From c90ead2db6c8dfde6519ae6e3b5b99bf6c0ad6aa Mon Sep 17 00:00:00 2001 From: Sven Wegener Date: Mon, 26 Sep 2016 20:54:55 +0000 Subject: net-irc/irssi: Revision bump, security bug #595172 Package-Manager: portage-2.2.28 --- .../irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch | 112 +++++++++++++++++++++ net-irc/irssi/irssi-0.8.20-r1.ebuild | 74 ++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch create mode 100644 net-irc/irssi/irssi-0.8.20-r1.ebuild (limited to 'net-irc') diff --git a/net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch b/net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch new file mode 100644 index 000000000000..6e931a0612d2 --- /dev/null +++ b/net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch @@ -0,0 +1,112 @@ +From eb20a6c846373bbfba4cd80e6aef017b56409047 Mon Sep 17 00:00:00 2001 +From: ailin-nemui +Date: Thu, 22 Sep 2016 04:27:35 +0200 +Subject: [PATCH] Merge pull request #548 from ailin-nemui/buf-fix + +sync buf.pl +--- + scripts/buf.pl | 42 ++++++++++++++++++++++++++++-------------- + 1 file changed, 28 insertions(+), 14 deletions(-) + +diff --git a/scripts/buf.pl b/scripts/buf.pl +index da50e82..6d907f1 100644 +--- a/scripts/buf.pl ++++ b/scripts/buf.pl +@@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_add_first active_win + settings_get_str settings_get_bool channels windows + settings_add_str settings_add_bool get_irssi_dir + window_find_refnum signal_stop); +-$VERSION = '2.13'; ++$VERSION = '2.20'; + %IRSSI = ( + authors => 'Juerd', + contact => 'juerd@juerd.nl', +@@ -13,10 +13,8 @@ $VERSION = '2.13'; + description => 'Saves the buffer for /upgrade, so that no information is lost', + license => 'Public Domain', + url => 'http://juerd.nl/irssi/', +- changed => 'Mon May 13 19:41 CET 2002', +- changes => 'Severe formatting bug removed * oops, I ' . +- 'exposed Irssi to ircII foolishness * sorry ' . +- '** removed logging stuff (this is a fix)', ++ changed => 'Thu Sep 22 01:37 CEST 2016', ++ changes => 'Fixed file permissions (leaked everything via filesystem)', + note1 => 'This script HAS TO BE in your scripts/autorun!', + note2 => 'Perl support must be static or in startup', + ); +@@ -39,9 +37,15 @@ use Data::Dumper; + + my %suppress; + ++sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir } ++ + sub upgrade { +- open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; +- print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; ++ my $fn = _filename; ++ my $old_umask = umask 0077; ++ open my $fh, q{>}, $fn or die "open $fn: $!"; ++ umask $old_umask; ++ ++ print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; + for my $window (windows) { + next unless defined $window; + next if $window->{name} eq 'status'; +@@ -57,36 +61,39 @@ sub upgrade { + redo if defined $line; + } + } +- printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf; ++ printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf; + } +- close BUF; ++ close $fh; + unlink sprintf("%s/sessionconfig", get_irssi_dir); + command 'layout save'; + command 'save'; + } + + sub restore { +- open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; +- my @suppress = split /\0/, ; ++ my $fn = _filename; ++ open my $fh, q{<}, $fn or die "open $fn: $!"; ++ unlink $fn or warn "unlink $fn: $!"; ++ ++ my @suppress = split /\0/, readline $fh; + if (settings_get_bool 'upgrade_suppress_join') { + chomp $suppress[-1]; + @suppress{@suppress} = (2) x @suppress; + } + active_win->command('^window scroll off'); +- while (my $bla = ){ ++ while (my $bla = readline $fh){ + chomp $bla; + my ($refnum, $lines) = split /:/, $bla; + next unless $lines; + my $window = window_find_refnum $refnum; + unless (defined $window){ +- for 1..$lines; ++ readline $fh for 1..$lines; + next; + } + my $view = $window->view; + $view->remove_all_lines(); + $view->redraw(); + my $buf = ''; +- $buf .= for 1..$lines; ++ $buf .= readline $fh for 1..$lines; + my $sep = settings_get_str 'upgrade_separator'; + $sep .= "\n" if $sep ne ''; + $window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep"); +@@ -119,3 +126,10 @@ signal_add 'event join' => 'suppress'; + unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) { + Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!'); + } ++ ++# Remove any left-over file. If 'session' doesn't exist (created by irssi ++# during /UPGRADE), neither should our file. ++unless (-e sprintf('%s/session', get_irssi_dir)) { ++ my $fn = _filename; ++ unlink $fn or warn "unlink $fn: $!" if -e $fn; ++} diff --git a/net-irc/irssi/irssi-0.8.20-r1.ebuild b/net-irc/irssi/irssi-0.8.20-r1.ebuild new file mode 100644 index 000000000000..9ead79d0a3cd --- /dev/null +++ b/net-irc/irssi/irssi-0.8.20-r1.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit autotools eutils flag-o-matic perl-module toolchain-funcs + +# Keep for _rc compability +MY_P="${P/_/-}" + +DESCRIPTION="A modular textUI IRC client with IPv6 support" +HOMEPAGE="http://irssi.org/" +SRC_URI="https://github.com/irssi/irssi/releases/download/${PV/_/-}/${MY_P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="ipv6 +perl selinux ssl socks5 +proxy libressl" + +CDEPEND="sys-libs/ncurses:0= + >=dev-libs/glib-2.6.0 + ssl? ( + !libressl? ( dev-libs/openssl:= ) + libressl? ( dev-libs/libressl:= ) + ) + perl? ( dev-lang/perl:= ) + socks5? ( >=net-proxy/dante-1.1.18 )" + +DEPEND=" + ${CDEPEND} + virtual/pkgconfig" + +RDEPEND=" + ${CDEPEND} + selinux? ( sec-policy/selinux-irc ) + perl? ( !net-im/silc-client )" + +RESTRICT="test" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}/${P}-tinfo.patch" + "${FILESDIR}/${P}-buf.pl-2.20-CVE-2016-7553.patch" # bug #595172 +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + --with-ncurses="${EPREFIX}"/usr \ + --with-perl-lib=vendor \ + --enable-static \ + --enable-true-color \ + $(use_with proxy) \ + $(use_with perl) \ + $(use_with socks5 socks) \ + $(use_enable ssl) \ + $(use_enable ipv6) +} + +src_install() { + emake DESTDIR="${D}" install + + use perl && perl_delete_localpod + + prune_libtool_files --modules + + dodoc AUTHORS ChangeLog README.md TODO NEWS +} -- cgit v1.2.3-65-gdbad