Hi,
There were 2 CVEs published last week (see their advisory [0]). They
say "Irssi 0.8.20 is a maintenance release without any new features."
though it's quite a long diff (see [1]) between both so I just
backported the fix for -stable. -oldstable is impacted too but I can't
test it so I didn't create any diff.
Tested on -current/-stable both amd64 and with irssi-icb.
On current, util seems to not to be needed anymore.
Comments? OK?
[0]: http://irssi.org/security/irssi_sa_2016.txt
[1]:
https://github.com/irssi/irssi/releases/download/0.8.20/irssi-0.8.19_0.8.20.diff
Cheers,
Daniel
? irssi.diff
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/irssi/Makefile,v
retrieving revision 1.64
diff -u -p -r1.64 Makefile
--- Makefile 9 Apr 2016 21:48:55 -0000 1.64
+++ Makefile 21 Sep 2016 20:03:21 -0000
@@ -5,6 +5,7 @@ COMMENT = modular IRC client with many f
V = 0.8.19
DISTNAME = irssi-$V
PKGSPEC = irssi-=$V
+REVISION = 0
CATEGORIES = net
Index: patches/patch-src_fe-common_core_formats_c
===================================================================
RCS file: patches/patch-src_fe-common_core_formats_c
diff -N patches/patch-src_fe-common_core_formats_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_fe-common_core_formats_c 21 Sep 2016 20:03:21 -0000
@@ -0,0 +1,22 @@
+$OpenBSD$
+--- src/fe-common/core/formats.c.orig Sun Mar 20 22:18:46 2016
++++ src/fe-common/core/formats.c Wed Sep 21 21:54:48 2016
+@@ -131,6 +131,8 @@ void unformat_24bit_color(char **ptr, int off, int *fg
+ unsigned char rgbx[4];
+ unsigned int i;
+ for (i = 0; i < 4; ++i) {
++ if ((*ptr)[i + off] == '\0')
++ return;
+ rgbx[i] = (*ptr)[i + off];
+ }
+ rgbx[3] -= 0x20;
+@@ -1357,6 +1359,9 @@ void format_send_to_gui(TEXT_DEST_REC *dest, const cha
+ bgcolor = *ptr==(char)0xff ? -1 : *ptr-'0';
+ }
+ }
++ if (*ptr == '\0')
++ break;
++
+ ptr++;
+ break;
+ case 6:
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/irssi/Makefile,v
retrieving revision 1.64
diff -u -p -r1.64 Makefile
--- Makefile 9 Apr 2016 21:48:55 -0000 1.64
+++ Makefile 21 Sep 2016 19:56:30 -0000
@@ -2,7 +2,7 @@
COMMENT = modular IRC client with many features (ipv6,socks,proxy)
-V = 0.8.19
+V = 0.8.20
DISTNAME = irssi-$V
PKGSPEC = irssi-=$V
@@ -15,8 +15,7 @@ MAINTAINER = Wiktor Izdebski <vicviq@gma
# GPLv2+
PERMIT_PACKAGE_CDROM = Yes
-WANTLIB += c crypto m ncurses perl pthread ssl util pcre glib-2.0
-WANTLIB += gmodule-2.0
+WANTLIB += c crypto m ncurses perl pthread ssl pcre glib-2.0 gmodule-2.0
MASTER_SITES = https://github.com/irssi/irssi/releases/download/${V}/
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/irssi/distinfo,v
retrieving revision 1.22
diff -u -p -r1.22 distinfo
--- distinfo 9 Apr 2016 21:48:55 -0000 1.22
+++ distinfo 21 Sep 2016 19:56:30 -0000
@@ -1,2 +1,2 @@
-SHA256 (irssi-0.8.19.tar.gz) = /k9Ld4aY3o4cMZuc2bntVTTw7OesK/oK81GjFXxuyFs=
-SIZE (irssi-0.8.19.tar.gz) = 1565074
+SHA256 (irssi-0.8.20.tar.gz) = 9eIPdqqCNzA8Rj4IrbOj46QAokupWs9z6bBo1jQXP2Y=
+SIZE (irssi-0.8.20.tar.gz) = 1565952
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/irssi/pkg/PLIST,v
retrieving revision 1.22
diff -u -p -r1.22 PLIST
--- pkg/PLIST 18 Mar 2016 09:27:57 -0000 1.22
+++ pkg/PLIST 21 Sep 2016 19:56:30 -0000
@@ -283,8 +283,10 @@ share/irssi/help/sconnect
share/irssi/help/script
share/irssi/help/scrollback
share/irssi/help/server
+share/irssi/help/servlist
share/irssi/help/set
share/irssi/help/silence
+share/irssi/help/squery
share/irssi/help/squit
share/irssi/help/stats
share/irssi/help/statusbar
