Your message dated Wed, 27 Mar 2019 20:26:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#925587: unblock: znc/1.7.2-2
has caused the Debian Bug report #925587,
regarding unblock: znc/1.7.2-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
925587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925587
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package znc
It fixes a security bug:
diff -Naur '--exclude=.svn' 1.7.2-1/debian/changelog 1.7.2-2/debian/changelog
--- 1.7.2-1/debian/changelog 2019-01-28 10:58:47.648083837 +0100
+++ 1.7.2-2/debian/changelog 2019-03-26 12:58:06.264919659 +0100
@@ -1,3 +1,11 @@
+znc (1.7.2-2) unstable; urgency=high
+
+ * Add upstream patch 01-CVE-2019-9917 to fix a crash on invalid encoding,
+ which fixes CVE-2019-9917.
+ Closes: #925285
+
+ -- Patrick Matthäi <[email protected]> Tue, 26 Mar 2019 12:46:42 +0100
+
znc (1.7.2-1) unstable; urgency=medium
* New upstream release.
diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/01-CVE-2019-9917.diff
1.7.2-2/debian/patches/01-CVE-2019-9917.diff
--- 1.7.2-1/debian/patches/01-CVE-2019-9917.diff 1970-01-01
01:00:00.000000000 +0100
+++ 1.7.2-2/debian/patches/01-CVE-2019-9917.diff 2019-03-26
12:58:06.272919610 +0100
@@ -0,0 +1,108 @@
+# Don't crash if user specified invalid encoding.
+# References: CVE-2019-9917
+# Closes: #925285
+# URL:
https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
+
+diff -Naur znc-1.7.2.orig/modules/controlpanel.cpp
znc-1.7.2/modules/controlpanel.cpp
+--- znc-1.7.2.orig/modules/controlpanel.cpp 2019-01-27 10:20:05.000000000
+0100
++++ znc-1.7.2/modules/controlpanel.cpp 2019-03-26 12:42:34.298707717 +0100
+@@ -495,7 +495,7 @@
+ #ifdef HAVE_ICU
+ else if (sVar == "clientencoding") {
+ pUser->SetClientEncoding(sValue);
+- PutModule("ClientEncoding = " + sValue);
++ PutModule("ClientEncoding = " + pUser->GetClientEncoding());
+ }
+ #endif
+ else
+diff -Naur znc-1.7.2.orig/src/IRCNetwork.cpp znc-1.7.2/src/IRCNetwork.cpp
+--- znc-1.7.2.orig/src/IRCNetwork.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/IRCNetwork.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -1482,9 +1482,9 @@
+ }
+
+ void CIRCNetwork::SetEncoding(const CString& s) {
+- m_sEncoding = s;
++ m_sEncoding = CZNC::Get().FixupEncoding(s);
+ if (GetIRCSock()) {
+- GetIRCSock()->SetEncoding(s);
++ GetIRCSock()->SetEncoding(m_sEncoding);
+ }
+ }
+
+diff -Naur znc-1.7.2.orig/src/User.cpp znc-1.7.2/src/User.cpp
+--- znc-1.7.2.orig/src/User.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/User.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -1253,9 +1253,9 @@
+ void CUser::SetDenySetBindHost(bool b) { m_bDenySetBindHost = b; }
+ void CUser::SetDefaultChanModes(const CString& s) { m_sDefaultChanModes = s; }
+ void CUser::SetClientEncoding(const CString& s) {
+- m_sClientEncoding = s;
++ m_sClientEncoding = CZNC::Get().FixupEncoding(s);
+ for (CClient* pClient : GetAllClients()) {
+- pClient->SetEncoding(s);
++ pClient->SetEncoding(m_sClientEncoding);
+ }
+ }
+ void CUser::SetQuitMsg(const CString& s) { m_sQuitMsg = s; }
+diff -Naur znc-1.7.2.orig/src/znc.cpp znc-1.7.2/src/znc.cpp
+--- znc-1.7.2.orig/src/znc.cpp 2019-01-27 10:20:05.000000000 +0100
++++ znc-1.7.2/src/znc.cpp 2019-03-26 12:42:34.302707692 +0100
+@@ -2092,18 +2092,36 @@
+ m_uiForceEncoding++;
+ #ifdef HAVE_ICU
+ for (Csock* pSock : GetManager()) {
+- if (pSock->GetEncoding().empty()) {
+- pSock->SetEncoding("UTF-8");
+- }
++ pSock->SetEncoding(FixupEncoding(pSock->GetEncoding()));
+ }
+ #endif
+ }
+ void CZNC::UnforceEncoding() { m_uiForceEncoding--; }
+ bool CZNC::IsForcingEncoding() const { return m_uiForceEncoding; }
+ CString CZNC::FixupEncoding(const CString& sEncoding) const {
+- if (sEncoding.empty() && m_uiForceEncoding) {
++ if (!m_uiForceEncoding) {
++ return sEncoding;
++ }
++ if (sEncoding.empty()) {
+ return "UTF-8";
+ }
++ const char* sRealEncoding = sEncoding.c_str();
++ if (sEncoding[0] == '*' || sEncoding[0] == '^') {
++ sRealEncoding++;
++ }
++ if (!*sRealEncoding) {
++ return "UTF-8";
++ }
++#ifdef HAVE_ICU
++ UErrorCode e = U_ZERO_ERROR;
++ UConverter* cnv = ucnv_open(sRealEncoding, &e);
++ if (cnv) {
++ ucnv_close(cnv);
++ }
++ if (U_FAILURE(e)) {
++ return "UTF-8";
++ }
++#endif
+ return sEncoding;
+ }
+
+diff -Naur znc-1.7.2.orig/test/integration/tests/scripting.cpp
znc-1.7.2/test/integration/tests/scripting.cpp
+--- znc-1.7.2.orig/test/integration/tests/scripting.cpp 2019-01-27
10:20:05.000000000 +0100
++++ znc-1.7.2/test/integration/tests/scripting.cpp 2019-03-26
12:42:34.302707692 +0100
+@@ -55,6 +55,13 @@
+ ircd.Write(":n!u@h PRIVMSG nick :Hi\xF0, github issue #1229");
+ // "replacement character"
+ client.ReadUntil("Hi\xEF\xBF\xBD, github issue");
++
++ // Non-existing encoding
++ client.Write("PRIVMSG *controlpanel :Set ClientEncoding $me Western");
++ client.Write("JOIN #a\342");
++ client.ReadUntil(
++ ":*[email protected] PRIVMSG nick :ClientEncoding = UTF-8");
++ ircd.ReadUntil("JOIN #a\xEF\xBF\xBD");
+ }
+
+ TEST_F(ZNCTest, ModpythonSocket) {
diff -Naur '--exclude=.svn' 1.7.2-1/debian/patches/series
1.7.2-2/debian/patches/series
--- 1.7.2-1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ 1.7.2-2/debian/patches/series 2019-03-26 12:58:06.280919560 +0100
@@ -0,0 +1 @@
+01-CVE-2019-9917.diff
unblock znc/1.7.2-2
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Patrick Matthäi:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Please unblock package znc
>
> It fixes a security bug:
>
>
> [...]
>
>
>
> unblock znc/1.7.2-2
>
> [...]
Unblocked, thanks.
~Niels
--- End Message ---
