Skip to content

Commit

Permalink
net-irc/irssi: Revision bump, security bug #595172
Browse files Browse the repository at this point in the history
Package-Manager: portage-2.2.28
  • Loading branch information
swegener committed Sep 26, 2016
1 parent a8f3b2c commit c90ead2
Show file tree
Hide file tree
Showing 2 changed files with 186 additions and 0 deletions.
112 changes: 112 additions & 0 deletions net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
From eb20a6c846373bbfba4cd80e6aef017b56409047 Mon Sep 17 00:00:00 2001
From: ailin-nemui <[email protected]>
Date: Thu, 22 Sep 2016 04:27:35 +0200
Subject: [PATCH] Merge pull request #548 from ailin-nemui/buf-fix

sync buf.pl
---
scripts/buf.pl | 42 ++++++++++++++++++++++++++++--------------
1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/scripts/buf.pl b/scripts/buf.pl
index da50e82..6d907f1 100644
--- a/scripts/buf.pl
+++ b/scripts/buf.pl
@@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_add_first active_win
settings_get_str settings_get_bool channels windows
settings_add_str settings_add_bool get_irssi_dir
window_find_refnum signal_stop);
-$VERSION = '2.13';
+$VERSION = '2.20';
%IRSSI = (
authors => 'Juerd',
contact => '[email protected]',
@@ -13,10 +13,8 @@ $VERSION = '2.13';
description => 'Saves the buffer for /upgrade, so that no information is lost',
license => 'Public Domain',
url => 'http://juerd.nl/irssi/',
- changed => 'Mon May 13 19:41 CET 2002',
- changes => 'Severe formatting bug removed * oops, I ' .
- 'exposed Irssi to ircII foolishness * sorry ' .
- '** removed logging stuff (this is a fix)',
+ changed => 'Thu Sep 22 01:37 CEST 2016',
+ changes => 'Fixed file permissions (leaked everything via filesystem)',
note1 => 'This script HAS TO BE in your scripts/autorun!',
note2 => 'Perl support must be static or in startup',
);
@@ -39,9 +37,15 @@ use Data::Dumper;

my %suppress;

+sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir }
+
sub upgrade {
- open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
- print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
+ my $fn = _filename;
+ my $old_umask = umask 0077;
+ open my $fh, q{>}, $fn or die "open $fn: $!";
+ umask $old_umask;
+
+ print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
for my $window (windows) {
next unless defined $window;
next if $window->{name} eq 'status';
@@ -57,36 +61,39 @@ sub upgrade {
redo if defined $line;
}
}
- printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf;
+ printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf;
}
- close BUF;
+ close $fh;
unlink sprintf("%s/sessionconfig", get_irssi_dir);
command 'layout save';
command 'save';
}

sub restore {
- open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
- my @suppress = split /\0/, <BUF>;
+ my $fn = _filename;
+ open my $fh, q{<}, $fn or die "open $fn: $!";
+ unlink $fn or warn "unlink $fn: $!";
+
+ my @suppress = split /\0/, readline $fh;
if (settings_get_bool 'upgrade_suppress_join') {
chomp $suppress[-1];
@suppress{@suppress} = (2) x @suppress;
}
active_win->command('^window scroll off');
- while (my $bla = <BUF>){
+ while (my $bla = readline $fh){
chomp $bla;
my ($refnum, $lines) = split /:/, $bla;
next unless $lines;
my $window = window_find_refnum $refnum;
unless (defined $window){
- <BUF> for 1..$lines;
+ readline $fh for 1..$lines;
next;
}
my $view = $window->view;
$view->remove_all_lines();
$view->redraw();
my $buf = '';
- $buf .= <BUF> for 1..$lines;
+ $buf .= readline $fh for 1..$lines;
my $sep = settings_get_str 'upgrade_separator';
$sep .= "\n" if $sep ne '';
$window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep");
@@ -119,3 +126,10 @@ signal_add 'event join' => 'suppress';
unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) {
Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!');
}
+
+# Remove any left-over file. If 'session' doesn't exist (created by irssi
+# during /UPGRADE), neither should our file.
+unless (-e sprintf('%s/session', get_irssi_dir)) {
+ my $fn = _filename;
+ unlink $fn or warn "unlink $fn: $!" if -e $fn;
+}
74 changes: 74 additions & 0 deletions net-irc/irssi/irssi-0.8.20-r1.ebuild
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

EAPI=6

inherit autotools eutils flag-o-matic perl-module toolchain-funcs

# Keep for _rc compability
MY_P="${P/_/-}"

DESCRIPTION="A modular textUI IRC client with IPv6 support"
HOMEPAGE="http://irssi.org/"
SRC_URI="https://github.com/irssi/irssi/releases/download/${PV/_/-}/${MY_P}.tar.xz"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="ipv6 +perl selinux ssl socks5 +proxy libressl"

CDEPEND="sys-libs/ncurses:0=
>=dev-libs/glib-2.6.0
ssl? (
!libressl? ( dev-libs/openssl:= )
libressl? ( dev-libs/libressl:= )
)
perl? ( dev-lang/perl:= )
socks5? ( >=net-proxy/dante-1.1.18 )"

DEPEND="
${CDEPEND}
virtual/pkgconfig"

RDEPEND="
${CDEPEND}
selinux? ( sec-policy/selinux-irc )
perl? ( !net-im/silc-client )"

RESTRICT="test"

S="${WORKDIR}/${MY_P}"

PATCHES=(
"${FILESDIR}/${P}-tinfo.patch"
"${FILESDIR}/${P}-buf.pl-2.20-CVE-2016-7553.patch" # bug #595172
)

src_prepare() {
default
eautoreconf
}

src_configure() {
econf \
--with-ncurses="${EPREFIX}"/usr \
--with-perl-lib=vendor \
--enable-static \
--enable-true-color \
$(use_with proxy) \
$(use_with perl) \
$(use_with socks5 socks) \
$(use_enable ssl) \
$(use_enable ipv6)
}

src_install() {
emake DESTDIR="${D}" install

use perl && perl_delete_localpod

prune_libtool_files --modules

dodoc AUTHORS ChangeLog README.md TODO NEWS
}

0 comments on commit c90ead2

Please sign in to comment.