OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 19-Oct-2003 09:09:43
Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003101908094101
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/ircd ircd.patch ircd.spec
Log:
SA-2003.045-ircd; CAN-2003-0864
Summary:
Revision Changes Path
1.1.2.1.2.1 +62 -0 openpkg-src/ircd/ircd.patch
1.28.2.3.2.2+2 -2 openpkg-src/ircd/ircd.spec
1.7055 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/ircd/ircd.patch
============================================================================
$ cvs diff -u -r1.1.2.1 -r1.1.2.1.2.1 ircd.patch
--- openpkg-src/ircd/ircd.patch 24 Jul 2003 20:44:15 -0000 1.1.2.1
+++ openpkg-src/ircd/ircd.patch 19 Oct 2003 07:09:42 -0000 1.1.2.1.2.1
@@ -26,3 +26,65 @@
EOF
elif echo "$irc_cv_solaris_2" | grep "^2\.3" >/dev/null; then
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0864
+ Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to
+ 2.10.3p3 allows local users to cause a denial of service
+
+http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff
+ Please be advised, that it is strongly recommended to upgrade to
+ version 2.10.3p5, not only apply that patch. Thank you.
+
+--- ircd/channel.c.orig Fri Oct 10 22:34:05 2003
++++ ircd/channel.c Sat Oct 11 00:03:40 2003
+@@ -2001,7 +2001,7 @@
+ Reg Link *lp;
+ Reg aChannel *chptr;
+ Reg char *name, *key = NULL;
+- int i, flags = 0;
++ int i, tmplen, flags = 0;
+ char *p = NULL, *p2 = NULL, *s, chop[5];
+
+ if (parc < 2 || *parv[1] == '\0')
+@@ -2150,10 +2150,20 @@
+ parv[0]), name);
+ continue;
+ }
++ tmplen = strlen(name);
++ if (i + tmplen + 2 /* comma and \0 */
++ >= sizeof(jbuf) )
++ {
++
++ break;
++
++ }
+ if (*jbuf)
+- (void)strcat(jbuf, ",");
+- (void)strncat(jbuf, name, sizeof(jbuf) - i - 1);
+- i += strlen(name)+1;
++ {
++ jbuf[i++] = ',';
++ }
++ (void)strcpy(jbuf + i, name);
++ i += tmplen;
+ }
+
+ p = NULL;
+@@ -2305,6 +2315,16 @@
+ parv[0], name, chop);
+ else if (*chptr->chname != '&')
+ {
++ /* ":" (1) "nick" (NICKLEN) " JOIN :" (7), comma (1)
++ ** possible chop (4), ending \r\n\0 (3) = 16
++ ** must fit in the cbuf as well! --B. */
++ if (strlen(cbuf) + strlen(name) + NICKLEN + 16
++ >= sizeof(cbuf))
++ {
++ sendto_serv_butone(cptr, ":%s JOIN :%s",
++ parv[0], cbuf);
++ cbuf[0] = '\0';
++ }
+ if (*cbuf)
+ strcat(cbuf, ",");
+ strcat(cbuf, name);
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/ircd/ircd.spec
============================================================================
$ cvs diff -u -r1.28.2.3.2.1 -r1.28.2.3.2.2 ircd.spec
--- openpkg-src/ircd/ircd.spec 29 Jul 2003 14:59:24 -0000 1.28.2.3.2.1
+++ openpkg-src/ircd/ircd.spec 19 Oct 2003 07:09:42 -0000 1.28.2.3.2.2
@@ -26,14 +26,14 @@
# package information
Name: ircd
Summary: IRCnet Internet Relay Chat (IRC) Server
-URL: http://www.irc.org/~irc/server/
+URL: http://www.irc.org/servers.html
Vendor: Jarkko Oikarinen
Packager: The OpenPKG Project
Distribution: OpenPKG [BASE]
Group: Network
License: BSD
Version: 2.10.3p3
-Release: 1.3.0
+Release: 1.3.1
# package options
%option with_fsl yes
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.7054 -r1.7055 news.txt
--- openpkg-web/news.txt 18 Oct 2003 19:55:27 -0000 1.7054
+++ openpkg-web/news.txt 19 Oct 2003 07:09:41 -0000 1.7055
@@ -1,3 +1,4 @@
+19-Oct-2003: Upgraded package: P<ircd-2.10.3p3-1.3.1>
18-Oct-2003: Upgraded package: P<perl-mail-20031018-20031018>
18-Oct-2003: Upgraded package: P<perl-parse-20031018-20031018>
18-Oct-2003: Upgraded package: P<txt2pdf-7.0-20031018>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
