Accepting request 777782 from home:oxy:branches:server:irc

- update to 2.7.1
- Bug fixes
  * irc: fix crash when receiving a malformed message 352 (who)
  * irc: fix crash when a new message 005 is received with longer nick prefixes
  * irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)

OBS-URL: https://build.opensuse.org/request/show/777782
OBS-URL: https://build.opensuse.org/package/show/server:irc/weechat?expand=0&rev=95

CVE-2020-8955.patch

@@ -1,46 +0,0 @@
-From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
-Date: Sat, 8 Feb 2020 20:24:50 +0100
-Subject: [PATCH] irc: fix crash when receiving a malformed message 324
- (channel mode)
-
-Thanks to Stuart Nevans Locke for reporting the issue.
----
- ChangeLog.adoc             |  1 +
- src/plugins/irc/irc-mode.c | 21 ++++++++++++---------
- 2 files changed, 13 insertions(+), 9 deletions(-)
-
-diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
-index 2237a344b..e79f0deb7 100644
---- a/src/plugins/irc/irc-mode.c
-+++ b/src/plugins/irc/irc-mode.c
-@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
-                     current_arg++;
-                 if (pos[0] == chanmode)
-                 {
--                    chanmode_found = 1;
--                    if (set_flag == '+')
-+                    if (!chanmode_found)
-                     {
--                        str_mode[0] = pos[0];
--                        str_mode[1] = '\0';
--                        strcat (new_modes, str_mode);
--                        if (argument)
-+                        chanmode_found = 1;
-+                        if (set_flag == '+')
-                         {
--                            if (new_args[0])
--                                strcat (new_args, " ");
--                            strcat (new_args, argument);
-+                            str_mode[0] = pos[0];
-+                            str_mode[1] = '\0';
-+                            strcat (new_modes, str_mode);
-+                            if (argument)
-+                            {
-+                                if (new_args[0])
-+                                    strcat (new_args, " ");
-+                                strcat (new_args, argument);
-+                            }
-                         }
-                     }
-                 }

weechat-2.7.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9d752fecb86a54470a19d8c977bc1baa01ac58625a4722e42199b85a06035c41
+size 2226768

weechat-2.7.1.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEqatat3j6XDUi/QN4+C9LFt7ECPgFAl5O42sACgkQ+C9LFt7E
+CPggHRAAubCdlr46sIMb24qUsGV2BMLXncBXkYIEIPFq/kTt1P6+3YPJaW1TjafQ
+CV4BMfpkUbM0kZAt5HwhwzMFgC13uq7ZgMabqLRiIp7Bw+7v0mR8ukaxHirgpv3s
+fsz0sfV+V/eARbNiS/Vs3QZ3YjVSqMPmxtRbn6/ECIbxEuTBfJ8f7BaHQzD1jVdJ
+8S1TSNru2ltHnRnsBeUcOpFnj7rFwu0+6hYfCWKgmIlng8CZH8t05u3OTrO0LcMR
+0afnAcYk5TthRbAAcwQ6DBJqJkjOUYc4HSxcn4FNUkQdxFrPweVydEraoZgtItnh
+KlqCqseufJ5xneCXORCZDClg4HhlsIu/Gd8Yz3mmBkgkg98UiKaytoGyFC1YsbnV
+/S94KtqX9adMu1PJogFCoqo5PTgvELlC190sGyp1JBRuexnZlK9hO/sMz9cexdTN
+VY6+5F+CL6UhzQF3uwKB/J+iX+t1DuHay0JCNke/h+r8CExhFAUlYLVlPwSNP8fL
+4nWiP2OdAKsv1Wl+8kC3iwM0VMTVskC6+NB1XthT7eWqpw+7zSmO9SUp7F3zcwSL
+hYRx4UCUEhUzb//e1kXXxIHL1XacN6M7EI66issS9hrByq9j+vWTrutYP9+b8mge
+F9/Stc9O+mfTKbKamJ/8Eowg/1S88E9ODKNrLjX4c4S0uXYiRv4=
+=WkNI
+-----END PGP SIGNATURE-----

weechat-2.7.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:56fc42a4afece57bc27f95a2d155815a5e6472f32535add4c0ab4ce3b5e399e7
-size 2226876

weechat-2.7.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEqatat3j6XDUi/QN4+C9LFt7ECPgFAl3svWUACgkQ+C9LFt7E
-CPgwbQ//RFrm23lzLipwP91yBqyzZJOZVQ2nGv3bVvfLBQVYXos8l4Vp//AxauJZ
-vLm4uF+4WCA893GI7hO7M0U3GGgiuRE7cM+NofI/nI0pfK2vYo99LakMO7eOP97s
-AgO/YVEf5etMMG5qlZcwwJ66smH88j6sNqlRPCBAgJGhSdX/LBCq2KgMMQ7Vrl51
-Pgna5olJL19LDx/E0S0ZFb9drZIzvyQ1NsS23ZtUorfTx53zeBaP6Wmyl/RJBD+C
-2iLvC+zljfe0+Kb8x+Vr6JRaLu0DlH7CuCS84qa510AjgN/YUeFbsBR4wU3b5qzW
-4PUM+d3VU9m5fWy+H83jovFKzGUqBBGVgGySaRSaqF8jUEsT0H8yu+nQV1ABUdq2
-Q5Uh8+eR/t+znZMTopPBN6zm74LK1VzJ4D2ZhmXDaSSjArOADHKBNedro9l+8N2Q
-gRtHLwdzfanWuhKeoxwrIxZzrRkoflOylzop38C4xa6uXkndvAfyW6b8sj/2cRW9
-tTub1SuuA3tSD0Y1rEqBocNNsI3L4tHFJ3IzpUtVI3vE9TefAPiiKB+Lmy7RszCJ
-ficwL+JR947ldslWtRw7h+9H/WSvi0CEcWo0Qem7HwtMHnkONwroaKVPi5vQBdpd
-NXGWpODNWPu7cQPInfQvskBqWoKztI0ZirPkolPf9zV8UxRxR+0=
-=7t4B
------END PGP SIGNATURE-----

weechat.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Feb 20 21:46:23 UTC 2020 - Maximilian Trummer <opensuse@trummer.xyz>
+
+- update to 2.7.1
+- Bug fixes
+  * irc: fix crash when receiving a malformed message 352 (who)
+  * irc: fix crash when a new message 005 is received with longer nick prefixes
+  * irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955)
+
 -------------------------------------------------------------------
 Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
 

weechat.spec

@@ -17,7 +17,7 @@
 
 
 Name:           weechat
-Version:        2.7
+Version:        2.7.1
 Release:        0
 Summary:        Multi-protocol extensible Chat Client
 License:        GPL-3.0-or-later
@@ -28,7 +28,6 @@ Source1:        weechat.desktop
 Source2:        %{name}.keyring
 Source3:        https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc
 Source4:        %{name}.changes
-Patch0:         CVE-2020-8955.patch
 BuildRequires:  ca-certificates
 BuildRequires:  cmake
 BuildRequires:  curl-devel
@@ -127,7 +126,6 @@ Spell-checking support for %{name}, using the aspell and enchant libraries.
 
 %prep
 %setup -q
-%patch0 -p1
 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""