dtach: 0.8 -> 0.9

Remove CVE patch that has been merged upstream.

2 files changed, 12 insertions, 60 deletions

diff --git a/pkgs/tools/misc/dtach/default.nix b/pkgs/tools/misc/dtach/default.nix
index 000f6cd0f93..0367ab53835 100644
--- a/pkgs/tools/misc/dtach/default.nix
+++ b/pkgs/tools/misc/dtach/default.nix
@@ -1,15 +1,14 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "dtach-0.8";
+  name = "dtach-${version}";
+  version = "0.9";
 
   src = fetchurl {
-    url = "mirror://sourceforge/project/dtach/dtach/0.8/dtach-0.8.tar.gz";
-    sha256 = "16614ebddf8ab2811d3dc0e7f329c7de88929ac6a9632d4cb4aef7fe11b8f2a9";
+    url = "mirror://sourceforge/project/dtach/dtach/${version}/${name}.tar.gz";
+    sha256 = "1wwj2hlngi8qn2pisvhyfxxs8gyqjlgrrv5lz91w8ly54dlzvs9j";
   };
 
-  patches = [ ./fix-CVE-2012-3368.patch ];
-
   installPhase = ''
     mkdir -p $out/bin
     cp dtach $out/bin/dtach
@@ -19,12 +18,14 @@ stdenv.mkDerivation rec {
     homepage = http://dtach.sourceforge.net/;
     description = "A program that emulates the detach feature of screen";
 
-    longDescription = ''dtach is a tiny program that emulates the
-      detach feature of screen, allowing you to run a program in an
-      environment that is protected from the controlling terminal and
-      attach to it later. dtach does not keep track of the contents of
-      the screen, and thus works best with programs that know how to
-      redraw themselves.'';
+    longDescription = ''
+      dtach is a tiny program that emulates the detach feature of
+      screen, allowing you to run a program in an environment that is
+      protected from the controlling terminal and attach to it later.
+      dtach does not keep track of the contents of the screen, and
+      thus works best with programs that know how to redraw
+      themselves.
+    '';
 
     license = stdenv.lib.licenses.gpl2Plus;
 
diff --git a/pkgs/tools/misc/dtach/fix-CVE-2012-3368.patch b/pkgs/tools/misc/dtach/fix-CVE-2012-3368.patch
deleted file mode 100644
index 9e556d9325f..00000000000
--- a/pkgs/tools/misc/dtach/fix-CVE-2012-3368.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Fix error handling for read from stdin in attach.c
-
-attach.c did not correctly handle a read from stdin when read returned
-an error. The code assigned the return value of read to pkt.len (an
-unsigned char) before checking the value. This prevented the error check
-from working correctly, since an unsigned integer can never be < 0.
-
-A packet with an invalid length was then sent to the master, which then
-sent 255 bytes of garbage to the program.
-
-Fix the bug in attach.c and the unchecked packet length bug in master.c.
-
-Report and initial patch by Enrico Scholz.
-
---- a/master.c	2012/07/01 21:26:10	1.14
-+++ b/master.c	2012/07/01 21:44:34	1.15
-@@ -351,7 +351,10 @@
- 
- 	/* Push out data to the program. */
- 	if (pkt.type == MSG_PUSH)
--		write(the_pty.fd, pkt.u.buf, pkt.len);
-+	{
-+		if (pkt.len <= sizeof(pkt.u.buf))
-+			write(the_pty.fd, pkt.u.buf, pkt.len);
-+	}
- 
- 	/* Attach or detach from the program. */
- 	else if (pkt.type == MSG_ATTACH)
---- a/attach.c	2012/07/01 21:26:10	1.12
-+++ b/attach.c	2012/07/01 21:44:34	1.13
-@@ -237,12 +237,16 @@
- 		/* stdin activity */
- 		if (n > 0 && FD_ISSET(0, &readfds))
- 		{
-+			ssize_t len;
-+
- 			pkt.type = MSG_PUSH;
- 			memset(pkt.u.buf, 0, sizeof(pkt.u.buf));
--			pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
-+			len = read(0, pkt.u.buf, sizeof(pkt.u.buf));
- 
--			if (pkt.len <= 0)
-+			if (len <= 0)
- 				exit(1);
-+
-+			pkt.len = len;
- 			process_kbd(s, &pkt);
- 			n--;
- 		}