Hello community, here is the log from the commit of package irssi for openSUSE:Factory checked in at 2017-03-12 20:05:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/irssi (Old) and /work/SRC/openSUSE:Factory/.irssi.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "irssi" Sun Mar 12 20:05:59 2017 rev:42 rq:478804 version:1.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/irssi/irssi.changes 2017-02-24 02:54:11.830798622 +0100 +++ /work/SRC/openSUSE:Factory/.irssi.new/irssi.changes 2017-03-12 20:06:00.244742009 +0100 @@ -1,0 +2,17 @@ +Sat Mar 11 21:10:03 UTC 2017 - ailin.ne...@gmail.com + +- irssi 1.0.2 fixes a vulnerability that could result in denial of + service or worse during a netjoin in certain circumstances (CVE + pending) + - Prevent some null-pointer crashes (GL!9). + - Fix compilation with OpenSSL 1.1.0 (#628, #597). + - Correct dereferencing of already freed server objects during + output of netjoins. Found by APic (GL!10, GL#7). + - Fix in command arg parser to detect missing arguments in tail place + (#652, #651). + - Fix regression that broke incoming DCC file transfers (#667, #656). + - Fix issue with escaping \ in evaluated strings (#669, #520). +- Added regex-patch-653.patch from Upstream PR#653 to improve UTF8 + support in GRegex + +------------------------------------------------------------------- Old: ---- irssi-1.0.1.tar.xz irssi-1.0.1.tar.xz.asc New: ---- irssi-1.0.2.tar.xz irssi-1.0.2.tar.xz.asc regex-patch-653.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ irssi.spec ++++++ --- /var/tmp/diff_new_pack.GgW6Bi/_old 2017-03-12 20:06:01.312590904 +0100 +++ /var/tmp/diff_new_pack.GgW6Bi/_new 2017-03-12 20:06:01.312590904 +0100 @@ -18,7 +18,7 @@ %bcond_with socks Name: irssi -Version: 1.0.1 +Version: 1.0.2 Release: 0 # Summary: Modular, Secure, and Well Designed IRC Client @@ -35,6 +35,8 @@ Source99: irssi-rpmlintrc # PATCH-FIX-OPENSUSE irssi-0.8.16_missing_prototype_warnings.patch Patch1: irssi-0.8.16_missing_prototype_warnings.patch +# PATCH-FEATURE-UPSTREAM regex-patch-653.patch github#653 ailin.ne...@gmail.com -- one of proposed regex utf8 workarounds +Patch2: regex-patch-653.patch BuildRequires: glib2-devel BuildRequires: ncurses-devel BuildRequires: openssl-devel @@ -78,6 +80,7 @@ %prep %setup -q %patch1 +%patch2 %build export CFLAGS="%{optflags} -fno-strict-aliasing -DGLIB_DISABLE_DEPRECATION_WARNINGS" ++++++ irssi-1.0.1.tar.xz -> irssi-1.0.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/ChangeLog new/irssi-1.0.2/ChangeLog --- old/irssi-1.0.1/ChangeLog 2017-02-03 20:46:34.000000000 +0100 +++ new/irssi-1.0.2/ChangeLog 2017-03-10 17:43:14.000000000 +0100 @@ -1,3 +1,77 @@ +commit 2a53853f369b47e42e32e183c8109e3d63808899 +Author: Ailin Nemui <ailin@z30a.localdomain> +Date: Fri Mar 10 17:41:04 2017 +0100 + + tag as 1.0.2 + +commit a0c34463a56c1fae963f6f76a7dfef07d4decc6a +Author: ailin-nemui <ailin-ne...@users.noreply.github.com> +Date: Fri Mar 10 17:13:20 2017 +0100 + + Merge pull request #669 from dequis/expand-double-backslash + + expand_escape: expand double backslash as a backslash + (cherry picked from commit 26187d1d30f589d10300de2798f5a3ec4b0c1a3d) + +commit 9d1adffc754e066ca7a3032657e3aecb42d6aefe +Author: ailin-nemui <ailin-ne...@users.noreply.github.com> +Date: Wed Mar 8 09:45:40 2017 +0100 + + Merge pull request #667 from ailin-nemui/fix-dcc-get + + fix dcc get + + fixes #656 + (cherry picked from commit d57c64adeb7b251c5347212239ed0d7b7abe5547) + +commit 554586cddfeae080c85478ce09d62e65fe350e67 +Author: Nei <ailin.ne...@gmail.com> +Date: Sat Mar 4 20:35:17 2017 +0000 + + Merge branch 'd-minor' into 'master' + + Prevent some potential null-pointer deferences. + + See merge request !9 + (cherry picked from commit 7ef22687f9291ef10072cc55bc64e3db3ad5a546) + +commit dfffb0e9d8a1dea9e1471d9d85b2074c22e9c2a0 +Author: ailin-nemui <ailin-ne...@users.noreply.github.com> +Date: Sun Feb 5 22:20:31 2017 +0100 + + Merge pull request #628 from LemonBoy/openssl-compat + + Support OpenSSL 1.1.0. + (cherry picked from commit ff5dd3673ee6b60d95e89dd89aa3605c79a93ac1) + +commit 39e591468dec8c1acc49603c65d827b44f8d9497 +Author: Ailin Nemui <ailin@z30a.localdomain> +Date: Fri Mar 10 17:18:18 2017 +0100 + + Merge branch 'netjoin-timeout' into 'master' + + fe-netjoin: remove irc servers on "server disconnected" signal + + Closes #7 + + See merge request !10 + + (cherry picked from commit 77b2631c78461965bc9a7414aae206b5c514e1b3) + +commit c111e091336b67b9aa5abddda9cf381e6ab49a04 +Author: ailin-nemui <ailin-ne...@users.noreply.github.com> +Date: Sat Mar 4 21:36:01 2017 +0100 + + Merge pull request #652 from LemonBoy/trailing-arg + + Properly check the command arguments in tail place. + +commit 0ada284a257cfb08da984a78dab24c3ddaf09ec7 +Author: ailin-nemui <ailin-ne...@users.noreply.github.com> +Date: Sun Feb 5 21:33:19 2017 +0100 + + amend forgotten fix + commit 5f6c38c329f3d9574db863d330df876a456c5940 Author: ailin-nemui <ailin-ne...@users.noreply.github.com> Date: Fri Feb 3 20:46:20 2017 +0100 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/Makefile.in new/irssi-1.0.2/Makefile.in --- old/irssi-1.0.1/Makefile.in 2017-02-03 20:46:41.000000000 +0100 +++ new/irssi-1.0.2/Makefile.in 2017-03-10 17:43:21.000000000 +0100 @@ -207,7 +207,7 @@ $(top_srcdir)/src/perl/textui/Makefile.PL.in \ $(top_srcdir)/src/perl/ui/Makefile.PL.in AUTHORS COPYING \ ChangeLog INSTALL NEWS TODO build-aux/compile \ - build-aux/config.guess build-aux/config.sub build-aux/depcomp \ + build-aux/config.guess build-aux/config.sub \ build-aux/install-sh build-aux/ltmain.sh build-aux/missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/NEWS new/irssi-1.0.2/NEWS --- old/irssi-1.0.1/NEWS 2017-02-03 20:42:14.000000000 +0100 +++ new/irssi-1.0.2/NEWS 2017-03-10 17:31:03.000000000 +0100 @@ -1,3 +1,13 @@ +v1.0.2 2017-03-10 The Irssi team <st...@irssi.org> + - Prevent some null-pointer crashes (GL!9). + - Fix compilation with OpenSSL 1.1.0 (#628, #597). + - Correct dereferencing of already freed server objects during + output of netjoins. Found by APic (GL!10, GL#7). + - Fix in command arg parser to detect missing arguments in tail place + (#652, #651). + - Fix regression that broke incoming DCC file transfers (#667, #656). + - Fix issue with escaping \ in evaluated strings (#669, #520). + v1.0.1 2017-02-03 The Irssi team <st...@irssi.org> - Fix Perl compilation in object dir. By Martijn Dekker (#602, #623). - Disable EC cryptography on Solaris to fix build (#604, #598). @@ -6,6 +16,8 @@ - Fix regression that broke second level completion (#613, #609). - Correct missing NULL termination in perl_parse. By Hanno Böck (#619). - Sync broken mail.pl script (#624, #607). + - Prevent a memory leak during the processing of the SASL + response (GL!8, GL#5) v1.0.0 2017-01-03 The Irssi team <st...@irssi.org> * Removed --disable-ipv6 (#408). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/configure new/irssi-1.0.2/configure --- old/irssi-1.0.1/configure 2017-02-03 20:46:41.000000000 +0100 +++ new/irssi-1.0.2/configure 2017-03-10 17:43:20.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for irssi 1.0.1. +# Generated by GNU Autoconf 2.69 for irssi 1.0.2. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='irssi' PACKAGE_TARNAME='irssi' -PACKAGE_VERSION='1.0.1' -PACKAGE_STRING='irssi 1.0.1' +PACKAGE_VERSION='1.0.2' +PACKAGE_STRING='irssi 1.0.2' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1367,7 +1367,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures irssi 1.0.1 to adapt to many kinds of systems. +\`configure' configures irssi 1.0.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1437,7 +1437,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of irssi 1.0.1:";; + short | recursive ) echo "Configuration of irssi 1.0.2:";; esac cat <<\_ACEOF @@ -1571,7 +1571,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -irssi configure 1.0.1 +irssi configure 1.0.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2173,7 +2173,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by irssi $as_me 1.0.1, which was +It was created by irssi $as_me 1.0.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3042,7 +3042,7 @@ # Define the identity of the package. PACKAGE='irssi' - VERSION='1.0.1' + VERSION='1.0.2' # Some tools Automake needs. @@ -14483,7 +14483,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by irssi $as_me 1.0.1, which was +This file was extended by irssi $as_me 1.0.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14549,7 +14549,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -irssi config.status 1.0.1 +irssi config.status 1.0.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/configure.ac new/irssi-1.0.2/configure.ac --- old/irssi-1.0.1/configure.ac 2017-02-03 20:33:20.000000000 +0100 +++ new/irssi-1.0.2/configure.ac 2017-03-10 17:31:03.000000000 +0100 @@ -1,4 +1,4 @@ -AC_INIT(irssi, 1.0.1) +AC_INIT(irssi, 1.0.2) AC_CONFIG_SRCDIR([src]) AC_CONFIG_AUX_DIR(build-aux) AC_PREREQ(2.50) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/irssi-config.h new/irssi-1.0.2/irssi-config.h --- old/irssi-1.0.1/irssi-config.h 2017-02-03 20:46:47.000000000 +0100 +++ new/irssi-1.0.2/irssi-config.h 2017-03-10 17:43:26.000000000 +0100 @@ -26,7 +26,7 @@ /* #undef HAVE_SOCKS_H */ /* */ -#define HAVE_STATIC_PERL 1 +/* #undef HAVE_STATIC_PERL */ /* Define to 1 if you have the <stdint.h> header file. */ #define HAVE_STDINT_H 1 @@ -74,7 +74,7 @@ #define PACKAGE_NAME "irssi" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "irssi 1.0.1" +#define PACKAGE_STRING "irssi 1.0.2" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "irssi" @@ -83,7 +83,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.0.1" +#define PACKAGE_VERSION "1.0.2" /* printf()-format for uoff_t, eg. "u" or "lu" or "llu" */ #define PRIuUOFF_T "lu" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/irssi-version.h new/irssi-1.0.2/irssi-version.h --- old/irssi-1.0.1/irssi-version.h 2017-02-03 20:46:50.000000000 +0100 +++ new/irssi-1.0.2/irssi-version.h 2017-03-10 17:43:32.000000000 +0100 @@ -1,2 +1,2 @@ -#define IRSSI_VERSION_DATE 20170203 -#define IRSSI_VERSION_TIME 2046 +#define IRSSI_VERSION_DATE 20170310 +#define IRSSI_VERSION_TIME 1741 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/core/commands.c new/irssi-1.0.2/src/core/commands.c --- old/irssi-1.0.1/src/core/commands.c 2016-09-21 15:56:04.000000000 +0200 +++ new/irssi-1.0.2/src/core/commands.c 2017-03-10 17:19:57.000000000 +0100 @@ -567,13 +567,14 @@ option = NULL; pos = -1; for (;;) { - if (**data == '-') { + if (**data == '\0' || **data == '-') { if (option != NULL && *optlist[pos] == '+') { /* required argument missing! */ *data = optlist[pos] + 1; return CMDERR_OPTION_ARG_MISSING; } - + } + if (**data == '-') { (*data)++; if (**data == '-' && (*data)[1] == ' ') { /* -- option means end of options even diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/core/misc.c new/irssi-1.0.2/src/core/misc.c --- old/irssi-1.0.1/src/core/misc.c 2017-01-16 18:01:11.000000000 +0100 +++ new/irssi-1.0.2/src/core/misc.c 2017-03-10 17:21:45.000000000 +0100 @@ -690,6 +690,8 @@ return '\n'; case 'e': return 27; /* ESC */ + case '\\': + return '\\'; case 'x': /* hex digit */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/core/network-openssl.c new/irssi-1.0.2/src/core/network-openssl.c --- old/irssi-1.0.1/src/core/network-openssl.c 2017-02-03 20:27:18.000000000 +0100 +++ new/irssi-1.0.2/src/core/network-openssl.c 2017-03-10 17:31:03.000000000 +0100 @@ -32,6 +32,17 @@ #include <openssl/ssl.h> #include <openssl/err.h> +/* OpenSSL 1.1.0 introduced some backward-incompatible changes to the api */ +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) +/* The two functions below could be already defined if OPENSSL_API_COMPAT is + * below the 1.1.0 version so let's do a clean start */ +#undef X509_get_notBefore +#undef X509_get_notAfter +#define X509_get_notBefore(x) X509_get0_notBefore(x) +#define X509_get_notAfter(x) X509_get0_notAfter(x) +#define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) +#endif + /* ssl i/o channel object */ typedef struct { @@ -352,13 +363,19 @@ static gboolean irssi_ssl_init(void) { +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + if (!OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, NULL)) { + g_error("Could not initialize OpenSSL"); + return FALSE; + } +#else SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); +#endif ssl_inited = TRUE; return TRUE; - } static int get_pem_password_callback(char *buffer, int max_length, int rwflag, void *pass) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/fe-common/core/fe-channels.c new/irssi-1.0.2/src/fe-common/core/fe-channels.c --- old/irssi-1.0.1/src/fe-common/core/fe-channels.c 2017-01-16 18:01:11.000000000 +0100 +++ new/irssi-1.0.2/src/fe-common/core/fe-channels.c 2017-03-10 17:20:52.000000000 +0100 @@ -453,7 +453,7 @@ } } - if (str->len > strlen(prefix_format)) { + if (prefix_format != NULL && str->len > strlen(prefix_format)) { printtext(channel->server, channel->visible_name, MSGLEVEL_CLIENTCRAP, "%s", str->str); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/fe-common/irc/fe-netjoin.c new/irssi-1.0.2/src/fe-common/irc/fe-netjoin.c --- old/irssi-1.0.1/src/fe-common/irc/fe-netjoin.c 2017-01-16 18:01:11.000000000 +0100 +++ new/irssi-1.0.2/src/fe-common/irc/fe-netjoin.c 2017-03-10 17:20:10.000000000 +0100 @@ -470,6 +470,20 @@ } } +static void sig_server_disconnected(IRC_SERVER_REC *server) +{ + NETJOIN_SERVER_REC *netjoin_server; + + g_return_if_fail(server != NULL); + + if (!IS_IRC_SERVER(server)) + return; + + if ((netjoin_server = netjoin_find_server(server))) { + netjoin_server_remove(netjoin_server); + } +} + void fe_netjoin_init(void) { settings_add_bool("misc", "hide_netsplit_quits", TRUE); @@ -480,6 +494,7 @@ read_settings(); signal_add("setup changed", (SIGNAL_FUNC) read_settings); + signal_add("server disconnected", (SIGNAL_FUNC) sig_server_disconnected); } void fe_netjoin_deinit(void) @@ -492,6 +507,7 @@ } signal_remove("setup changed", (SIGNAL_FUNC) read_settings); + signal_remove("server disconnected", (SIGNAL_FUNC) sig_server_disconnected); signal_remove("message quit", (SIGNAL_FUNC) msg_quit); signal_remove("message join", (SIGNAL_FUNC) msg_join); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/fe-common/irc/fe-netsplit.c new/irssi-1.0.2/src/fe-common/irc/fe-netsplit.c --- old/irssi-1.0.1/src/fe-common/irc/fe-netsplit.c 2017-01-16 18:01:11.000000000 +0100 +++ new/irssi-1.0.2/src/fe-common/irc/fe-netsplit.c 2017-03-10 17:20:52.000000000 +0100 @@ -148,6 +148,8 @@ char *sourceserver; GSList *tmp; + g_return_if_fail(rec->servers != NULL); + destservers = g_string_new(NULL); for (tmp = rec->servers; tmp != NULL; tmp = tmp->next) { NETSPLIT_SERVER_REC *rec = tmp->data; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/fe-text/mainwindows-layout.c new/irssi-1.0.2/src/fe-text/mainwindows-layout.c --- old/irssi-1.0.1/src/fe-text/mainwindows-layout.c 2016-08-11 14:59:21.000000000 +0200 +++ new/irssi-1.0.2/src/fe-text/mainwindows-layout.c 2017-03-10 17:20:52.000000000 +0100 @@ -121,6 +121,8 @@ if (node == NULL) return; sorted_config = get_sorted_windows_config(node); + if (sorted_config == NULL) return; + windows_count = g_slist_length(sorted_config); /* calculate the saved terminal height */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/irssi-1.0.1/src/irc/dcc/dcc-autoget.c new/irssi-1.0.2/src/irc/dcc/dcc-autoget.c --- old/irssi-1.0.1/src/irc/dcc/dcc-autoget.c 2016-08-11 14:59:21.000000000 +0200 +++ new/irssi-1.0.2/src/irc/dcc/dcc-autoget.c 2017-03-10 17:21:34.000000000 +0100 @@ -23,6 +23,7 @@ #include "masks.h" #include "settings.h" #include "servers.h" +#include "misc.h" #include "dcc-get.h" @@ -30,7 +31,7 @@ { struct stat statbuf; const char *masks; - char *str, *file; + char *str, *file, *esc_arg; int max_size; if (!IS_DCC_GET(dcc)) return; @@ -68,11 +69,13 @@ /* ok. but do we want/need to resume? */ file = dcc_get_download_path(dcc->arg); + esc_arg = escape_string(dcc->arg); str = g_strdup_printf(settings_get_bool("dcc_autoresume") && stat(file, &statbuf) == 0 ? - "RESUME %s %s" : "GET %s %s", - dcc->nick, dcc->arg); + "RESUME %s \"%s\"" : "GET %s \"%s\"", + dcc->nick, esc_arg); signal_emit("command dcc", 2, str, dcc->server); + g_free(esc_arg); g_free(file); g_free(str); } ++++++ regex-patch-653.patch ++++++ ++++ 647 lines (skipped)