[gentoo-commits] repo/gentoo:master commit in: net-irc/weechat/, net-irc/weechat/files/

["Georgy Yakovlev" <gyakovlev@gentoo.org>]

commit:     90ebaefdcf0e3762b12a0b4cf107b284ebccae55
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 13 10:13:54 2020 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Thu Feb 13 10:17:11 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90ebaefd

net-irc/weechat: revbump for CVE-2020-8955

Bug: https://bugs.gentoo.org/709452
Package-Manager: Portage-2.3.88, Repoman-2.3.20
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 net-irc/weechat/files/2.7-CVE-2020-8955.patch      | 46 ++++++++++++++++++++++
 ...weechat-2.7-r1.ebuild => weechat-2.7-r2.ebuild} |  2 +
 2 files changed, 48 insertions(+)

diff --git a/net-irc/weechat/files/2.7-CVE-2020-8955.patch b/net-irc/weechat/files/2.7-CVE-2020-8955.patch
new file mode 100644
index 00000000000..0bad821f913
--- /dev/null
+++ b/net-irc/weechat/files/2.7-CVE-2020-8955.patch
@@ -0,0 +1,46 @@
+From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
+Date: Sat, 8 Feb 2020 20:24:50 +0100
+Subject: [PATCH] irc: fix crash when receiving a malformed message 324
+ (channel mode)
+
+Thanks to Stuart Nevans Locke for reporting the issue.
+---
+ ChangeLog.adoc             |  1 +
+ src/plugins/irc/irc-mode.c | 21 ++++++++++++---------
+ 2 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
+index 2237a344b..e79f0deb7 100644
+--- a/src/plugins/irc/irc-mode.c
++++ b/src/plugins/irc/irc-mode.c
+@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
+                     current_arg++;
+                 if (pos[0] == chanmode)
+                 {
+-                    chanmode_found = 1;
+-                    if (set_flag == '+')
++                    if (!chanmode_found)
+                     {
+-                        str_mode[0] = pos[0];
+-                        str_mode[1] = '\0';
+-                        strcat (new_modes, str_mode);
+-                        if (argument)
++                        chanmode_found = 1;
++                        if (set_flag == '+')
+                         {
+-                            if (new_args[0])
+-                                strcat (new_args, " ");
+-                            strcat (new_args, argument);
++                            str_mode[0] = pos[0];
++                            str_mode[1] = '\0';
++                            strcat (new_modes, str_mode);
++                            if (argument)
++                            {
++                                if (new_args[0])
++                                    strcat (new_args, " ");
++                                strcat (new_args, argument);
++                            }
+                         }
+                     }
+                 }

diff --git a/net-irc/weechat/weechat-2.7-r1.ebuild b/net-irc/weechat/weechat-2.7-r2.ebuild
similarity index 98%
rename from net-irc/weechat/weechat-2.7-r1.ebuild
rename to net-irc/weechat/weechat-2.7-r2.ebuild
index 37b7a1e4518..82a7c3922fb 100644
--- a/net-irc/weechat/weechat-2.7-r1.ebuild
+++ b/net-irc/weechat/weechat-2.7-r2.ebuild
@@ -62,6 +62,8 @@ DOCS="AUTHORS.adoc ChangeLog.adoc Contributing.adoc ReleaseNotes.adoc README.ado
 # tests need to be fixed to not use system plugins if weechat is already installed
 RESTRICT="test"
 
+PATCHES=( "${FILESDIR}/${PV}-CVE-2020-8955.patch" )
+
 pkg_setup() {
 	use python && python-single-r1_pkg_setup
 }