Hello community, here is the log from the commit of package weechat for openSUSE:Factory checked in at 2020-02-24 15:54:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/weechat (Old) and /work/SRC/openSUSE:Factory/.weechat.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "weechat" Mon Feb 24 15:54:10 2020 rev:55 rq:778623 version:2.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/weechat/weechat.changes 2020-02-18 10:40:49.412995694 +0100 +++ /work/SRC/openSUSE:Factory/.weechat.new.26092/weechat.changes 2020-02-24 15:56:06.119959703 +0100 @@ -1,0 +2,10 @@ +Thu Feb 20 21:46:23 UTC 2020 - Maximilian Trummer <[email protected]> + +- update to 2.7.1 +- Bug fixes + * irc: fix crash when receiving a malformed message 352 (who) + * irc: fix crash when a new message 005 is received with longer nick prefixes + * irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955) +- removed CVE-2020-8955.patch: fixed upstream + +------------------------------------------------------------------- Old: ---- CVE-2020-8955.patch weechat-2.7.tar.xz weechat-2.7.tar.xz.asc New: ---- weechat-2.7.1.tar.xz weechat-2.7.1.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ weechat.spec ++++++ --- /var/tmp/diff_new_pack.XMQoNm/_old 2020-02-24 15:56:07.131961795 +0100 +++ /var/tmp/diff_new_pack.XMQoNm/_new 2020-02-24 15:56:07.135961804 +0100 @@ -17,7 +17,7 @@ Name: weechat -Version: 2.7 +Version: 2.7.1 Release: 0 Summary: Multi-protocol extensible Chat Client License: GPL-3.0-or-later @@ -28,7 +28,6 @@ Source2: %{name}.keyring Source3: https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc Source4: %{name}.changes -Patch0: CVE-2020-8955.patch BuildRequires: ca-certificates BuildRequires: cmake BuildRequires: curl-devel @@ -127,7 +126,6 @@ %prep %setup -q -%patch0 -p1 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" ++++++ weechat-2.7.tar.xz -> weechat-2.7.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/ChangeLog.adoc new/weechat-2.7.1/ChangeLog.adoc --- old/weechat-2.7/ChangeLog.adoc 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/ChangeLog.adoc 2020-02-20 20:45:08.000000000 +0100 @@ -15,6 +15,15 @@ (file _ReleaseNotes.adoc_ in sources). +[[v2.7.1]] +== Version 2.7.1 (2020-02-20) + +Bug fixes:: + + * irc: fix crash when receiving a malformed message 352 (who) + * irc: fix crash when a new message 005 is received with longer nick prefixes + * irc: fix crash when receiving a malformed message 324 (channel mode) (CVE-2020-8955) + [[v2.7]] == Version 2.7 (2019-12-08) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/ReleaseNotes.adoc new/weechat-2.7.1/ReleaseNotes.adoc --- old/weechat-2.7/ReleaseNotes.adoc 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/ReleaseNotes.adoc 2020-02-20 20:45:08.000000000 +0100 @@ -17,6 +17,11 @@ (file _ChangeLog.adoc_ in sources). +[[v2.7.1]] +== Version 2.7.1 (2020-02-20) + +Bug fix and maintenance release. + [[v2.7]] == Version 2.7 (2019-12-08) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/src/plugins/irc/irc-mode.c new/weechat-2.7.1/src/plugins/irc/irc-mode.c --- old/weechat-2.7/src/plugins/irc/irc-mode.c 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/src/plugins/irc/irc-mode.c 2020-02-20 20:45:08.000000000 +0100 @@ -224,17 +224,20 @@ current_arg++; if (pos[0] == chanmode) { - chanmode_found = 1; - if (set_flag == '+') + if (!chanmode_found) { - str_mode[0] = pos[0]; - str_mode[1] = '\0'; - strcat (new_modes, str_mode); - if (argument) + chanmode_found = 1; + if (set_flag == '+') { - if (new_args[0]) - strcat (new_args, " "); - strcat (new_args, argument); + str_mode[0] = pos[0]; + str_mode[1] = '\0'; + strcat (new_modes, str_mode); + if (argument) + { + if (new_args[0]) + strcat (new_args, " "); + strcat (new_args, argument); + } } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/src/plugins/irc/irc-nick.c new/weechat-2.7.1/src/plugins/irc/irc-nick.c --- old/weechat-2.7/src/plugins/irc/irc-nick.c 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/src/plugins/irc/irc-nick.c 2020-02-20 20:45:08.000000000 +0100 @@ -644,6 +644,53 @@ } /* + * Reallocates the "prefixes" string in all nicks of all channels on the server + * (after 005 has been received). + */ + +void +irc_nick_realloc_prefixes (struct t_irc_server *server, + int old_length, int new_length) +{ + struct t_irc_channel *ptr_channel; + struct t_irc_nick *ptr_nick; + char *new_prefixes; + + for (ptr_channel = server->channels; ptr_channel; + ptr_channel = ptr_channel->next_channel) + { + for (ptr_nick = ptr_channel->nicks; ptr_nick; + ptr_nick = ptr_nick->next_nick) + { + if (ptr_nick->prefixes) + { + new_prefixes = realloc (ptr_nick->prefixes, new_length + 1); + if (new_prefixes) + { + ptr_nick->prefixes = new_prefixes; + if (new_length > old_length) + { + memset (ptr_nick->prefixes + old_length, + ' ', + new_length - old_length); + } + ptr_nick->prefixes[new_length] = '\0'; + } + } + else + { + ptr_nick->prefixes = malloc (new_length + 1); + if (ptr_nick->prefixes) + { + memset (ptr_nick->prefixes, ' ', new_length); + ptr_nick->prefixes[new_length] = '\0'; + } + } + } + } +} + +/* * Removes a nick from a channel. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/src/plugins/irc/irc-nick.h new/weechat-2.7.1/src/plugins/irc/irc-nick.h --- old/weechat-2.7/src/plugins/irc/irc-nick.h 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/src/plugins/irc/irc-nick.h 2020-02-20 20:45:08.000000000 +0100 @@ -74,6 +74,8 @@ extern void irc_nick_set_mode (struct t_irc_server *server, struct t_irc_channel *channel, struct t_irc_nick *nick, int set, char mode); +extern void irc_nick_realloc_prefixes (struct t_irc_server *server, + int old_length, int new_length); extern void irc_nick_free (struct t_irc_server *server, struct t_irc_channel *channel, struct t_irc_nick *nick); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/src/plugins/irc/irc-protocol.c new/weechat-2.7.1/src/plugins/irc/irc-protocol.c --- old/weechat-2.7/src/plugins/irc/irc-protocol.c 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/src/plugins/irc/irc-protocol.c 2020-02-20 20:45:08.000000000 +0100 @@ -4689,7 +4689,7 @@ if (argc > 8) { - arg_start = (strcmp (argv[8], "*") == 0) ? 9 : 8; + arg_start = ((argc > 9) && (strcmp (argv[8], "*") == 0)) ? 9 : 8; if (argv[arg_start][0] == ':') { pos_attr = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/src/plugins/irc/irc-server.c new/weechat-2.7.1/src/plugins/irc/irc-server.c --- old/weechat-2.7/src/plugins/irc/irc-server.c 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/src/plugins/irc/irc-server.c 2020-02-20 20:45:08.000000000 +0100 @@ -988,11 +988,15 @@ const char *prefix) { char *pos; - int i, length_modes, length_chars; + int i, old_length_chars, length_modes, length_chars; if (!server || !prefix) return; + old_length_chars = (server->prefix_chars) ? + strlen (server->prefix_chars) : + strlen (irc_server_prefix_chars_default); + /* free previous values */ if (server->prefix_modes) { @@ -1032,6 +1036,13 @@ } } } + + length_chars = (server->prefix_chars) ? + strlen (server->prefix_chars) : + strlen (irc_server_prefix_chars_default); + + if (length_chars != old_length_chars) + irc_nick_realloc_prefixes (server, old_length_chars, length_chars); } /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/weechat-2.7/version.sh new/weechat-2.7.1/version.sh --- old/weechat-2.7/version.sh 2019-12-08 09:48:53.000000000 +0100 +++ new/weechat-2.7.1/version.sh 2020-02-20 20:45:08.000000000 +0100 @@ -32,9 +32,9 @@ # devel-patch the patch version of devel (e.g. 2 for version 1.4.2) # -WEECHAT_STABLE=2.7 -WEECHAT_DEVEL=2.7 -WEECHAT_DEVEL_FULL=2.7 +WEECHAT_STABLE=2.7.1 +WEECHAT_DEVEL=2.7.1 +WEECHAT_DEVEL_FULL=2.7.1 if [ $# -lt 1 ]; then echo >&2 "Syntax: $0 stable|devel|devel-full|devel-major|devel-minor|devel-patch"
