Hi! * Gerfried Fuchs <rho...@debian.at> [2009-06-19 11:48:30 CEST]: > Please find attached a proposed update for irssi in lenny to fix > CVE-2009-1959. It's a too minor issue to warrant a DSA so I have to go > this path.
I noticed that I fumbled with the distribution part in the changelog, so here is the updated interdiff. This time also added the interdiff for etch that I want to push, too. I'm not sure how the changes for config.{guess,sub} did get into it, but I guess a clean up of the build process for that isn't really something to do for oldstable. Thanks in advance! Rhonda
diff -u irssi-0.8.12/debian/changelog irssi-0.8.12/debian/changelog --- irssi-0.8.12/debian/changelog +++ irssi-0.8.12/debian/changelog @@ -1,3 +1,10 @@ +irssi (0.8.12-7) stable; urgency=medium + + * Fetch patch wallops-fix to fix CVE-2009-1959 off-by-one in event_wallops + (closes: #531357) + + -- Gerfried Fuchs <rho...@debian.at> Fri, 19 Jun 2009 10:35:10 +0200 + irssi (0.8.12-6) unstable; urgency=low * New patch: diff -u irssi-0.8.12/debian/patches/series irssi-0.8.12/debian/patches/series --- irssi-0.8.12/debian/patches/series +++ irssi-0.8.12/debian/patches/series @@ -16,0 +17 @@ +16wallops-fix only in patch2: unchanged: --- irssi-0.8.12.orig/debian/patches/16wallops-fix +++ irssi-0.8.12/debian/patches/16wallops-fix @@ -0,0 +1,17 @@ +Author: Jilles Tjoelker <jilles> vim:ft=diff: +Description: Fix out of bounds access in event_wallops(). + (Upstream r5068, Upstream Bug #662, BTS #531357) + +Index: irssi-0.8.12/src/fe-common/irc/fe-events.c +=================================================================== +--- irssi-0.8.12.orig/src/fe-common/irc/fe-events.c ++++ irssi-0.8.12/src/fe-common/irc/fe-events.c +@@ -278,7 +278,7 @@ static void event_wallops(IRC_SERVER_REC + + tmp = g_strdup(data+8); + len = strlen(tmp); +- if (tmp[len-1] == 1) tmp[len-1] = '\0'; ++ if (len >= 1 && tmp[len-1] == 1) tmp[len-1] = '\0'; + printformat(server, NULL, MSGLEVEL_WALLOPS, IRCTXT_ACTION_WALLOPS, nick, tmp); + g_free(tmp); + }
diff -u irssi-0.8.10/config.sub irssi-0.8.10/config.sub --- irssi-0.8.10/config.sub +++ irssi-0.8.10/config.sub @@ -1,9 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2006-02-23' +timestamp='2006-07-02' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -240,7 +241,7 @@ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ @@ -248,7 +249,8 @@ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ - | m32r | m32rle | m68000 | m68k | m88k | maxq | mb | microblaze | mcore \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -274,11 +276,11 @@ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ @@ -286,9 +288,6 @@ | z8k) basic_machine=$basic_machine-unknown ;; - m32c) - basic_machine=$basic_machine-unknown - ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown @@ -318,7 +317,7 @@ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ + | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ @@ -329,7 +328,7 @@ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ - | m32r-* | m32rle-* \ + | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ @@ -358,11 +357,11 @@ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ @@ -373,8 +372,6 @@ | ymp-* \ | z8k-*) ;; - m32c-*) - ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) @@ -1128,7 +1125,7 @@ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) @@ -1217,7 +1214,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos*) + | -skyos* | -haiku* | -rdos* | -toppers*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1369,6 +1366,9 @@ # system, and we'll never get to this point. case $basic_machine in + spu-*) + os=-elf + ;; *-acorn) os=-riscix1.2 ;; @@ -1378,9 +1378,9 @@ arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff - ;; + c4x-* | tic4x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 diff -u irssi-0.8.10/config.guess irssi-0.8.10/config.guess --- irssi-0.8.10/config.guess +++ irssi-0.8.10/config.guess @@ -1,9 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2006-02-23' +timestamp='2006-07-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -210,7 +211,7 @@ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) - echo powerppc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} @@ -770,6 +771,8 @@ case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac @@ -780,9 +783,6 @@ i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS_NT-*:*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 @@ -790,10 +790,10 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[345]*) + x86:Interix*:[3456]*) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T:Interix*:[345]*) + EM64T:Interix*:[3456]*) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) @@ -831,6 +831,9 @@ arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; @@ -989,7 +992,7 @@ LIBC=gnulibc1 # endif #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__sun) + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout diff -u irssi-0.8.10/debian/patches/00list irssi-0.8.10/debian/patches/00list --- irssi-0.8.10/debian/patches/00list +++ irssi-0.8.10/debian/patches/00list @@ -4,0 +5 @@ +09wallops-fix diff -u irssi-0.8.10/debian/changelog irssi-0.8.10/debian/changelog --- irssi-0.8.10/debian/changelog +++ irssi-0.8.10/debian/changelog @@ -1,3 +1,10 @@ +irssi (0.8.10-3) oldstable; urgency=low + + * Fetch patch wallops-fix to fix CVE-2009-1959 off-by-one in event_wallops + (closes: #531357) + + -- Gerfried Fuchs <rho...@debian.at> Fri, 19 Jun 2009 12:08:54 +0200 + irssi (0.8.10-2) unstable; urgency=low * Fix Conflicts and Replaces lines to make backporting to sarge easier only in patch2: unchanged: --- irssi-0.8.10.orig/debian/patches/09wallops-fix.dpatch +++ irssi-0.8.10/debian/patches/09wallops-fix.dpatch @@ -0,0 +1,20 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 09wallops-fix.dpatch by Jilles Tjoelker <jilles> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix out of bounds access in event_wallops(). +## DP: (Upstream r5068, Upstream Bug #662, BTS #531357) + +...@dpatch@ +diff -urNad irssi-0.8.10~/src/fe-common/irc/fe-events.c irssi-0.8.10/src/fe-common/irc/fe-events.c +--- irssi-0.8.10~/src/fe-common/irc/fe-events.c 2005-12-08 18:32:44.000000000 +0100 ++++ irssi-0.8.10/src/fe-common/irc/fe-events.c 2009-06-19 11:55:49.000000000 +0200 +@@ -294,7 +294,7 @@ + + tmp = g_strdup(data+8); + len = strlen(tmp); +- if (tmp[len-1] == 1) tmp[len-1] = '\0'; ++ if (len >= 1 && tmp[len-1] == 1) tmp[len-1] = '\0'; + printformat(server, NULL, MSGLEVEL_WALLOPS, IRCTXT_ACTION_WALLOPS, nick, tmp); + g_free(tmp); + }