Accepting request 774861 from server:irc

- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch (forwarded request 774859 from mimi_vx) OBS-URL: https://build.opensuse.org/request/show/774861 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/weechat?expand=0&rev=54
2020-02-18 09:39:36 +00:00 · 2020-02-18 09:39:36 +00:00 · 8c05e3afb3
commit 8c05e3afb3
parent 60079db182 ab5f9d8595
3 changed files with 54 additions and 3 deletions
--- a/CVE-2020-8955.patch
+++ b/CVE-2020-8955.patch
@ -0,0 +1,46 @@
+From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
+Date: Sat, 8 Feb 2020 20:24:50 +0100
+Subject: [PATCH] irc: fix crash when receiving a malformed message 324
+ (channel mode)
+
+Thanks to Stuart Nevans Locke for reporting the issue.
+---
+ ChangeLog.adoc             |  1 +
+ src/plugins/irc/irc-mode.c | 21 ++++++++++++---------
+ 2 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
+index 2237a344b..e79f0deb7 100644
+--- a/src/plugins/irc/irc-mode.c
+++ b/src/plugins/irc/irc-mode.c
+@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
+                     current_arg++;
+                 if (pos[0] == chanmode)
+                 {
+-                    chanmode_found = 1;
+-                    if (set_flag == '+')
+                    if (!chanmode_found)
+                     {
+-                        str_mode[0] = pos[0];
+-                        str_mode[1] = '\0';
+-                        strcat (new_modes, str_mode);
+-                        if (argument)
+                        chanmode_found = 1;
+                        if (set_flag == '+')
+                         {
+-                            if (new_args[0])
+-                                strcat (new_args, " ");
+-                            strcat (new_args, argument);
+                            str_mode[0] = pos[0];
+                            str_mode[1] = '\0';
+                            strcat (new_modes, str_mode);
+                            if (argument)
+                            {
+                                if (new_args[0])
+                                    strcat (new_args, " ");
+                                strcat (new_args, argument);
+                            }
+                         }
+                     }
+                 }
--- a/weechat.changes
+++ b/weechat.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch
+
 -------------------------------------------------------------------
 Fri Jan 31 22:11:09 UTC 2020 - Maximilian Trummer <opensuse@trummer.xyz>

--- a/weechat.spec
+++ b/weechat.spec
@ -28,6 +28,7 @@ Source1:        weechat.desktop
 Source2:        %{name}.keyring
 Source3:        https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc
 Source4:        %{name}.changes
+Patch0:         CVE-2020-8955.patch
 BuildRequires:  ca-certificates
 BuildRequires:  cmake
 BuildRequires:  curl-devel
@ -126,6 +127,7 @@ Spell-checking support for %{name}, using the aspell and enchant libraries.

 %prep
 %setup -q
+%patch0 -p1
 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")"
 DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
 TIME="\"$(date -d "${modified}" "+%%R")\""
@ -144,7 +146,7 @@ export CFLAGS="%{optflags}"
    -DENABLE_JAVASCRIPT=OFF \
    -DENABLE_PHP=OFF \
    -DCA_FILE=%{_sysconfdir}/ssl/ca-bundle.pem
-%make_jobs
+%cmake_build

 %install
 %cmake_install
@ -154,8 +156,6 @@ install -D -m 0644 "%{SOURCE1}" "%{buildroot}%{_datadir}/applications/%{name}.de

 %find_lang "%{name}" --with-man

-
-
 %files
 %doc AUTHORS.adoc ChangeLog.adoc Contributing.adoc
 %doc README.adoc ReleaseNotes.adoc