Accepting request 393569 from server:irc

- Update to new upstream release 7.2.6
- Add 0001-Do-not-copy-more-bytes-than-were-allocated.patch
  [CVE-2016-4478]
- Add 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch
  [CVE-2014-9773, boo#978170]

OBS-URL: https://build.opensuse.org/request/show/393569
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/atheme?expand=0&rev=19

0001-Do-not-copy-more-bytes-than-were-allocated.patch

@@ -0,0 +1,27 @@
+From 87580d767868360d2fed503980129504da84b63e Mon Sep 17 00:00:00 2001
+From: Hans-Christian Esperer <hc@hcesperer.org>
+Date: Sat, 9 Jan 2016 19:58:58 +0100
+Subject: [PATCH] Do not copy more bytes than were allocated
+
+---
+ modules/transport/xmlrpc/xmlrpclib.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/modules/transport/xmlrpc/xmlrpclib.c b/modules/transport/xmlrpc/xmlrpclib.c
+index b67d215..5fcde9e 100644
+--- a/modules/transport/xmlrpc/xmlrpclib.c
++++ b/modules/transport/xmlrpc/xmlrpclib.c
+@@ -777,8 +777,9 @@ void xmlrpc_char_encode(char *outbuffer, const char *s1)
+ 			s->append_char(s, c);
+ 		}
+ 	}
++	s->append_char(s, 0);
+ 
+-	memcpy(outbuffer, s->str, XMLRPC_BUFSIZE);
++	strncpy(outbuffer, s->str, XMLRPC_BUFSIZE);
+ }
+ 
+ static void xmlrpc_append_char_encode(mowgli_string_t *s, const char *s1)
+-- 
+2.6.6
+

0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch

@@ -0,0 +1,108 @@
+From c597156adc60a45b5f827793cd420945f47bc03b Mon Sep 17 00:00:00 2001
+From: Max Teufel <max@teufelsnetz.com>
+Date: Sun, 6 Mar 2016 10:27:40 +0100
+Subject: [PATCH] chanserv/flags: make Anope FLAGS compatibility an option
+
+Previously, ChanServ FLAGS behavior could be modified by registering or
+dropping the keyword nicks "LIST", "CLEAR", and "MODIFY".
+Now, a configuration option is available that when turned on (default),
+disables registration of these keyword nicks and enables this
+compatibility feature. When turned off, registration of these keyword
+nicks is possible, and compatibility to Anope's FLAGS command is
+disabled.
+
+Fixes atheme/atheme#397
+---
+ modules/chanserv/flags.c | 37 ++++++++++++++++++++++++++++++++++---
+ 1 file changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/modules/chanserv/flags.c b/modules/chanserv/flags.c
+index 289345d..72d8fcf 100644
+--- a/modules/chanserv/flags.c
++++ b/modules/chanserv/flags.c
+@@ -17,18 +17,35 @@ DECLARE_MODULE_V1
+ );
+ 
+ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]);
++static void check_registration_keywords(hook_user_register_check_t *hdata);
+ 
+ command_t cs_flags = { "FLAGS", N_("Manipulates specific permissions on a channel."),
+                         AC_NONE, 3, cs_cmd_flags, { .path = "cservice/flags" } };
+ 
++static bool anope_flags_compat = true;
++
+ void _modinit(module_t *m)
+ {
+ 	service_named_bind_command("chanserv", &cs_flags);
++
++	add_bool_conf_item("ANOPE_FLAGS_COMPAT", &chansvs.me->conf_table, 0, &anope_flags_compat, true);
++
++	hook_add_event("nick_can_register");
++	hook_add_nick_can_register(check_registration_keywords);
++
++	hook_add_event("user_can_register");
++	hook_add_user_can_register(check_registration_keywords);
+ }
+ 
+ void _moddeinit(module_unload_intent_t intent)
+ {
+ 	service_named_unbind_command("chanserv", &cs_flags);
++
++	hook_del_nick_can_register(check_registration_keywords);
++
++	hook_del_user_can_register(check_registration_keywords);
++
++	del_conf_item("ANOPE_FLAGS_COMPAT", &chansvs.me->conf_table);
+ }
+ 
+ typedef struct {
+@@ -150,6 +167,20 @@ static void do_list(sourceinfo_t *si, mychan_t *mc, unsigned int flags)
+ 		logcommand(si, CMDLOG_GET, "FLAGS: \2%s\2", mc->name);
+ }
+ 
++static void check_registration_keywords(hook_user_register_check_t *hdata)
++{
++	if (hdata->approved || !anope_flags_compat)
++	{
++		return;
++	}
++
++	if (!strcasecmp(hdata->account, "LIST") || !strcasecmp(hdata->account, "CLEAR") || !strcasecmp(hdata->account, "MODIFY"))
++	{
++		command_fail(hdata->si, fault_badparams, "The nick \2%s\2 is reserved and cannot be registered.", hdata->account);
++		hdata->approved = 1;
++	}
++}
++
+ /* FLAGS <channel> [user] [flags] */
+ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[])
+ {
+@@ -218,14 +249,14 @@ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[])
+ 	 *
+ 	 *   --nenolod
+ 	 */
+-	else if (!strcasecmp(target, "LIST") && myentity_find_ext(target) == NULL)
++	else if (anope_flags_compat && !strcasecmp(target, "LIST") && myentity_find_ext(target) == NULL)
+ 	{
+ 		do_list(si, mc, 0);
+ 		free(target);
+ 
+ 		return;
+ 	}
+-	else if (!strcasecmp(target, "CLEAR") && myentity_find_ext(target) == NULL)
++	else if (anope_flags_compat && !strcasecmp(target, "CLEAR") && myentity_find_ext(target) == NULL)
+ 	{
+ 		free(target);
+ 
+@@ -251,7 +282,7 @@ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[])
+ 		command_success_nodata(si, _("Cleared flags in \2%s\2."), mc->name);
+ 		return;
+ 	}
+-	else if (!strcasecmp(target, "MODIFY") && myentity_find_ext(target) == NULL)
++	else if (anope_flags_compat && !strcasecmp(target, "MODIFY") && myentity_find_ext(target) == NULL)
+ 	{
+ 		free(target);
+ 
+-- 
+2.6.6
+

atheme-7.2.6.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:432c6212c974f3ba6b4d8f14de795c61be7f57dfc7c84ee98255163269455fd4
+size 1402358

atheme-serno.diff

@@ -0,0 +1,22 @@
+From: Jan Engelhardt <jengelh@inai.de>
+Date: 2016-05-04 11:21:18.899894344 +0200
+References: https://github.com/atheme/atheme/issues/488
+
+Avoid build failure because of serno.h non-existence.
+
+---
+ include/Makefile |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: atheme-atheme-7.2.6/include/Makefile
+===================================================================
+--- atheme-atheme-7.2.6.orig/include/Makefile
++++ atheme-atheme-7.2.6/include/Makefile
+@@ -68,6 +68,6 @@ hooktypes.h: hooktypes.in mkhooktypes.sh
+ serno.h:
+ 	$(info Generate: $@)
+ 	@revh=`git log -1 --pretty=oneline | cut -d' ' -f1 2>/dev/null` || :; \
+-	[ -z "$$revh" ] || echo "#define SERNO \"$$revh\"" >serno.h
++	echo "#define SERNO \"$$revh\"" >serno.h
+ 
+ include ../buildsys.mk

atheme-services-7.2.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8291f39e9838c6a2328c3030039a619c6eb110e87e134e442683866d2311da4a
-size 1210088

atheme.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue May  3 10:43:10 UTC 2016 - jengelh@inai.de
+
+- Update to new upstream release 7.2.6
+* avoid potential NULL dereference in language code
+* Add NOPASSWORD criterion to nickserv/list helpfile
+* new nickserv/list criterion VACATION
+- Add 0001-Do-not-copy-more-bytes-than-were-allocated.patch
+  [CVE-2016-4478]
+- Add 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch
+  [CVE-2014-9773, boo#978170]
+- Add atheme-serno.diff, a build fix
+
 -------------------------------------------------------------------
 Fri Apr  3 17:33:35 UTC 2015 - jengelh@inai.de
 

atheme.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package atheme
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 Name:           atheme
 %define lname	libathemecore1
-Version:        7.2.5
+Version:        7.2.6
 Release:        0
 Url:            http://atheme.net/
 Summary:        A portable, secure set of open source, modular IRC services
@@ -26,10 +26,13 @@ License:        MIT
 Group:          Productivity/Networking/IRC
 
 #Git-Clone:	git://github.com/atheme/atheme
-Source:         http://atheme.net/downloads/atheme-services-%version.tar.bz2
+Source:         https://github.com/atheme/atheme/archive/%name-%version.tar.gz
 Source9:        example.conf
 Patch1:         atheme-lockmodes.diff
-Patch3:         atheme-nodate.diff
+Patch2:         atheme-nodate.diff
+Patch3:         atheme-serno.diff
+Patch4:         0001-Do-not-copy-more-bytes-than-were-allocated.patch
+Patch5:         0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  cracklib-devel
 BuildRequires:  fdupes
@@ -74,16 +77,17 @@ This package contains the development headers for the library found
 in %lname.
 
 %prep
-%setup -qn %name-services-%version
-%patch -P 1 -P 3 -p1
-# use system libmowgli; ignore contrib modules
+%setup -qn %name-%name-%version
+%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1
+# nudge atheme in the direction of using the system-provided libmowgli
 rm -Rf libmowgli-2
+# ignore contrib modules
 mkdir -p libmowgli-2 modules/contrib
 touch libmowgli-2/Makefile modules/contrib/Makefile
 
 %build
 %if 0%{?suse_version} >= 1210
-export RUNDIR="/run";
+export RUNDIR="/run"
 %endif
 %configure \
     --sysconfdir="%_sysconfdir/%name" \
@@ -92,17 +96,16 @@ export RUNDIR="/run";
     --enable-fhs-paths \
     --enable-warnings \
     --enable-large-net \
-    --with-pcre \
-    --enable-contrib
+    --with-pcre
 
 make %{?_smp_mflags}
 
 %install
 %if 0%{?suse_version} >= 1210
-export RUNDIR="/run";
+export RUNDIR="/run"
 %endif
 b="%buildroot";
-%make_install DOCDIR="%_docdir/%name";
+%make_install DOCDIR="%_docdir/%name"
 
 # additional documentation
 mkdir -p "$b/%_docdir/%name"
@@ -131,11 +134,11 @@ install -pm0644 "%{S:9}" "$b/%_sysconfdir/%name/atheme.conf"
 
 %pre
 /usr/bin/getent group atheme >/dev/null 2>/dev/null || \
-	/usr/sbin/groupadd -r atheme >/dev/null || :;
+	/usr/sbin/groupadd -r atheme >/dev/null || :
 /usr/bin/getent passwd atheme >/dev/null 2>/dev/null || \
 	/usr/sbin/useradd -r -g atheme -s /bin/false \
 	-c "Atheme IRC Services daemon" -d "%atheme_home" \
-	atheme >/dev/null || :;
+	atheme >/dev/null || :
 %service_add_pre atheme.service
 
 %post