay || (i+1 < parms.reps))
        usleep(1000*parms.delay);                        /* wait...    */
   }                                                     /* repeat.    */
-
-  close(console_fd);
 }
 
 
@@ -328,6 +303,26 @@ int main(int argc, char **argv) {
   signal(SIGTERM, handle_signal);
   parse_command_line(argc, argv, parms);
 
+  /* try to snag the console */
+  if(console_device)
+    console_fd = open(console_device, O_WRONLY);
+  else
+    if((console_fd = open("/dev/tty0", O_WRONLY)) == -1)
+      console_fd = open("/dev/vc/0", O_WRONLY);
+
+  if(console_fd == -1) {
+    fprintf(stderr, "Could not open %s for writing\n",
+      console_device != NULL ? console_device : "/dev/tty0 or /dev/vc/0");
+    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
+    perror("open");
+    exit(1);
+  }
+
+  if (ioctl(console_fd, EVIOCGSND(0)) != -1)
+    console_type = BEEP_TYPE_EVDEV;
+  else
+    console_type = BEEP_TYPE_CONSOLE;
+
   /* this outermost while loop handles the possibility that -n/--new has been
      used, i.e. that we have multiple beeps specified. Each iteration will
      play, then free() one parms instance. */
@@ -365,8 +360,8 @@ int main(int argc, char **argv) {
     parms = next;
   }
 
-  if(console_device)
-    free(console_device);
+  close(console_fd);
+  console_fd = -1;
 
   return EXIT_SUCCESS;
 }

From a67785902b823dbc42701fc77576b7641f1edc94 Mon Sep 17 00:00:00 2001
From: Martin Kepplinger <martink@posteo.de>
Date: Thu, 9 Aug 2018 16:24:47 +0200
Subject: [PATCH 3/3] license text: Fix mentioning the GNU General Public
 License

---
 beep.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/beep.c b/beep.c
index 4323d31..45291e7 100644
--- a/beep.c
+++ b/beep.c
@@ -5,9 +5,9 @@
  *
  * This code is copyright (C) Johnathan Nightingale, 2000.
  *
- * This code may distributed only under the terms of the GNU Public License 
- * which can be found at http://www.gnu.org/copyleft or in the file COPYING 
- * supplied with this code.
+ * This code may distributed only under the terms of the GNU General Public
+ * License which can be found at http://www.gnu.org/copyleft or in the file
+ * COPYING supplied with this code.
  *
  * This code is not distributed with warranties of any kind, including implied
  * warranties of merchantability or fitness for a particular use or ability to