aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2017-08-09 08:44:10 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2017-08-09 08:44:59 +0000
commit52d4d14ef14530f33217fa687536a6af4f680de9 (patch)
tree6bc78598639186e709d482a94a3fbe3decfa4f0b
parent330f754f59d7cc8bdd3c7e4ecf31978eaa613129 (diff)
downloadaports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.gz
aports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.bz2
aports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.xz
main/irssi: fix for CVE-2017-10965 and CVE-2017-10966. Fixes #7517
-rw-r--r--main/irssi/APKBUILD15
-rw-r--r--main/irssi/CVE-2017-10965-10966.patch72
2 files changed, 83 insertions, 4 deletions
diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index 39916a1f95..afc63c69f2 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Kiyoshi Aman <kiyoshi.aman@gmail.com>
pkgname=irssi
pkgver=0.8.21
-pkgrel=1
+pkgrel=2
pkgdesc="A modular textUI IRC client with IPv6 support"
url="http://irssi.org/"
arch="all"
@@ -12,10 +12,14 @@ makedepends="glib-dev openssl-dev ncurses-dev perl-dev automake autoconf libtool
subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz
CVE-2017-9468.patch
+ CVE-2017-10965-10966.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
+# 0.8.21.r2:
+# - CVE-2017-10965
+# - CVE-2017-10966
# 0.8.21-r1:
# - CVE-2017-9468
# 0.8.21-r0:
@@ -84,8 +88,11 @@ proxy() {
}
md5sums="b820760c3b4f3b0c24abe4db82b6366a irssi-0.8.21.tar.xz
-09307e506db9deef2d678101041ac79a CVE-2017-9468.patch"
+09307e506db9deef2d678101041ac79a CVE-2017-9468.patch
+f3c8acd17229df9c19fab1691217982f CVE-2017-10965-10966.patch"
sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a irssi-0.8.21.tar.xz
-8d032e96ff6273de052dfc203fb2b16b90cfd029b71805fda9cfda0ce1a053ba CVE-2017-9468.patch"
+8d032e96ff6273de052dfc203fb2b16b90cfd029b71805fda9cfda0ce1a053ba CVE-2017-9468.patch
+a54c17663204b8a928e65fe136d57f473ac8b59437e6741a2a018aab60954a7a CVE-2017-10965-10966.patch"
sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642 irssi-0.8.21.tar.xz
-9fe90deea2002c976678739bda7a58f88c611969a1800bf2e15e152fff3075b63117f3dddc3f491ef845b84dc928503b95f7db13b6a23d80a2f9bb8aef3f2bb6 CVE-2017-9468.patch"
+9fe90deea2002c976678739bda7a58f88c611969a1800bf2e15e152fff3075b63117f3dddc3f491ef845b84dc928503b95f7db13b6a23d80a2f9bb8aef3f2bb6 CVE-2017-9468.patch
+166833d0008b2555d1bf787835a06663f4ffc7cde9138f7b1690b18d59018df56329ef361c42e5b1f0064aa490e21829a25791d13f92cc5d0b06f7802282951c CVE-2017-10965-10966.patch"
diff --git a/main/irssi/CVE-2017-10965-10966.patch b/main/irssi/CVE-2017-10965-10966.patch
new file mode 100644
index 0000000000..30b5192231
--- /dev/null
+++ b/main/irssi/CVE-2017-10965-10966.patch
@@ -0,0 +1,72 @@
+From 29ebac987da1da2c892aed5ed329256b7bc94bca Mon Sep 17 00:00:00 2001
+From: Nei <ailin.nemui@gmail.com>
+Date: Thu, 29 Jun 2017 13:48:44 +0000
+Subject: [PATCH 1/2] Check return value of localtime
+
+Fixes #10
+---
+ src/core/misc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/misc.c b/src/core/misc.c
+index ce49925b1..0b2d8e776 100644
+--- a/src/core/misc.c
++++ b/src/core/misc.c
+@@ -560,6 +560,9 @@ char *my_asctime(time_t t)
+ int len;
+
+ tm = localtime(&t);
++ if (tm == NULL)
++ return g_strdup("???");
++
+ str = g_strdup(asctime(tm));
+
+ len = strlen(str);
+
+From 73b851c39c11d01199e6c040749fb20e468f6c8d Mon Sep 17 00:00:00 2001
+From: ailin-nemui <ailin-nemui@users.noreply.github.com>
+Date: Tue, 4 Jul 2017 16:10:55 +0200
+Subject: [PATCH 2/2] correct GHashTable usage
+
+---
+ src/core/nicklist.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/nicklist.c b/src/core/nicklist.c
+index 54dfb5fb2..0bc88ab8d 100644
+--- a/src/core/nicklist.c
++++ b/src/core/nicklist.c
+@@ -54,23 +54,26 @@ static void nick_hash_add(CHANNEL_REC *channel, NICK_REC *nick)
+
+ static void nick_hash_remove(CHANNEL_REC *channel, NICK_REC *nick)
+ {
+- NICK_REC *list;
++ NICK_REC *list, *newlist;
+
+ list = g_hash_table_lookup(channel->nicks, nick->nick);
+ if (list == NULL)
+ return;
+
+- if (list == nick || list->next == NULL) {
+- g_hash_table_remove(channel->nicks, nick->nick);
+- if (list->next != NULL) {
+- g_hash_table_insert(channel->nicks, nick->next->nick,
+- nick->next);
+- }
++ if (list == nick) {
++ newlist = nick->next;
+ } else {
++ newlist = list;
+ while (list->next != nick)
+ list = list->next;
+ list->next = nick->next;
+ }
++
++ g_hash_table_remove(channel->nicks, nick->nick);
++ if (newlist != NULL) {
++ g_hash_table_insert(channel->nicks, newlist->nick,
++ newlist);
++ }
+ }
+
+ /* Add new nick to list */