From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 25FAE138350 for ; Thu, 13 Feb 2020 10:18:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6304AE0899; Thu, 13 Feb 2020 10:18:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3703FE0899 for ; Thu, 13 Feb 2020 10:18:14 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B250234ECFF for ; Thu, 13 Feb 2020 10:18:09 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B66E911F for ; Thu, 13 Feb 2020 10:18:07 +0000 (UTC) From: "Georgy Yakovlev" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Georgy Yakovlev" Message-ID: <1581589031.90ebaefdcf0e3762b12a0b4cf107b284ebccae55.gyakovlev@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-irc/weechat/, net-irc/weechat/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-irc/weechat/files/2.7-CVE-2020-8955.patch net-irc/weechat/weechat-2.7-r1.ebuild net-irc/weechat/weechat-2.7-r2.ebuild X-VCS-Directories: net-irc/weechat/ net-irc/weechat/files/ X-VCS-Committer: gyakovlev X-VCS-Committer-Name: Georgy Yakovlev X-VCS-Revision: 90ebaefdcf0e3762b12a0b4cf107b284ebccae55 X-VCS-Branch: master Date: Thu, 13 Feb 2020 10:18:07 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 942fb115-200c-49ee-9041-6efb1d7e693c X-Archives-Hash: 0e4e9114f5c014c68a9286ff51c510fb commit: 90ebaefdcf0e3762b12a0b4cf107b284ebccae55 Author: Georgy Yakovlev gentoo org> AuthorDate: Thu Feb 13 10:13:54 2020 +0000 Commit: Georgy Yakovlev gentoo org> CommitDate: Thu Feb 13 10:17:11 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90ebaefd net-irc/weechat: revbump for CVE-2020-8955 Bug: https://bugs.gentoo.org/709452 Package-Manager: Portage-2.3.88, Repoman-2.3.20 Signed-off-by: Georgy Yakovlev gentoo.org> net-irc/weechat/files/2.7-CVE-2020-8955.patch | 46 ++++++++++++++++++++++ ...weechat-2.7-r1.ebuild => weechat-2.7-r2.ebuild} | 2 + 2 files changed, 48 insertions(+) diff --git a/net-irc/weechat/files/2.7-CVE-2020-8955.patch b/net-irc/weechat/files/2.7-CVE-2020-8955.patch new file mode 100644 index 00000000000..0bad821f913 --- /dev/null +++ b/net-irc/weechat/files/2.7-CVE-2020-8955.patch @@ -0,0 +1,46 @@ +From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= +Date: Sat, 8 Feb 2020 20:24:50 +0100 +Subject: [PATCH] irc: fix crash when receiving a malformed message 324 + (channel mode) + +Thanks to Stuart Nevans Locke for reporting the issue. +--- + ChangeLog.adoc | 1 + + src/plugins/irc/irc-mode.c | 21 ++++++++++++--------- + 2 files changed, 13 insertions(+), 9 deletions(-) + +diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c +index 2237a344b..e79f0deb7 100644 +--- a/src/plugins/irc/irc-mode.c ++++ b/src/plugins/irc/irc-mode.c +@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server, + current_arg++; + if (pos[0] == chanmode) + { +- chanmode_found = 1; +- if (set_flag == '+') ++ if (!chanmode_found) + { +- str_mode[0] = pos[0]; +- str_mode[1] = '\0'; +- strcat (new_modes, str_mode); +- if (argument) ++ chanmode_found = 1; ++ if (set_flag == '+') + { +- if (new_args[0]) +- strcat (new_args, " "); +- strcat (new_args, argument); ++ str_mode[0] = pos[0]; ++ str_mode[1] = '\0'; ++ strcat (new_modes, str_mode); ++ if (argument) ++ { ++ if (new_args[0]) ++ strcat (new_args, " "); ++ strcat (new_args, argument); ++ } + } + } + } diff --git a/net-irc/weechat/weechat-2.7-r1.ebuild b/net-irc/weechat/weechat-2.7-r2.ebuild similarity index 98% rename from net-irc/weechat/weechat-2.7-r1.ebuild rename to net-irc/weechat/weechat-2.7-r2.ebuild index 37b7a1e4518..82a7c3922fb 100644 --- a/net-irc/weechat/weechat-2.7-r1.ebuild +++ b/net-irc/weechat/weechat-2.7-r2.ebuild @@ -62,6 +62,8 @@ DOCS="AUTHORS.adoc ChangeLog.adoc Contributing.adoc ReleaseNotes.adoc README.ado # tests need to be fixed to not use system plugins if weechat is already installed RESTRICT="test" +PATCHES=( "${FILESDIR}/${PV}-CVE-2020-8955.patch" ) + pkg_setup() { use python && python-single-r1_pkg_setup }