diff --git a/CVE-2020-8955.patch b/CVE-2020-8955.patch deleted file mode 100644 index 41d89df..0000000 --- a/CVE-2020-8955.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= -Date: Sat, 8 Feb 2020 20:24:50 +0100 -Subject: [PATCH] irc: fix crash when receiving a malformed message 324 - (channel mode) - -Thanks to Stuart Nevans Locke for reporting the issue. ---- - ChangeLog.adoc | 1 + - src/plugins/irc/irc-mode.c | 21 ++++++++++++--------- - 2 files changed, 13 insertions(+), 9 deletions(-) - -diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c -index 2237a344b..e79f0deb7 100644 ---- a/src/plugins/irc/irc-mode.c -+++ b/src/plugins/irc/irc-mode.c -@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server, - current_arg++; - if (pos[0] == chanmode) - { -- chanmode_found = 1; -- if (set_flag == '+') -+ if (!chanmode_found) - { -- str_mode[0] = pos[0]; -- str_mode[1] = '\0'; -- strcat (new_modes, str_mode); -- if (argument) -+ chanmode_found = 1; -+ if (set_flag == '+') - { -- if (new_args[0]) -- strcat (new_args, " "); -- strcat (new_args, argument); -+ str_mode[0] = pos[0]; -+ str_mode[1] = '\0'; -+ strcat (new_modes, str_mode); -+ if (argument) -+ { -+ if (new_args[0]) -+ strcat (new_args, " "); -+ strcat (new_args, argument); -+ } - } - } - } diff --git a/weechat-2.7.1.tar.xz b/weechat-2.7.1.tar.xz new file mode 100644 index 0000000..86f585c --- /dev/null +++ b/weechat-2.7.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9d752fecb86a54470a19d8c977bc1baa01ac58625a4722e42199b85a06035c41 +size 2226768 diff --git a/weechat-2.7.1.tar.xz.asc b/weechat-2.7.1.tar.xz.asc new file mode 100644 index 0000000..5f3a205 --- /dev/null +++ b/weechat-2.7.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEqatat3j6XDUi/QN4+C9LFt7ECPgFAl5O42sACgkQ+C9LFt7E +CPggHRAAubCdlr46sIMb24qUsGV2BMLXncBXkYIEIPFq/kTt1P6+3YPJaW1TjafQ +CV4BMfpkUbM0kZAt5HwhwzMFgC13uq7ZgMabqLRiIp7Bw+7v0mR8ukaxHirgpv3s +fsz0sfV+V/eARbNiS/Vs3QZ3YjVSqMPmxtRbn6/ECIbxEuTBfJ8f7BaHQzD1jVdJ +8S1TSNru2ltHnRnsBeUcOpFnj7rFwu0+6hYfCWKgmIlng8CZH8t05u3OTrO0LcMR +0afnAcYk5TthRbAAcwQ6DBJqJkjOUYc4HSxcn4FNUkQdxFrPweVydEraoZgtItnh +KlqCqseufJ5xneCXORCZDClg4HhlsIu/Gd8Yz3mmBkgkg98UiKaytoGyFC1YsbnV +/S94KtqX9adMu1PJogFCoqo5PTgvELlC190sGyp1JBRuexnZlK9hO/sMz9cexdTN +VY6+5F+CL6UhzQF3uwKB/J+iX+t1DuHay0JCNke/h+r8CExhFAUlYLVlPwSNP8fL +4nWiP2OdAKsv1Wl+8kC3iwM0VMTVskC6+NB1XthT7eWqpw+7zSmO9SUp7F3zcwSL +hYRx4UCUEhUzb//e1kXXxIHL1XacN6M7EI66issS9hrByq9j+vWTrutYP9+b8mge +F9/Stc9O+mfTKbKamJ/8Eowg/1S88E9ODKNrLjX4c4S0uXYiRv4= +=WkNI +-----END PGP SIGNATURE----- diff --git a/weechat-2.7.tar.xz b/weechat-2.7.tar.xz deleted file mode 100644 index 9f7ecc9..0000000 --- a/weechat-2.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:56fc42a4afece57bc27f95a2d155815a5e6472f32535add4c0ab4ce3b5e399e7 -size 2226876 diff --git a/weechat-2.7.tar.xz.asc b/weechat-2.7.tar.xz.asc deleted file mode 100644 index bbf19ae..0000000 --- a/weechat-2.7.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEqatat3j6XDUi/QN4+C9LFt7ECPgFAl3svWUACgkQ+C9LFt7E -CPgwbQ//RFrm23lzLipwP91yBqyzZJOZVQ2nGv3bVvfLBQVYXos8l4Vp//AxauJZ -vLm4uF+4WCA893GI7hO7M0U3GGgiuRE7cM+NofI/nI0pfK2vYo99LakMO7eOP97s -AgO/YVEf5etMMG5qlZcwwJ66smH88j6sNqlRPCBAgJGhSdX/LBCq2KgMMQ7Vrl51 -Pgna5olJL19LDx/E0S0ZFb9drZIzvyQ1NsS23ZtUorfTx53zeBaP6Wmyl/RJBD+C -2iLvC+zljfe0+Kb8x+Vr6JRaLu0DlH7CuCS84qa510AjgN/YUeFbsBR4wU3b5qzW -4PUM+d3VU9m5fWy+H83jovFKzGUqBBGVgGySaRSaqF8jUEsT0H8yu+nQV1ABUdq2 -Q5Uh8+eR/t+znZMTopPBN6zm74LK1VzJ4D2ZhmXDaSSjArOADHKBNedro9l+8N2Q -gRtHLwdzfanWuhKeoxwrIxZzrRkoflOylzop38C4xa6uXkndvAfyW6b8sj/2cRW9 -tTub1SuuA3tSD0Y1rEqBocNNsI3L4tHFJ3IzpUtVI3vE9TefAPiiKB+Lmy7RszCJ -ficwL+JR947ldslWtRw7h+9H/WSvi0CEcWo0Qem7HwtMHnkONwroaKVPi5vQBdpd -NXGWpODNWPu7cQPInfQvskBqWoKztI0ZirPkolPf9zV8UxRxR+0= -=7t4B ------END PGP SIGNATURE----- diff --git a/weechat.changes b/weechat.changes index 7fe1422..b7e5728 100644 --- a/weechat.changes +++ b/weechat.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Feb 20 21:46:23 UTC 2020 - Maximilian Trummer + +- update to 2.7.1 +- Bug fixes + * irc: fix crash when receiving a malformed message 352 (who) + * irc: fix crash when a new message 005 is received with longer nick prefixes + * irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955) + ------------------------------------------------------------------- Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup diff --git a/weechat.spec b/weechat.spec index 280cdb2..98dc44e 100644 --- a/weechat.spec +++ b/weechat.spec @@ -17,7 +17,7 @@ Name: weechat -Version: 2.7 +Version: 2.7.1 Release: 0 Summary: Multi-protocol extensible Chat Client License: GPL-3.0-or-later @@ -28,7 +28,6 @@ Source1: weechat.desktop Source2: %{name}.keyring Source3: https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc Source4: %{name}.changes -Patch0: CVE-2020-8955.patch BuildRequires: ca-certificates BuildRequires: cmake BuildRequires: curl-devel @@ -127,7 +126,6 @@ Spell-checking support for %{name}, using the aspell and enchant libraries. %prep %setup -q -%patch0 -p1 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\""