[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/ircd/ ircd.patch ircd.sp...

[Thomas Lotterer]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src openpkg-web          Date:   19-Oct-2003 09:12:52
  Branch: OPENPKG_1_2_SOLID HEAD           Handle: 2003101908125001

  Added files:              (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/ircd        ircd.patch
  Modified files:
    openpkg-web             news.txt
  Modified files:           (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/ircd        ircd.spec

  Log:
    SA-2003.045-ircd; CAN-2003-0864

  Summary:
    Revision    Changes     Path
    1.1.4.1     +62 -0      openpkg-src/ircd/ircd.patch
    1.28.2.1.2.2+4  -2      openpkg-src/ircd/ircd.spec
    1.7056      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/ircd/ircd.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.4.1 ircd.patch
  --- /dev/null 2003-10-19 09:12:52.000000000 +0200
  +++ ircd.patch        2003-10-19 09:12:52.000000000 +0200
  @@ -0,0 +1,62 @@
  +
  +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0864
  +    Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to
  +    2.10.3p3 allows local users to cause a denial of service
  +
  +http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff
  +    Please be advised, that it is strongly recommended to upgrade to
  +    version 2.10.3p5, not only apply that patch. Thank you.
  +
  +--- ircd/channel.c.orig      Fri Oct 10 22:34:05 2003
  ++++ ircd/channel.c   Sat Oct 11 00:03:40 2003
  +@@ -2001,7 +2001,7 @@
  +     Reg     Link    *lp;
  +     Reg     aChannel *chptr;
  +     Reg     char    *name, *key = NULL;
  +-    int     i, flags = 0;
  ++    int     i, tmplen, flags = 0;
  +     char    *p = NULL, *p2 = NULL, *s, chop[5];
  + 
  +     if (parc < 2 || *parv[1] == '\0')
  +@@ -2150,10 +2150,20 @@
  +                                        parv[0]), name);
  +                     continue;
  +                 }
  ++            tmplen = strlen(name);
  ++            if (i + tmplen + 2 /* comma and \0 */
  ++                    >= sizeof(jbuf) )
  ++            {
  ++
  ++                    break;
  ++
  ++            }
  +             if (*jbuf)
  +-                    (void)strcat(jbuf, ",");
  +-            (void)strncat(jbuf, name, sizeof(jbuf) - i - 1);
  +-            i += strlen(name)+1;
  ++            {
  ++                    jbuf[i++] = ',';
  ++            }
  ++            (void)strcpy(jbuf + i, name);
  ++            i += tmplen;
  +         }
  + 
  +     p = NULL;
  +@@ -2305,6 +2315,16 @@
  +                                        parv[0], name, chop);
  +             else if (*chptr->chname != '&')
  +                 {
  ++                    /* ":" (1) "nick" (NICKLEN) " JOIN :" (7), comma (1)
  ++                    ** possible chop (4), ending \r\n\0 (3) = 16
  ++                    ** must fit in the cbuf as well! --B. */
  ++                    if (strlen(cbuf) + strlen(name) + NICKLEN + 16
  ++                             >= sizeof(cbuf))
  ++                    {
  ++                            sendto_serv_butone(cptr, ":%s JOIN :%s",
  ++                                    parv[0], cbuf);
  ++                            cbuf[0] = '\0';
  ++                    }
  +                     if (*cbuf)
  +                             strcat(cbuf, ",");
  +                     strcat(cbuf, name);
  +
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/ircd/ircd.spec
  ============================================================================
  $ cvs diff -u -r1.28.2.1.2.1 -r1.28.2.1.2.2 ircd.spec
  --- openpkg-src/ircd/ircd.spec        18 Jan 2003 17:20:14 -0000      1.28.2.1.2.1
  +++ openpkg-src/ircd/ircd.spec        19 Oct 2003 07:12:51 -0000      1.28.2.1.2.2
  @@ -26,14 +26,14 @@
   #   package information
   Name:         ircd
   Summary:      IRCnet Internet Relay Chat (IRC) Server
  -URL:          http://www.irc.org/~irc/server/
  +URL:          http://www.irc.org/servers.html
   Vendor:       Jarkko Oikarinen
   Packager:     The OpenPKG Project
   Distribution: OpenPKG [BASE]
   Group:        Network
   License:      BSD
   Version:      2.10.3p3
  -Release:      1.2.0
  +Release:      1.2.1
   
   #   list of sources
   Source0:      ftp://ftp.irc.org/irc/server/irc%{version}.tgz
  @@ -41,6 +41,7 @@
   Source2:      ircd.conf
   Patch0:       irc%{version}.patch
   Patch1:       ircd.freebsd.patch
  +Patch2:       ircd.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -65,6 +66,7 @@
           %patch1 -p1
           ;;
       esac
  +    %patch2 -p0
   
   %build
       CC="%{l_cc}" \
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.7055 -r1.7056 news.txt
  --- openpkg-web/news.txt      19 Oct 2003 07:09:41 -0000      1.7055
  +++ openpkg-web/news.txt      19 Oct 2003 07:12:50 -0000      1.7056
  @@ -1,3 +1,4 @@
  +19-Oct-2003: Upgraded package: P<ircd-2.10.3p3-1.2.1>
   19-Oct-2003: Upgraded package: P<ircd-2.10.3p3-1.3.1>
   18-Oct-2003: Upgraded package: P<perl-mail-20031018-20031018>
   18-Oct-2003: Upgraded package: P<perl-parse-20031018-20031018>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]