forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-irc/irssi: Revision bump, security bug #595172
Package-Manager: portage-2.2.28
- Loading branch information
Showing
2 changed files
with
186 additions
and
0 deletions.
There are no files selected for viewing
112 changes: 112 additions & 0 deletions
112
net-irc/irssi/files/irssi-0.8.20-buf.pl-2.20-CVE-2016-7553.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
From eb20a6c846373bbfba4cd80e6aef017b56409047 Mon Sep 17 00:00:00 2001 | ||
From: ailin-nemui <[email protected]> | ||
Date: Thu, 22 Sep 2016 04:27:35 +0200 | ||
Subject: [PATCH] Merge pull request #548 from ailin-nemui/buf-fix | ||
|
||
sync buf.pl | ||
--- | ||
scripts/buf.pl | 42 ++++++++++++++++++++++++++++-------------- | ||
1 file changed, 28 insertions(+), 14 deletions(-) | ||
|
||
diff --git a/scripts/buf.pl b/scripts/buf.pl | ||
index da50e82..6d907f1 100644 | ||
--- a/scripts/buf.pl | ||
+++ b/scripts/buf.pl | ||
@@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_add_first active_win | ||
settings_get_str settings_get_bool channels windows | ||
settings_add_str settings_add_bool get_irssi_dir | ||
window_find_refnum signal_stop); | ||
-$VERSION = '2.13'; | ||
+$VERSION = '2.20'; | ||
%IRSSI = ( | ||
authors => 'Juerd', | ||
contact => '[email protected]', | ||
@@ -13,10 +13,8 @@ $VERSION = '2.13'; | ||
description => 'Saves the buffer for /upgrade, so that no information is lost', | ||
license => 'Public Domain', | ||
url => 'http://juerd.nl/irssi/', | ||
- changed => 'Mon May 13 19:41 CET 2002', | ||
- changes => 'Severe formatting bug removed * oops, I ' . | ||
- 'exposed Irssi to ircII foolishness * sorry ' . | ||
- '** removed logging stuff (this is a fix)', | ||
+ changed => 'Thu Sep 22 01:37 CEST 2016', | ||
+ changes => 'Fixed file permissions (leaked everything via filesystem)', | ||
note1 => 'This script HAS TO BE in your scripts/autorun!', | ||
note2 => 'Perl support must be static or in startup', | ||
); | ||
@@ -39,9 +37,15 @@ use Data::Dumper; | ||
|
||
my %suppress; | ||
|
||
+sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir } | ||
+ | ||
sub upgrade { | ||
- open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; | ||
- print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; | ||
+ my $fn = _filename; | ||
+ my $old_umask = umask 0077; | ||
+ open my $fh, q{>}, $fn or die "open $fn: $!"; | ||
+ umask $old_umask; | ||
+ | ||
+ print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; | ||
for my $window (windows) { | ||
next unless defined $window; | ||
next if $window->{name} eq 'status'; | ||
@@ -57,36 +61,39 @@ sub upgrade { | ||
redo if defined $line; | ||
} | ||
} | ||
- printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf; | ||
+ printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf; | ||
} | ||
- close BUF; | ||
+ close $fh; | ||
unlink sprintf("%s/sessionconfig", get_irssi_dir); | ||
command 'layout save'; | ||
command 'save'; | ||
} | ||
|
||
sub restore { | ||
- open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; | ||
- my @suppress = split /\0/, <BUF>; | ||
+ my $fn = _filename; | ||
+ open my $fh, q{<}, $fn or die "open $fn: $!"; | ||
+ unlink $fn or warn "unlink $fn: $!"; | ||
+ | ||
+ my @suppress = split /\0/, readline $fh; | ||
if (settings_get_bool 'upgrade_suppress_join') { | ||
chomp $suppress[-1]; | ||
@suppress{@suppress} = (2) x @suppress; | ||
} | ||
active_win->command('^window scroll off'); | ||
- while (my $bla = <BUF>){ | ||
+ while (my $bla = readline $fh){ | ||
chomp $bla; | ||
my ($refnum, $lines) = split /:/, $bla; | ||
next unless $lines; | ||
my $window = window_find_refnum $refnum; | ||
unless (defined $window){ | ||
- <BUF> for 1..$lines; | ||
+ readline $fh for 1..$lines; | ||
next; | ||
} | ||
my $view = $window->view; | ||
$view->remove_all_lines(); | ||
$view->redraw(); | ||
my $buf = ''; | ||
- $buf .= <BUF> for 1..$lines; | ||
+ $buf .= readline $fh for 1..$lines; | ||
my $sep = settings_get_str 'upgrade_separator'; | ||
$sep .= "\n" if $sep ne ''; | ||
$window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep"); | ||
@@ -119,3 +126,10 @@ signal_add 'event join' => 'suppress'; | ||
unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) { | ||
Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!'); | ||
} | ||
+ | ||
+# Remove any left-over file. If 'session' doesn't exist (created by irssi | ||
+# during /UPGRADE), neither should our file. | ||
+unless (-e sprintf('%s/session', get_irssi_dir)) { | ||
+ my $fn = _filename; | ||
+ unlink $fn or warn "unlink $fn: $!" if -e $fn; | ||
+} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# Copyright 1999-2016 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
# $Id$ | ||
|
||
EAPI=6 | ||
|
||
inherit autotools eutils flag-o-matic perl-module toolchain-funcs | ||
|
||
# Keep for _rc compability | ||
MY_P="${P/_/-}" | ||
|
||
DESCRIPTION="A modular textUI IRC client with IPv6 support" | ||
HOMEPAGE="http://irssi.org/" | ||
SRC_URI="https://github.com/irssi/irssi/releases/download/${PV/_/-}/${MY_P}.tar.xz" | ||
|
||
LICENSE="GPL-2" | ||
SLOT="0" | ||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" | ||
IUSE="ipv6 +perl selinux ssl socks5 +proxy libressl" | ||
|
||
CDEPEND="sys-libs/ncurses:0= | ||
>=dev-libs/glib-2.6.0 | ||
ssl? ( | ||
!libressl? ( dev-libs/openssl:= ) | ||
libressl? ( dev-libs/libressl:= ) | ||
) | ||
perl? ( dev-lang/perl:= ) | ||
socks5? ( >=net-proxy/dante-1.1.18 )" | ||
|
||
DEPEND=" | ||
${CDEPEND} | ||
virtual/pkgconfig" | ||
|
||
RDEPEND=" | ||
${CDEPEND} | ||
selinux? ( sec-policy/selinux-irc ) | ||
perl? ( !net-im/silc-client )" | ||
|
||
RESTRICT="test" | ||
|
||
S="${WORKDIR}/${MY_P}" | ||
|
||
PATCHES=( | ||
"${FILESDIR}/${P}-tinfo.patch" | ||
"${FILESDIR}/${P}-buf.pl-2.20-CVE-2016-7553.patch" # bug #595172 | ||
) | ||
|
||
src_prepare() { | ||
default | ||
eautoreconf | ||
} | ||
|
||
src_configure() { | ||
econf \ | ||
--with-ncurses="${EPREFIX}"/usr \ | ||
--with-perl-lib=vendor \ | ||
--enable-static \ | ||
--enable-true-color \ | ||
$(use_with proxy) \ | ||
$(use_with perl) \ | ||
$(use_with socks5 socks) \ | ||
$(use_enable ssl) \ | ||
$(use_enable ipv6) | ||
} | ||
|
||
src_install() { | ||
emake DESTDIR="${D}" install | ||
|
||
use perl && perl_delete_localpod | ||
|
||
prune_libtool_files --modules | ||
|
||
dodoc AUTHORS ChangeLog README.md TODO NEWS | ||
} |