From: "Sven Wegener" <swegener@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-irc/irssi/, net-irc/irssi/files/
Date: Mon, 26 Sep 2016 20:57:19 +0000 (UTC) [thread overview]
Message-ID: <1474923421.c90ead2db6c8dfde6519ae6e3b5b99bf6c0ad6aa.swegener@gentoo> (raw)
commit: c90ead2db6c8dfde6519ae6e3b5b99bf6c0ad6aa
Author: Sven Wegener <swegener <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 26 20:54:55 2016 +0000
Commit: Sven Wegener <swegener <AT> gentoo <DOT> org>
CommitDate: Mon Sep 26 20:57:01 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c90ead2d
net-irc/irssi: Revision bump, security bug #595172
Package-Manager: portage-2.2.28
| 112 +++++++++++++++++++++
| 74 ++++++++++++++
2 files changed, 186 insertions(+)
--git a/net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch b/net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch
new file mode 100644
index 00000000..6e931a0
--- /dev/null
+++ b/net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch
@@ -0,0 +1,112 @@
+From eb20a6c846373bbfba4cd80e6aef017b56409047 Mon Sep 17 00:00:00 2001
+From: ailin-nemui <ailin-nemui@users.noreply.github.com>
+Date: Thu, 22 Sep 2016 04:27:35 +0200
+Subject: [PATCH] Merge pull request #548 from ailin-nemui/buf-fix
+
+sync buf.pl
+---
+ scripts/buf.pl | 42 ++++++++++++++++++++++++++++--------------
+ 1 file changed, 28 insertions(+), 14 deletions(-)
+
+diff --git a/scripts/buf.pl b/scripts/buf.pl
+index da50e82..6d907f1 100644
+--- a/scripts/buf.pl
++++ b/scripts/buf.pl
+@@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_add_first active_win
+ settings_get_str settings_get_bool channels windows
+ settings_add_str settings_add_bool get_irssi_dir
+ window_find_refnum signal_stop);
+-$VERSION = '2.13';
++$VERSION = '2.20';
+ %IRSSI = (
+ authors => 'Juerd',
+ contact => 'juerd@juerd.nl',
+@@ -13,10 +13,8 @@ $VERSION = '2.13';
+ description => 'Saves the buffer for /upgrade, so that no information is lost',
+ license => 'Public Domain',
+ url => 'http://juerd.nl/irssi/',
+- changed => 'Mon May 13 19:41 CET 2002',
+- changes => 'Severe formatting bug removed * oops, I ' .
+- 'exposed Irssi to ircII foolishness * sorry ' .
+- '** removed logging stuff (this is a fix)',
++ changed => 'Thu Sep 22 01:37 CEST 2016',
++ changes => 'Fixed file permissions (leaked everything via filesystem)',
+ note1 => 'This script HAS TO BE in your scripts/autorun!',
+ note2 => 'Perl support must be static or in startup',
+ );
+@@ -39,9 +37,15 @@ use Data::Dumper;
+
+ my %suppress;
+
++sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir }
++
+ sub upgrade {
+- open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+- print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
++ my $fn = _filename;
++ my $old_umask = umask 0077;
++ open my $fh, q{>}, $fn or die "open $fn: $!";
++ umask $old_umask;
++
++ print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
+ for my $window (windows) {
+ next unless defined $window;
+ next if $window->{name} eq 'status';
+@@ -57,36 +61,39 @@ sub upgrade {
+ redo if defined $line;
+ }
+ }
+- printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf;
++ printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf;
+ }
+- close BUF;
++ close $fh;
+ unlink sprintf("%s/sessionconfig", get_irssi_dir);
+ command 'layout save';
+ command 'save';
+ }
+
+ sub restore {
+- open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+- my @suppress = split /\0/, <BUF>;
++ my $fn = _filename;
++ open my $fh, q{<}, $fn or die "open $fn: $!";
++ unlink $fn or warn "unlink $fn: $!";
++
++ my @suppress = split /\0/, readline $fh;
+ if (settings_get_bool 'upgrade_suppress_join') {
+ chomp $suppress[-1];
+ @suppress{@suppress} = (2) x @suppress;
+ }
+ active_win->command('^window scroll off');
+- while (my $bla = <BUF>){
++ while (my $bla = readline $fh){
+ chomp $bla;
+ my ($refnum, $lines) = split /:/, $bla;
+ next unless $lines;
+ my $window = window_find_refnum $refnum;
+ unless (defined $window){
+- <BUF> for 1..$lines;
++ readline $fh for 1..$lines;
+ next;
+ }
+ my $view = $window->view;
+ $view->remove_all_lines();
+ $view->redraw();
+ my $buf = '';
+- $buf .= <BUF> for 1..$lines;
++ $buf .= readline $fh for 1..$lines;
+ my $sep = settings_get_str 'upgrade_separator';
+ $sep .= "\n" if $sep ne '';
+ $window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep");
+@@ -119,3 +126,10 @@ signal_add 'event join' => 'suppress';
+ unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) {
+ Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!');
+ }
++
++# Remove any left-over file. If 'session' doesn't exist (created by irssi
++# during /UPGRADE), neither should our file.
++unless (-e sprintf('%s/session', get_irssi_dir)) {
++ my $fn = _filename;
++ unlink $fn or warn "unlink $fn: $!" if -e $fn;
++}
--git a/net-irc/irssi/irssi-0.8.20-r1.ebuild b/net-irc/irssi/irssi-0.8.20-r1.ebuild
new file mode 100644
index 00000000..9ead79d
--- /dev/null
+++ b/net-irc/irssi/irssi-0.8.20-r1.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools eutils flag-o-matic perl-module toolchain-funcs
+
+# Keep for _rc compability
+MY_P="${P/_/-}"
+
+DESCRIPTION="A modular textUI IRC client with IPv6 support"
+HOMEPAGE="http://irssi.org/"
+SRC_URI="https://github.com/irssi/irssi/releases/download/${PV/_/-}/${MY_P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="ipv6 +perl selinux ssl socks5 +proxy libressl"
+
+CDEPEND="sys-libs/ncurses:0=
+ >=dev-libs/glib-2.6.0
+ ssl? (
+ !libressl? ( dev-libs/openssl:= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ perl? ( dev-lang/perl:= )
+ socks5? ( >=net-proxy/dante-1.1.18 )"
+
+DEPEND="
+ ${CDEPEND}
+ virtual/pkgconfig"
+
+RDEPEND="
+ ${CDEPEND}
+ selinux? ( sec-policy/selinux-irc )
+ perl? ( !net-im/silc-client )"
+
+RESTRICT="test"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=(
+ "${FILESDIR}/${P}-tinfo.patch"
+ "${FILESDIR}/${P}-buf.pl-2.20-CVE-2016-7553.patch" # bug #595172
+)
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --with-ncurses="${EPREFIX}"/usr \
+ --with-perl-lib=vendor \
+ --enable-static \
+ --enable-true-color \
+ $(use_with proxy) \
+ $(use_with perl) \
+ $(use_with socks5 socks) \
+ $(use_enable ssl) \
+ $(use_enable ipv6)
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ use perl && perl_delete_localpod
+
+ prune_libtool_files --modules
+
+ dodoc AUTHORS ChangeLog README.md TODO NEWS
+}
next reply other threads:[~2016-09-26 20:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-26 20:57 Sven Wegener [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-09-30 16:50 [gentoo-commits] repo/gentoo:master commit in: net-irc/irssi/, net-irc/irssi/files/ Sven Wegener
2017-01-07 13:43 Sven Wegener
2017-03-17 15:13 Jeroen Roovers
2018-10-22 14:56 Mikle Kolyada
2019-02-12 17:05 Mikle Kolyada
2019-02-12 21:22 Lars Wendler
2020-10-05 9:06 Lars Wendler
2021-05-16 8:26 Mikle Kolyada
2022-06-12 10:42 Sam James
2022-10-31 20:47 Sam James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1474923421.c90ead2db6c8dfde6519ae6e3b5b99bf6c0ad6aa.swegener@gentoo \
--to=swegener@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox