Hello community, here is the log from the commit of package weechat for openSUSE:Factory checked in at 2020-02-18 10:39:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/weechat (Old) and /work/SRC/openSUSE:Factory/.weechat.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "weechat" Tue Feb 18 10:39:36 2020 rev:54 rq:774861 version:2.7 Changes: -------- --- /work/SRC/openSUSE:Factory/weechat/weechat.changes 2020-02-03 11:15:26.477909313 +0100 +++ /work/SRC/openSUSE:Factory/.weechat.new.26092/weechat.changes 2020-02-18 10:40:49.412995694 +0100 @@ -1,0 +2,5 @@ +Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup <mimi...@gmail.com> + +- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch + +------------------------------------------------------------------- New: ---- CVE-2020-8955.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ weechat.spec ++++++ --- /var/tmp/diff_new_pack.tvKpRl/_old 2020-02-18 10:40:52.257001496 +0100 +++ /var/tmp/diff_new_pack.tvKpRl/_new 2020-02-18 10:40:52.261001504 +0100 @@ -28,6 +28,7 @@ Source2: %{name}.keyring Source3: https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc Source4: %{name}.changes +Patch0: CVE-2020-8955.patch BuildRequires: ca-certificates BuildRequires: cmake BuildRequires: curl-devel @@ -126,6 +127,7 @@ %prep %setup -q +%patch0 -p1 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" @@ -144,7 +146,7 @@ -DENABLE_JAVASCRIPT=OFF \ -DENABLE_PHP=OFF \ -DCA_FILE=%{_sysconfdir}/ssl/ca-bundle.pem -%make_jobs +%cmake_build %install %cmake_install @@ -154,8 +156,6 @@ %find_lang "%{name}" --with-man - - %files %doc AUTHORS.adoc ChangeLog.adoc Contributing.adoc %doc README.adoc ReleaseNotes.adoc ++++++ CVE-2020-8955.patch ++++++ >From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashc...@flashtux.org> Date: Sat, 8 Feb 2020 20:24:50 +0100 Subject: [PATCH] irc: fix crash when receiving a malformed message 324 (channel mode) Thanks to Stuart Nevans Locke for reporting the issue. --- ChangeLog.adoc | 1 + src/plugins/irc/irc-mode.c | 21 ++++++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c index 2237a344b..e79f0deb7 100644 --- a/src/plugins/irc/irc-mode.c +++ b/src/plugins/irc/irc-mode.c @@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server, current_arg++; if (pos[0] == chanmode) { - chanmode_found = 1; - if (set_flag == '+') + if (!chanmode_found) { - str_mode[0] = pos[0]; - str_mode[1] = '\0'; - strcat (new_modes, str_mode); - if (argument) + chanmode_found = 1; + if (set_flag == '+') { - if (new_args[0]) - strcat (new_args, " "); - strcat (new_args, argument); + str_mode[0] = pos[0]; + str_mode[1] = '\0'; + strcat (new_modes, str_mode); + if (argument) + { + if (new_args[0]) + strcat (new_args, " "); + strcat (new_args, argument); + } } } }