--- mingetty-1.07.orig/mingetty.c
+++ mingetty-1.07/mingetty.c
@@ -20,6 +20,7 @@
  * - Also add /bin/login-type functionality in here?
  */
 
+#define _GNU_SOURCE 1		       /* Needed to get setsid() */
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -135,12 +136,28 @@
 	char buf[40];
 	int fd;
 
+	/* Reset permissions on the console device */
+	if ((strncmp(tty, "tty", 3) == 0) && (isdigit(tty[3]))) {
+		strcpy (buf, "/dev/vcs");
+		strcat (buf, &tty[3]);
+		if (chown (buf, 0, 3) || chmod (buf, 0600))
+			if (errno != ENOENT)
+				error ("%s: %s", buf, strerror(errno));
+
+		strcpy (buf, "/dev/vcsa");
+		strcat (buf, &tty[3]);
+		if (chown (buf, 0, 3) || chmod (buf, 0600))
+			if (errno != ENOENT)
+				error ("%s: %s", buf, strerror(errno));
+	}
+
 	/* Set up new standard input. */
-	if (tty[0] == '/')
-		strcpy (buf, tty);
-	else {
+	if (tty[0] == '/') {
+		strncpy (buf, tty, sizeof(buf)-1);
+		buf[sizeof(buf)-1] = '\0';
+	} else {
 		strcpy (buf, "/dev/");
-		strcat (buf, tty);
+		strncat (buf, tty, sizeof(buf)-strlen(buf)-1);
 	}
 	/* There is always a race between this reset and the call to
 	   vhangup() that s.o. can use to get access to your tty. */
@@ -414,12 +431,21 @@
 		while ((logname = get_logname ()) == 0)
 			/* do nothing */ ;
 
-	if (ch_root)
-		chroot (ch_root);
-	if (ch_dir)
-		chdir (ch_dir);
-	if (priority)
-		nice (priority);
+	if (ch_root) {
+		if (chroot (ch_root))
+			error ("chroot(): %s", strerror (errno));
+		if (chdir("/"))
+			error ("chdir(\"/\"): %s", strerror (errno));
+	}
+	if (ch_dir) {
+		if (chdir (ch_dir))
+			error ("chdir(): %s", strerror (errno));
+	}
+	if (priority) {
+		errno = 0; /* see the nice(2) NOTES for why we do this */
+		if ((nice(priority) == -1) && (errno != 0))
+			error ("nice(): %s", strerror (errno));
+	}
 
 	execl (loginprog, loginprog, autologin? "-f" : "--", logname, NULL);
 	error ("%s: can't exec %s: %s", tty, loginprog, strerror (errno));
--- mingetty-1.07.orig/debian/changelog
+++ mingetty-1.07/debian/changelog
@@ -0,0 +1,158 @@
+mingetty (1.07-3) unstable; urgency=high
+
+  * Fix bug introduced by patch from #597382: the return value of nice()
+    is the new nice value. (Closes: #597382)
+
+ -- Paul Martin <pm@debian.org>  Sat, 25 Sep 2010 16:12:51 +0100
+
+mingetty (1.07-2) unstable; urgency=high
+
+  * Critical security patch: Fix unsafe chroot call. (Closes: #597382)
+  * Checked dependencies for locusts. (Closes: http://xkcd.com/797/)
+
+ -- Paul Martin <pm@debian.org>  Sat, 25 Sep 2010 01:51:12 +0100
+
+mingetty (1.07-1) unstable; urgency=low
+
+  * New upstream release. Changes:
+    + Only prepends /dev/ to the tty name if the given tty doesn't start
+      with a /.
+  * Fix buffer overflow due to use of strcat and strcpy. (Closes: #221841)
+
+ -- Paul Martin <pm@debian.org>  Sat,  2 Apr 2005 01:32:50 +0100
+
+mingetty (1.06-3) unstable; urgency=high
+
+  * Fix failure on udev systems. (Closes: #243247)
+  * Standards-Version: 3.6.1
+
+ -- Paul Martin <pm@debian.org>  Wed, 18 Aug 2004 21:33:50 +0100
+
+mingetty (1.06-2) unstable; urgency=low
+
+  * The "assume spherical admin of uniform density" release
+  * Keep manoj and friends happy by bloating debian/control 
+    description field. In the extended description, it is assumed that 
+    the administrator knows what a tty and a virtual console is.
+    (Closes: #209705)
+
+ -- Paul Martin <pm@debian.org>  Wed, 10 Sep 2003 01:20:25 +0100
+
+mingetty (1.06-1) unstable; urgency=low
+
+  * New upstream release (Closes: #181886)
+    + Ignores errors in setting permissions on devices in /dev
+      (Closes: #204967).
+    + nohangup option doesn't use vhangup() (Closes: #53184,#163769)
+    + New options:
+        autologin, chdir, chroot, delay, nonewline, noissue, nohangup,
+        nohangup, nohostname, loginprog, nice.
+  * Fix description-synopsis-might-not-be-phrased-properly lintian
+    warning.
+  * Standards version 3.6.0. (No changes needed.)
+
+ -- Paul Martin <pm@debian.org>  Tue, 19 Aug 2003 17:01:23 +0100
+
+mingetty (0.9.4-9) unstable; urgency=low
+
+  * Applied patch to make things work a little better with devfs, which
+    I believe is used by debian-installer. (Closes: #81275)
+  * Bump standards version to 3.5.7:
+    - Don't make /usr/doc symlinks
+    - Honour DEB_BUILD_OPTIONS
+
+ -- Paul Martin <pm@debian.org>  Mon, 30 Sep 2002 02:05:00 +0100
+
+mingetty (0.9.4-8) unstable; urgency=low
+
+  * New maintainer. (Closes: #107964)
+    - Thanks for the NMUs. (Closes: #91588, #93984, #93985)
+  * Fix lintian errors:
+    - spelling-error-in-copyright Debian/GNU Linux Debian GNU/Linux
+    - copyright-refers-to-old-directory
+  * Updated to latest standards version (3.5.6)
+  * Use debhelper instead of custom debian/rules file.
+  * Use dumb terminal setting on s390. (Closes: #113500)
+  * Apply patch obtained from RedHat SRPM:
+      mingetty-0.9.4-syslog.patch fixes a possible printf attack.
+  * Call setsid() to ensure that we don't already have a controlling
+    tty, and make an error message more descriptive.
+    (Closes: #51756)
+
+ -- Paul Martin <pm@debian.org>  Thu, 15 Nov 2001 22:37:02 +0000
+
+mingetty (0.9.4-7.2) unstable; urgency=low
+
+  * debian/copyright: point to /usr/share/doc/copyright
+
+ -- Marcelo E. Magallon <mmagallo@debian.org>  Sat, 14 Apr 2001 19:15:06 +0200
+
+mingetty (0.9.4-7.1) unstable; urgency=low
+
+  * debian/rules: moved doc and man to /usr/sahre (closes: bug#91588)
+  * debian/prerm, debian/postinst, debian/rules: add /usr/doc/ transition
+    scripts
+  * debian/control: added priority and section to binary.
+  * debian/control: Standards-Version 3.1.0
+
+ -- Marcelo E. Magallon <mmagallo@debian.org>  Sat, 14 Apr 2001 19:01:15 +0200
+
+mingetty (0.9.4-7) unstable; urgency=low
+
+  * Added patch from Dan Gohman <gohmandj@mrs.umn.edu> to use standard
+  utmp access functions in libc. (closes: bug#44097)
+
+ -- Michael Alan Dorman <mdorman@debian.org>  Thu, 16 Sep 1999 22:33:50 -0400
+
+mingetty (0.9.4-6) unstable; urgency=low
+
+  * Allow - in login names (closes: bug#35199)
+
+ -- Michael Alan Dorman <mdorman@debian.org>  Mon, 29 Mar 1999 14:24:48 -0500
+
+mingetty (0.9.4-5) unstable; urgency=low
+
+  * Remove superfluous call to utmpname (closes: bug#34726)
+
+ -- Michael Alan Dorman <mdorman@debian.org>  Sun, 28 Mar 1999 12:40:11 -0500
+
+mingetty (0.9.4-4) unstable; urgency=low
+
+  * Maintainer release to satisfy Shaleh. :-)
+  * Redid debian/rules.
+  * Closes fixed bug (closes: bug#28550)
+  * Closes fixed bug (closes: bug#27505)
+  
+ -- Michael Alan Dorman <mdorman@debian.org>  Tue,  9 Mar 1999 09:48:18 -0500
+
+mingetty (0.9.4-3.2) unstable; urgency=low
+
+  * Small patch for ARM port.
+  
+ -- Jim Pick <jim@jimpick.com>  Sun,  4 Oct 1998 17:20:36 -0700
+
+mingetty (0.9.4-3.1) unstable; urgency=low
+
+  * Non-maintainer release
+  * Compiled with libc6
+  * Upgraded to Standards-Version 2.3.0.1.
+  * Reset permissions on /dev/vcsN and /dev/vcsaN on logout. (Fixes #13509)
+
+ -- Hamish Moffatt <hamish@debian.org>  Sun, 23 Nov 1997 00:53:00 +1100
+
+mingetty (0.9.4-3) unstable; urgency=low
+
+  * Corrected maintainer address
+
+ -- Michael Alan Dorman <mdorman@debian.org>  Mon, 23 Sep 1996 13:13:42 -0400
+
+mingetty (0.9.4-2) unstable; urgency=low
+
+  * Converted to new source packaging format.
+
+ -- Michael Alan Dorman <mdorman@calder.med.miami.edu>  Fri, 30 Aug 1996 15:21:19 -0400
+
+Local variables:
+mode: debian-changelog
+user-mail-address: "mdorman@debian.org"
+End:
--- mingetty-1.07.orig/debian/control
+++ mingetty-1.07/debian/control
@@ -0,0 +1,21 @@
+Source: mingetty
+Maintainer: Paul Martin <pm@debian.org>
+Standards-Version: 3.6.1
+Section: admin
+Build-Depends: debhelper (>=3)
+Priority: optional
+
+Package: mingetty
+Architecture: any
+Priority: optional
+Section: admin
+Depends: ${shlibs:Depends}
+Description: Console-only getty
+ Mingetty is a small, efficient, console-only getty for Linux.
+ .
+ "getty opens a tty port, prompts for a login name and invokes the 
+ /bin/login command. It is normally invoked by init(8)."
+ .
+ mingetty is a minimal getty for use on virtual consoles. Unlike
+ the getty in the util-linux or mgetty packages, mingetty is not 
+ suitable for serial lines, which is why it's smaller.
--- mingetty-1.07.orig/debian/copyright
+++ mingetty-1.07/debian/copyright
@@ -0,0 +1,16 @@
+This is Debian GNU/Linux's prepackaged version of Florian La Roche's
+minimal console-only getty for linux, mingetty.  It was constructed by
+me, Michael Alan Dorman <mdorman@debian.org> from sources retrieved
+from the net.
+
+Upstream source:
+
+   http://people.redhat.com/laroche/mingetty-1.06.tar.gz
+
+Upstream author:
+
+   Florian La Roche <laroche@redhat.com>
+
+Florian has made mingetty available under the GNU General Public
+License, which should be available as /usr/share/common-licenses/GPL on
+your Debian system.
--- mingetty-1.07.orig/debian/dirs
+++ mingetty-1.07/debian/dirs
@@ -0,0 +1 @@
+/sbin
--- mingetty-1.07.orig/debian/rules
+++ mingetty-1.07/debian/rules
@@ -0,0 +1,103 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This is the debhelper compatability version to use.
+export DH_COMPAT=3
+
+CFLAGS = -Wall -g
+INSTALL = install
+INSTALL_FILE    = $(INSTALL) -p    -o root -g root  -m  644
+INSTALL_PROGRAM = $(INSTALL) -p    -o root -g root  -m  755
+INSTALL_SCRIPT  = $(INSTALL) -p    -o root -g root  -m  755
+INSTALL_DIR     = $(INSTALL) -p -d -o root -g root  -m  755
+
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+CFLAGS += -O0
+else
+CFLAGS += -O2
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+INSTALL_PROGRAM += -s
+endif
+
+
+
+configure: configure-stamp
+configure-stamp:
+	dh_testdir
+	# Add here commands to configure the package.
+
+	touch configure-stamp
+
+build: configure-stamp build-stamp
+build-stamp:
+	dh_testdir
+
+	# Add here commands to compile the package.
+	$(MAKE) mingetty CFLAGS="$(CFLAGS) -D_PATH_LOGIN=\\\"/bin/login\\\""
+
+	touch build-stamp
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp configure-stamp
+
+	# Add here commands to clean up after the build process.
+	-$(MAKE) clean
+
+	dh_clean
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# Add here commands to install the package into debian/mingetty
+	# $(MAKE) install
+	$(INSTALL_PROGRAM) mingetty $(CURDIR)/debian/mingetty/sbin
+
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+#	dh_installdebconf	
+	dh_installdocs
+	dh_installexamples
+#	dh_installmenu
+#	dh_installlogrotate
+#	dh_installemacsen
+#	dh_installpam
+#	dh_installmime
+#	dh_installinit
+#	dh_installcron
+	dh_installman mingetty.8
+#	dh_installinfo
+#	dh_undocumented
+	dh_installchangelogs
+	dh_link
+	dh_strip
+	dh_compress
+	dh_fixperms
+#	dh_makeshlibs
+	dh_installdeb
+#	dh_perl
+	dh_shlibdeps
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure