Re: UPDATE: net/znc 1.7.3 -> 1.7.4
OK.
On 6/26/2019 3:04 PM, Hiltjo Posthuma wrote:
Hi,
This updates the znc port from 1.7.3 to 1.7.4.
It contains a security fix:
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users
to escalate privileges and execute arbitrary code by loading a module with a
crafted name.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12816
Patch reference:
https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
I only build the package on amd64 and have not tested it.
Patch below:
diff --git net/znc/Makefile net/znc/Makefile
index 6cb912ed596..52267267db7 100644
--- net/znc/Makefile
+++ net/znc/Makefile
@@ -2,8 +2,7 @@
COMMENT= advanced IRC bouncer
-DISTNAME= znc-1.7.3
-REVISION= 0
+DISTNAME= znc-1.7.4
CATEGORIES= net
MASTER_SITES= ${HOMEPAGE}releases/
diff --git net/znc/distinfo net/znc/distinfo
index 4a337b107f8..b333b2182eb 100644
--- net/znc/distinfo
+++ net/znc/distinfo
@@ -1,2 +1,2 @@
-SHA256 (znc-1.7.3.tar.gz) = HkzDGDeh6ObMMQhzZZoWfOwWo/1CgcvDvzZOQjUsET0=
-SIZE (znc-1.7.3.tar.gz) = 2084575
+SHA256 (znc-1.7.4.tar.gz) = saMpIajm157mxZAMjQcpMCaWbbfAWqrEiYQjG+/Em3E=
+SIZE (znc-1.7.4.tar.gz) = 2084756
Re: UPDATE: net/znc 1.7.3 -> 1.7.4
On Wed, Jun 26, 2019 at 09:04:10PM +0200, Hiltjo Posthuma wrote:
> Hi,
>
> This updates the znc port from 1.7.3 to 1.7.4.
>
> It contains a security fix:
>
> Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin
> users
> to escalate privileges and execute arbitrary code by loading a module with a
> crafted name.
>
> Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12816
> Patch reference:
> https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
>
> I only build the package on amd64 and have not tested it.
>
>
> Patch below:
>
>
> diff --git net/znc/Makefile net/znc/Makefile
> index 6cb912ed596..52267267db7 100644
> --- net/znc/Makefile
> +++ net/znc/Makefile
> @@ -2,8 +2,7 @@
>
> COMMENT= advanced IRC bouncer
>
> -DISTNAME=znc-1.7.3
> -REVISION=0
> +DISTNAME=znc-1.7.4
> CATEGORIES= net
> MASTER_SITES=${HOMEPAGE}releases/
>
> diff --git net/znc/distinfo net/znc/distinfo
> index 4a337b107f8..b333b2182eb 100644
> --- net/znc/distinfo
> +++ net/znc/distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (znc-1.7.3.tar.gz) = HkzDGDeh6ObMMQhzZZoWfOwWo/1CgcvDvzZOQjUsET0=
> -SIZE (znc-1.7.3.tar.gz) = 2084575
> +SHA256 (znc-1.7.4.tar.gz) = saMpIajm157mxZAMjQcpMCaWbbfAWqrEiYQjG+/Em3E=
> +SIZE (znc-1.7.4.tar.gz) = 2084756
>
> --
> Kind regards,
> Hiltjo
>
Thanks! It works for me.
ok solene@
UPDATE: net/znc 1.7.3 -> 1.7.4
Hi,
This updates the znc port from 1.7.3 to 1.7.4.
It contains a security fix:
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users
to escalate privileges and execute arbitrary code by loading a module with a
crafted name.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-12816
Patch reference:
https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311
I only build the package on amd64 and have not tested it.
Patch below:
diff --git net/znc/Makefile net/znc/Makefile
index 6cb912ed596..52267267db7 100644
--- net/znc/Makefile
+++ net/znc/Makefile
@@ -2,8 +2,7 @@
COMMENT= advanced IRC bouncer
-DISTNAME= znc-1.7.3
-REVISION= 0
+DISTNAME= znc-1.7.4
CATEGORIES=net
MASTER_SITES= ${HOMEPAGE}releases/
diff --git net/znc/distinfo net/znc/distinfo
index 4a337b107f8..b333b2182eb 100644
--- net/znc/distinfo
+++ net/znc/distinfo
@@ -1,2 +1,2 @@
-SHA256 (znc-1.7.3.tar.gz) = HkzDGDeh6ObMMQhzZZoWfOwWo/1CgcvDvzZOQjUsET0=
-SIZE (znc-1.7.3.tar.gz) = 2084575
+SHA256 (znc-1.7.4.tar.gz) = saMpIajm157mxZAMjQcpMCaWbbfAWqrEiYQjG+/Em3E=
+SIZE (znc-1.7.4.tar.gz) = 2084756
--
Kind regards,
Hiltjo
