diff --git a/0001-Do-not-copy-more-bytes-than-were-allocated.patch b/0001-Do-not-copy-more-bytes-than-were-allocated.patch new file mode 100644 index 0000000..e678b11 --- /dev/null +++ b/0001-Do-not-copy-more-bytes-than-were-allocated.patch @@ -0,0 +1,27 @@ +From 87580d767868360d2fed503980129504da84b63e Mon Sep 17 00:00:00 2001 +From: Hans-Christian Esperer +Date: Sat, 9 Jan 2016 19:58:58 +0100 +Subject: [PATCH] Do not copy more bytes than were allocated + +--- + modules/transport/xmlrpc/xmlrpclib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/transport/xmlrpc/xmlrpclib.c b/modules/transport/xmlrpc/xmlrpclib.c +index b67d215..5fcde9e 100644 +--- a/modules/transport/xmlrpc/xmlrpclib.c ++++ b/modules/transport/xmlrpc/xmlrpclib.c +@@ -777,8 +777,9 @@ void xmlrpc_char_encode(char *outbuffer, const char *s1) + s->append_char(s, c); + } + } ++ s->append_char(s, 0); + +- memcpy(outbuffer, s->str, XMLRPC_BUFSIZE); ++ strncpy(outbuffer, s->str, XMLRPC_BUFSIZE); + } + + static void xmlrpc_append_char_encode(mowgli_string_t *s, const char *s1) +-- +2.6.6 + diff --git a/0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch b/0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch new file mode 100644 index 0000000..2cfc9e4 --- /dev/null +++ b/0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch @@ -0,0 +1,108 @@ +From c597156adc60a45b5f827793cd420945f47bc03b Mon Sep 17 00:00:00 2001 +From: Max Teufel +Date: Sun, 6 Mar 2016 10:27:40 +0100 +Subject: [PATCH] chanserv/flags: make Anope FLAGS compatibility an option + +Previously, ChanServ FLAGS behavior could be modified by registering or +dropping the keyword nicks "LIST", "CLEAR", and "MODIFY". +Now, a configuration option is available that when turned on (default), +disables registration of these keyword nicks and enables this +compatibility feature. When turned off, registration of these keyword +nicks is possible, and compatibility to Anope's FLAGS command is +disabled. + +Fixes atheme/atheme#397 +--- + modules/chanserv/flags.c | 37 ++++++++++++++++++++++++++++++++++--- + 1 file changed, 34 insertions(+), 3 deletions(-) + +diff --git a/modules/chanserv/flags.c b/modules/chanserv/flags.c +index 289345d..72d8fcf 100644 +--- a/modules/chanserv/flags.c ++++ b/modules/chanserv/flags.c +@@ -17,18 +17,35 @@ DECLARE_MODULE_V1 + ); + + static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]); ++static void check_registration_keywords(hook_user_register_check_t *hdata); + + command_t cs_flags = { "FLAGS", N_("Manipulates specific permissions on a channel."), + AC_NONE, 3, cs_cmd_flags, { .path = "cservice/flags" } }; + ++static bool anope_flags_compat = true; ++ + void _modinit(module_t *m) + { + service_named_bind_command("chanserv", &cs_flags); ++ ++ add_bool_conf_item("ANOPE_FLAGS_COMPAT", &chansvs.me->conf_table, 0, &anope_flags_compat, true); ++ ++ hook_add_event("nick_can_register"); ++ hook_add_nick_can_register(check_registration_keywords); ++ ++ hook_add_event("user_can_register"); ++ hook_add_user_can_register(check_registration_keywords); + } + + void _moddeinit(module_unload_intent_t intent) + { + service_named_unbind_command("chanserv", &cs_flags); ++ ++ hook_del_nick_can_register(check_registration_keywords); ++ ++ hook_del_user_can_register(check_registration_keywords); ++ ++ del_conf_item("ANOPE_FLAGS_COMPAT", &chansvs.me->conf_table); + } + + typedef struct { +@@ -150,6 +167,20 @@ static void do_list(sourceinfo_t *si, mychan_t *mc, unsigned int flags) + logcommand(si, CMDLOG_GET, "FLAGS: \2%s\2", mc->name); + } + ++static void check_registration_keywords(hook_user_register_check_t *hdata) ++{ ++ if (hdata->approved || !anope_flags_compat) ++ { ++ return; ++ } ++ ++ if (!strcasecmp(hdata->account, "LIST") || !strcasecmp(hdata->account, "CLEAR") || !strcasecmp(hdata->account, "MODIFY")) ++ { ++ command_fail(hdata->si, fault_badparams, "The nick \2%s\2 is reserved and cannot be registered.", hdata->account); ++ hdata->approved = 1; ++ } ++} ++ + /* FLAGS [user] [flags] */ + static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) + { +@@ -218,14 +249,14 @@ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) + * + * --nenolod + */ +- else if (!strcasecmp(target, "LIST") && myentity_find_ext(target) == NULL) ++ else if (anope_flags_compat && !strcasecmp(target, "LIST") && myentity_find_ext(target) == NULL) + { + do_list(si, mc, 0); + free(target); + + return; + } +- else if (!strcasecmp(target, "CLEAR") && myentity_find_ext(target) == NULL) ++ else if (anope_flags_compat && !strcasecmp(target, "CLEAR") && myentity_find_ext(target) == NULL) + { + free(target); + +@@ -251,7 +282,7 @@ static void cs_cmd_flags(sourceinfo_t *si, int parc, char *parv[]) + command_success_nodata(si, _("Cleared flags in \2%s\2."), mc->name); + return; + } +- else if (!strcasecmp(target, "MODIFY") && myentity_find_ext(target) == NULL) ++ else if (anope_flags_compat && !strcasecmp(target, "MODIFY") && myentity_find_ext(target) == NULL) + { + free(target); + +-- +2.6.6 + diff --git a/atheme-7.2.6.tar.gz b/atheme-7.2.6.tar.gz new file mode 100644 index 0000000..d38c253 --- /dev/null +++ b/atheme-7.2.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:432c6212c974f3ba6b4d8f14de795c61be7f57dfc7c84ee98255163269455fd4 +size 1402358 diff --git a/atheme-serno.diff b/atheme-serno.diff new file mode 100644 index 0000000..9210a02 --- /dev/null +++ b/atheme-serno.diff @@ -0,0 +1,22 @@ +From: Jan Engelhardt +Date: 2016-05-04 11:21:18.899894344 +0200 +References: https://github.com/atheme/atheme/issues/488 + +Avoid build failure because of serno.h non-existence. + +--- + include/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: atheme-atheme-7.2.6/include/Makefile +=================================================================== +--- atheme-atheme-7.2.6.orig/include/Makefile ++++ atheme-atheme-7.2.6/include/Makefile +@@ -68,6 +68,6 @@ hooktypes.h: hooktypes.in mkhooktypes.sh + serno.h: + $(info Generate: $@) + @revh=`git log -1 --pretty=oneline | cut -d' ' -f1 2>/dev/null` || :; \ +- [ -z "$$revh" ] || echo "#define SERNO \"$$revh\"" >serno.h ++ echo "#define SERNO \"$$revh\"" >serno.h + + include ../buildsys.mk diff --git a/atheme-services-7.2.5.tar.bz2 b/atheme-services-7.2.5.tar.bz2 deleted file mode 100644 index 804260d..0000000 --- a/atheme-services-7.2.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8291f39e9838c6a2328c3030039a619c6eb110e87e134e442683866d2311da4a -size 1210088 diff --git a/atheme.changes b/atheme.changes index 928ed6e..fbd6bdf 100644 --- a/atheme.changes +++ b/atheme.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue May 3 10:43:10 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 7.2.6 +* avoid potential NULL dereference in language code +* Add NOPASSWORD criterion to nickserv/list helpfile +* new nickserv/list criterion VACATION +- Add 0001-Do-not-copy-more-bytes-than-were-allocated.patch + [CVE-2016-4478] +- Add 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch + [CVE-2014-9773, boo#978170] +- Add atheme-serno.diff, a build fix + ------------------------------------------------------------------- Fri Apr 3 17:33:35 UTC 2015 - jengelh@inai.de diff --git a/atheme.spec b/atheme.spec index 5e21cf6..fe4f5b1 100644 --- a/atheme.spec +++ b/atheme.spec @@ -1,7 +1,7 @@ # # spec file for package atheme # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: atheme %define lname libathemecore1 -Version: 7.2.5 +Version: 7.2.6 Release: 0 Url: http://atheme.net/ Summary: A portable, secure set of open source, modular IRC services @@ -26,10 +26,13 @@ License: MIT Group: Productivity/Networking/IRC #Git-Clone: git://github.com/atheme/atheme -Source: http://atheme.net/downloads/atheme-services-%version.tar.bz2 +Source: https://github.com/atheme/atheme/archive/%name-%version.tar.gz Source9: example.conf Patch1: atheme-lockmodes.diff -Patch3: atheme-nodate.diff +Patch2: atheme-nodate.diff +Patch3: atheme-serno.diff +Patch4: 0001-Do-not-copy-more-bytes-than-were-allocated.patch +Patch5: 0001-chanserv-flags-make-Anope-FLAGS-compatibility-an-opt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: cracklib-devel BuildRequires: fdupes @@ -74,16 +77,17 @@ This package contains the development headers for the library found in %lname. %prep -%setup -qn %name-services-%version -%patch -P 1 -P 3 -p1 -# use system libmowgli; ignore contrib modules +%setup -qn %name-%name-%version +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +# nudge atheme in the direction of using the system-provided libmowgli rm -Rf libmowgli-2 +# ignore contrib modules mkdir -p libmowgli-2 modules/contrib touch libmowgli-2/Makefile modules/contrib/Makefile %build %if 0%{?suse_version} >= 1210 -export RUNDIR="/run"; +export RUNDIR="/run" %endif %configure \ --sysconfdir="%_sysconfdir/%name" \ @@ -92,17 +96,16 @@ export RUNDIR="/run"; --enable-fhs-paths \ --enable-warnings \ --enable-large-net \ - --with-pcre \ - --enable-contrib + --with-pcre make %{?_smp_mflags} %install %if 0%{?suse_version} >= 1210 -export RUNDIR="/run"; +export RUNDIR="/run" %endif b="%buildroot"; -%make_install DOCDIR="%_docdir/%name"; +%make_install DOCDIR="%_docdir/%name" # additional documentation mkdir -p "$b/%_docdir/%name" @@ -131,11 +134,11 @@ install -pm0644 "%{S:9}" "$b/%_sysconfdir/%name/atheme.conf" %pre /usr/bin/getent group atheme >/dev/null 2>/dev/null || \ - /usr/sbin/groupadd -r atheme >/dev/null || :; + /usr/sbin/groupadd -r atheme >/dev/null || : /usr/bin/getent passwd atheme >/dev/null 2>/dev/null || \ /usr/sbin/useradd -r -g atheme -s /bin/false \ -c "Atheme IRC Services daemon" -d "%atheme_home" \ - atheme >/dev/null || :; + atheme >/dev/null || : %service_add_pre atheme.service %post