rpm/weechat
SHA256
1
0
Fork 0
forked from pool/weechat
Code Pull Requests Activity

Accepting request 774861 from server:irc

Browse Source 
- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch (forwarded request 774859 from mimi_vx)

OBS-URL: https://build.opensuse.org/request/show/774861
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/weechat?expand=0&rev=54
This commit is contained in:
Dominique Leuenberger 2020-02-18 09:39:36 +00:00 committed by Git OBS Bridge
commit 8c05e3afb3
3 changed files with 54 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
CVE-2020-8955.patch Normal file
View File

@ -0,0 +1,46 @@
From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sat, 8 Feb 2020 20:24:50 +0100
Subject: [PATCH] irc: fix crash when receiving a malformed message 324
(channel mode)
Thanks to Stuart Nevans Locke for reporting the issue.
---
ChangeLog.adoc | 1 +
src/plugins/irc/irc-mode.c | 21 ++++++++++++---------
2 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
index 2237a344b..e79f0deb7 100644
--- a/src/plugins/irc/irc-mode.c
+++ b/src/plugins/irc/irc-mode.c
@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
current_arg++;
if (pos[0] == chanmode)
{
- chanmode_found = 1;
- if (set_flag == '+')
+ if (!chanmode_found)
{
- str_mode[0] = pos[0];
- str_mode[1] = '\0';
- strcat (new_modes, str_mode);
- if (argument)
+ chanmode_found = 1;
+ if (set_flag == '+')
{
- if (new_args[0])
- strcat (new_args, " ");
- strcat (new_args, argument);
+ str_mode[0] = pos[0];
+ str_mode[1] = '\0';
+ strcat (new_modes, str_mode);
+ if (argument)
+ {
+ if (new_args[0])
+ strcat (new_args, " ");
+ strcat (new_args, argument);
+ }
}
}
}

5
weechat.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 31 22:11:09 UTC 2020 - Maximilian Trummer <opensuse@trummer.xyz> Fri Jan 31 22:11:09 UTC 2020 - Maximilian Trummer <opensuse@trummer.xyz>

6
weechat.spec
View File

@ -28,6 +28,7 @@ Source1: weechat.desktop
Source2: %{name}.keyring Source2: %{name}.keyring
Source3: https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc Source3: https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc
Source4: %{name}.changes Source4: %{name}.changes
Patch0: CVE-2020-8955.patch
BuildRequires: ca-certificates BuildRequires: ca-certificates
BuildRequires: cmake BuildRequires: cmake
BuildRequires: curl-devel BuildRequires: curl-devel
@ -126,6 +127,7 @@ Spell-checking support for %{name}, using the aspell and enchant libraries.
%prep %prep
%setup -q %setup -q
%patch0 -p1
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")" modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\"" TIME="\"$(date -d "${modified}" "+%%R")\""
@ -144,7 +146,7 @@ export CFLAGS="%{optflags}"
-DENABLE_JAVASCRIPT=OFF \ -DENABLE_JAVASCRIPT=OFF \
-DENABLE_PHP=OFF \ -DENABLE_PHP=OFF \
-DCA_FILE=%{_sysconfdir}/ssl/ca-bundle.pem -DCA_FILE=%{_sysconfdir}/ssl/ca-bundle.pem
%make_jobs %cmake_build
%install %install
%cmake_install %cmake_install
@ -154,8 +156,6 @@ install -D -m 0644 "%{SOURCE1}" "%{buildroot}%{_datadir}/applications/%{name}.de
%find_lang "%{name}" --with-man %find_lang "%{name}" --with-man
%files %files
%doc AUTHORS.adoc ChangeLog.adoc Contributing.adoc %doc AUTHORS.adoc ChangeLog.adoc Contributing.adoc
%doc README.adoc ReleaseNotes.adoc %doc README.adoc ReleaseNotes.adoc