Hello community, here is the log from the commit of package irssi for openSUSE:Factory checked in at 2017-07-08 12:35:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/irssi (Old) and /work/SRC/openSUSE:Factory/.irssi.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "irssi" Sat Jul 8 12:35:15 2017 rev:46 rq:508807 version:1.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/irssi/irssi.changes 2017-06-07 13:09:44.556370809 +0200 +++ /work/SRC/openSUSE:Factory/.irssi.new/irssi.changes 2017-07-08 12:35:51.982039365 +0200 @@ -1,0 +2,18 @@ +Thu Jul 6 13:41:08 UTC 2017 - [email protected] + +- update to 1.0.4 + - Fix null pointer dereference when parsing invalid timestamp (GL#10, + GL!15). Reported by Brian 'geeknik' Carpenter. CVE-2017-10965 + boo#1047709 + - Fix use-after-free condition when removing nicks from the internal + nicklist (GL#11, GL!16). Reported by Brian 'geeknik' Carpenter. + CVE-2017-10966 + - Fix incorrect string comparison in DCC file names (#714). + - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'" + (#716, #722). + - Fix a bug when using \n to separate lines with expand_escapes (#723). + - Retain screen output on improper exit, to better see any error + messages (#287, #721). + - Minor help update (#729). + +------------------------------------------------------------------- Old: ---- irssi-1.0.3.tar.xz irssi-1.0.3.tar.xz.asc New: ---- irssi-1.0.4.tar.xz irssi-1.0.4.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ irssi.spec ++++++ --- /var/tmp/diff_new_pack.Ph8hGx/_old 2017-07-08 12:35:52.585954183 +0200 +++ /var/tmp/diff_new_pack.Ph8hGx/_new 2017-07-08 12:35:52.585954183 +0200 @@ -18,7 +18,7 @@ %bcond_with socks Name: irssi -Version: 1.0.3 +Version: 1.0.4 Release: 0 # Summary: Modular, Secure, and Well Designed IRC Client ++++++ irssi-1.0.3.tar.xz -> irssi-1.0.4.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/ChangeLog new/irssi-1.0.4/ChangeLog --- old/irssi-1.0.3/ChangeLog 2017-06-06 20:12:07.000000000 +0200 +++ new/irssi-1.0.4/ChangeLog 2017-07-05 21:25:31.000000000 +0200 @@ -1,3 +1,72 @@ +commit 527c19803b56cc0ec84050ca63d992fbecadac1e +Author: Ailin Nemui <[email protected]> +Date: Wed Jul 5 17:12:30 2017 +0200 + + tag as 1.0.4 + +commit bfa3bd896702db5359a6663ed0591dd16519eec8 +Author: Ailin Nemui <[email protected]> +Date: Wed Jul 5 21:18:22 2017 +0200 + + Merge pull request #729 from irssi/clear-help + + More accurately describe clear + + (cherry picked from commit b12f86e5e6fe576e731feab2a73325c74e980924) + +commit 8778d1c95a6e75c3c96e997ec6a022d5af300f2f +Author: ailin-nemui <[email protected]> +Date: Fri Jun 23 17:58:08 2017 +0200 + + Merge pull request #723 from ailin-nemui/odd_expand_escapes + + fix weird n-fold unescaping in expand_escapes + + (cherry picked from commit 1ff2f61f090a61f3bdf0bdee5c52a7907d56acfd) + +commit dbce2d447ab757cd2df148b9d2a31ec2c70a3517 +Author: ailin-nemui <[email protected]> +Date: Fri Jun 23 18:00:52 2017 +0200 + + Merge pull request #722 from dequis/back-to-the-future + + parse_time_interval: Allow negative time in settings + + (cherry picked from commit 2b209348bd2a90afbe1782b0b321d99892b7002b) + +commit efaa2eeb88056a5f88655f571d18d429a413f185 +Author: ailin-nemui <[email protected]> +Date: Fri Jun 23 17:58:40 2017 +0200 + + Merge pull request #721 from dequis/unexpected-exits + + term-terminfo: Avoid switching out of alt screen on unexpected exits + (cherry picked from commit c56919768e1072985aab1377714ea5038417cd4d) + +commit 1bcd7a8dd09e59f01d5c42b43182a0466f604bd5 +Author: ailin-nemui <[email protected]> +Date: Wed Jun 7 00:15:05 2017 +0200 + + Merge pull request #714 from dequis/dcc-fname-gcc-warnings + + fe-dcc-(get|send): Fix some -Wpointer-compare with newer gcc + + (cherry picked from commit 5e9a3ad80cb1bb5b8655d5fff6ee9d1dfc4419a1) + +commit 5e46c6dda0993aff058baba03726d4454139ccfe +Author: Nei <[email protected]> +Date: Wed Jul 5 14:47:30 2017 +0000 + + Merge branch 'security' into 'master' + + Security + + Closes #10 + + See merge request !17 + + (cherry picked from commit 5e26325317c72a04c1610ad952974e206384d291) + commit 68bb0c6e488916d1880e249c61f1e638f23b1d62 Author: Ailin Nemui <[email protected]> Date: Mon Jun 5 16:25:53 2017 +0200 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/NEWS new/irssi-1.0.4/NEWS --- old/irssi-1.0.3/NEWS 2017-06-05 19:28:27.000000000 +0200 +++ new/irssi-1.0.4/NEWS 2017-07-05 21:20:43.000000000 +0200 @@ -1,3 +1,16 @@ +v1.0.4 2017-07-07 The Irssi team <[email protected]> + - Fix null pointer dereference when parsing invalid timestamp (GL#10, + GL!15). Reported by Brian 'geeknik' Carpenter. + - Fix use-after-free condition when removing nicks from the internal + nicklist (GL#11, GL!16). Reported by Brian 'geeknik' Carpenter. + - Fix incorrect string comparison in DCC file names (#714). + - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'" + (#716, #722). + - Fix a bug when using \n to separate lines with expand_escapes (#723). + - Retain screen output on improper exit, to better see any error + messages (#287, #721). + - Minor help update (#729). + v1.0.3 2017-06-06 The Irssi team <[email protected]> - Fix out of bounds read when scanning expandos (GL!11). - Fix invalid memory access with quoted filenames in DCC diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/configure new/irssi-1.0.4/configure --- old/irssi-1.0.3/configure 2017-06-06 20:12:13.000000000 +0200 +++ new/irssi-1.0.4/configure 2017-07-05 21:25:37.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for irssi 1.0.3. +# Generated by GNU Autoconf 2.69 for irssi 1.0.4. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='irssi' PACKAGE_TARNAME='irssi' -PACKAGE_VERSION='1.0.3' -PACKAGE_STRING='irssi 1.0.3' +PACKAGE_VERSION='1.0.4' +PACKAGE_STRING='irssi 1.0.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1371,7 +1371,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures irssi 1.0.3 to adapt to many kinds of systems. +\`configure' configures irssi 1.0.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1441,7 +1441,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of irssi 1.0.3:";; + short | recursive ) echo "Configuration of irssi 1.0.4:";; esac cat <<\_ACEOF @@ -1579,7 +1579,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -irssi configure 1.0.3 +irssi configure 1.0.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2181,7 +2181,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by irssi $as_me 1.0.3, which was +It was created by irssi $as_me 1.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3050,7 +3050,7 @@ # Define the identity of the package. PACKAGE='irssi' - VERSION='1.0.3' + VERSION='1.0.4' # Some tools Automake needs. @@ -14614,7 +14614,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by irssi $as_me 1.0.3, which was +This file was extended by irssi $as_me 1.0.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14680,7 +14680,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -irssi config.status 1.0.3 +irssi config.status 1.0.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/configure.ac new/irssi-1.0.4/configure.ac --- old/irssi-1.0.3/configure.ac 2017-06-05 16:02:11.000000000 +0200 +++ new/irssi-1.0.4/configure.ac 2017-07-05 21:20:43.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT(irssi, 1.0.3) +AC_INIT(irssi, 1.0.4) AC_CONFIG_SRCDIR([src]) AC_CONFIG_AUX_DIR(build-aux) AC_PREREQ(2.50) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/docs/help/clear new/irssi-1.0.4/docs/help/clear --- old/irssi-1.0.3/docs/help/clear 2017-06-06 20:12:07.000000000 +0200 +++ new/irssi-1.0.4/docs/help/clear 2017-07-05 21:25:31.000000000 +0200 @@ -12,8 +12,8 @@ %9Description:%9 - Clears the window of all text; you may use this to clear a windows that - contains sensitive information or has rendered improperly. + Scrolls up the text in the window and fills the window with blank lines; you + may want to use this to make new text start at the top of the window again. -%9See also:%9 REDRAW +%9See also:%9 REDRAW, SCROLLBACK CLEAR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/docs/help/in/clear.in new/irssi-1.0.4/docs/help/in/clear.in --- old/irssi-1.0.3/docs/help/in/clear.in 2017-06-05 15:05:43.000000000 +0200 +++ new/irssi-1.0.4/docs/help/in/clear.in 2017-07-05 21:20:24.000000000 +0200 @@ -12,8 +12,8 @@ %9Description:%9 - Clears the window of all text; you may use this to clear a windows that - contains sensitive information or has rendered improperly. + Scrolls up the text in the window and fills the window with blank lines; you + may want to use this to make new text start at the top of the window again. -%9See also:%9 REDRAW +%9See also:%9 REDRAW, SCROLLBACK CLEAR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/irssi-config.h new/irssi-1.0.4/irssi-config.h --- old/irssi-1.0.3/irssi-config.h 2017-06-06 20:12:18.000000000 +0200 +++ new/irssi-1.0.4/irssi-config.h 2017-07-05 21:25:42.000000000 +0200 @@ -71,7 +71,7 @@ #define PACKAGE_NAME "irssi" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "irssi 1.0.3" +#define PACKAGE_STRING "irssi 1.0.4" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "irssi" @@ -80,7 +80,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.0.3" +#define PACKAGE_VERSION "1.0.4" /* printf()-format for uoff_t, eg. "u" or "lu" or "llu" */ #define PRIuUOFF_T "lu" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/irssi-version.h new/irssi-1.0.4/irssi-version.h --- old/irssi-1.0.3/irssi-version.h 2017-06-06 20:12:19.000000000 +0200 +++ new/irssi-1.0.4/irssi-version.h 2017-07-05 21:25:43.000000000 +0200 @@ -1,2 +1,2 @@ -#define IRSSI_VERSION_DATE 20170605 -#define IRSSI_VERSION_TIME 1625 +#define IRSSI_VERSION_DATE 20170705 +#define IRSSI_VERSION_TIME 1712 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/src/core/misc.c new/irssi-1.0.4/src/core/misc.c --- old/irssi-1.0.3/src/core/misc.c 2017-06-05 16:00:05.000000000 +0200 +++ new/irssi-1.0.4/src/core/misc.c 2017-07-05 21:19:03.000000000 +0200 @@ -560,6 +560,9 @@ int len; tm = localtime(&t); + if (tm == NULL) + return g_strdup("???"); + str = g_strdup(asctime(tm)); len = strlen(str); @@ -781,24 +784,35 @@ return TRUE; } +static int parse_number_sign(const char *input, char **endptr, int *sign) +{ + int sign_ = 1; + + while (i_isspace(*input)) + input++; + + if (*input == '-') { + sign_ = -sign_; + input++; + } + + *sign = sign_; + *endptr = (char *) input; + return TRUE; +} + static int parse_time_interval_uint(const char *time, guint *msecs) { const char *desc; guint number; - int sign, len, ret, digits; + int len, ret, digits; *msecs = 0; /* max. return value is around 24 days */ - number = 0; sign = 1; ret = TRUE; digits = FALSE; + number = 0; ret = TRUE; digits = FALSE; while (i_isspace(*time)) time++; - if (*time == '-') { - sign = -sign; - time++; - while (i_isspace(*time)) - time++; - } for (;;) { if (i_isdigit(*time)) { char *endptr; @@ -828,7 +842,6 @@ if (*time != '\0') return FALSE; *msecs += number * 1000; /* assume seconds */ - *msecs *= sign; return TRUE; } @@ -866,7 +879,6 @@ digits = FALSE; } - *msecs *= sign; return ret; } @@ -960,15 +972,18 @@ int parse_time_interval(const char *time, int *msecs) { guint msecs_; - int ret; + char *number; + int ret, sign; + + parse_number_sign(time, &number, &sign); - ret = parse_time_interval_uint(time, &msecs_); + ret = parse_time_interval_uint(number, &msecs_); if (msecs_ > (1U << 31)) { return FALSE; } - *msecs = msecs_; + *msecs = msecs_ * sign; return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/src/core/nicklist.c new/irssi-1.0.4/src/core/nicklist.c --- old/irssi-1.0.3/src/core/nicklist.c 2017-06-05 15:59:46.000000000 +0200 +++ new/irssi-1.0.4/src/core/nicklist.c 2017-07-05 16:57:03.000000000 +0200 @@ -54,23 +54,26 @@ static void nick_hash_remove(CHANNEL_REC *channel, NICK_REC *nick) { - NICK_REC *list; + NICK_REC *list, *newlist; list = g_hash_table_lookup(channel->nicks, nick->nick); if (list == NULL) return; - if (list == nick || list->next == NULL) { - g_hash_table_remove(channel->nicks, nick->nick); - if (list->next != NULL) { - g_hash_table_insert(channel->nicks, nick->next->nick, - nick->next); - } + if (list == nick) { + newlist = nick->next; } else { + newlist = list; while (list->next != nick) list = list->next; list->next = nick->next; } + + g_hash_table_remove(channel->nicks, nick->nick); + if (newlist != NULL) { + g_hash_table_insert(channel->nicks, newlist->nick, + newlist); + } } /* Add new nick to list */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/src/fe-common/core/chat-completion.c new/irssi-1.0.4/src/fe-common/core/chat-completion.c --- old/irssi-1.0.3/src/fe-common/core/chat-completion.c 2017-06-05 15:05:43.000000000 +0200 +++ new/irssi-1.0.4/src/fe-common/core/chat-completion.c 2017-07-05 16:58:19.000000000 +0200 @@ -1011,13 +1011,17 @@ } } +static void event_text(const char *data, SERVER_REC *server, WI_ITEM_REC *item); + /* expand \n, \t and \\ */ static char *expand_escapes(const char *line, SERVER_REC *server, WI_ITEM_REC *item) { char *ptr, *ret; - int chr; + const char *prev; + int chr; + prev = line; ret = ptr = g_malloc(strlen(line)+1); for (; *line != '\0'; line++) { if (*line != '\\') { @@ -1036,9 +1040,11 @@ /* newline .. we need to send another "send text" event to handle it (or actually the text before the newline..) */ - if (ret != ptr) { - *ptr = '\0'; - signal_emit("send text", 3, ret, server, item); + if (prev != line) { + char *prev_line = g_strndup(prev, (line - prev) - 1); + event_text(prev_line, server, item); + g_free(prev_line); + prev = line + 1; ptr = ret; } } else if (chr != -1) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/src/fe-common/irc/dcc/fe-dcc-get.c new/irssi-1.0.4/src/fe-common/irc/dcc/fe-dcc-get.c --- old/irssi-1.0.3/src/fe-common/irc/dcc/fe-dcc-get.c 2017-06-05 15:05:43.000000000 +0200 +++ new/irssi-1.0.4/src/fe-common/irc/dcc/fe-dcc-get.c 2017-07-05 16:57:31.000000000 +0200 @@ -108,7 +108,7 @@ g_return_if_fail(fname != NULL); if (g_ascii_strcasecmp(type, "GET") != 0) return; - if (fname == '\0') fname = "(ANY)"; + if (fname == NULL || *fname == '\0') fname = "(ANY)"; printformat(NULL, NULL, MSGLEVEL_DCC, IRCTXT_DCC_GET_NOT_FOUND, nick, fname); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/src/fe-common/irc/dcc/fe-dcc-send.c new/irssi-1.0.4/src/fe-common/irc/dcc/fe-dcc-send.c --- old/irssi-1.0.3/src/fe-common/irc/dcc/fe-dcc-send.c 2017-06-05 15:05:43.000000000 +0200 +++ new/irssi-1.0.4/src/fe-common/irc/dcc/fe-dcc-send.c 2017-07-05 16:57:31.000000000 +0200 @@ -108,7 +108,7 @@ g_return_if_fail(fname != NULL); if (g_ascii_strcasecmp(type, "SEND") != 0) return; - if (fname == '\0') fname = "(ANY)"; + if (fname == NULL || *fname == '\0') fname = "(ANY)"; printformat(NULL, NULL, MSGLEVEL_DCC, IRCTXT_DCC_SEND_NOT_FOUND, nick, fname); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.3/src/fe-text/term-terminfo.c new/irssi-1.0.4/src/fe-text/term-terminfo.c --- old/irssi-1.0.3/src/fe-text/term-terminfo.c 2017-06-05 15:05:43.000000000 +0200 +++ new/irssi-1.0.4/src/fe-text/term-terminfo.c 2017-07-05 16:57:53.000000000 +0200 @@ -102,6 +102,17 @@ .dispatch = sigcont_dispatch }; +static void term_atexit(void) +{ + if (!quitting && current_term && current_term->TI_rmcup) { + /* Unexpected exit, avoid switching out of alternate screen + to keep any on-screen errors (like noperl_die()'s) */ + current_term->TI_rmcup = NULL; + } + + term_deinit(); +} + int term_init(void) { struct sigaction act; @@ -140,7 +151,7 @@ term_set_input_type(TERM_TYPE_8BIT); term_common_init(); - atexit(term_deinit); + atexit(term_atexit); return TRUE; }
