Hello community,
here is the log from the commit of package weechat for openSUSE:Factory checked
in at 2020-02-18 10:39:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/weechat (Old)
and /work/SRC/openSUSE:Factory/.weechat.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "weechat"
Tue Feb 18 10:39:36 2020 rev:54 rq:774861 version:2.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/weechat/weechat.changes 2020-02-03
11:15:26.477909313 +0100
+++ /work/SRC/openSUSE:Factory/.weechat.new.26092/weechat.changes
2020-02-18 10:40:49.412995694 +0100
@@ -1,0 +2,5 @@
+Mon Feb 17 12:43:01 UTC 2020 - Ondřej Súkup <mimi...@gmail.com>
+
+- fix boo#1163889 - CVE-2020-8955 , add patch CVE-2020-8955.patch
+
+-------------------------------------------------------------------
New:
----
CVE-2020-8955.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ weechat.spec ++++++
--- /var/tmp/diff_new_pack.tvKpRl/_old 2020-02-18 10:40:52.257001496 +0100
+++ /var/tmp/diff_new_pack.tvKpRl/_new 2020-02-18 10:40:52.261001504 +0100
@@ -28,6 +28,7 @@
Source2: %{name}.keyring
Source3: https://weechat.org/files/src/%{name}-%{version}.tar.xz.asc
Source4: %{name}.changes
+Patch0: CVE-2020-8955.patch
BuildRequires: ca-certificates
BuildRequires: cmake
BuildRequires: curl-devel
@@ -126,6 +127,7 @@
%prep
%setup -q
+%patch0 -p1
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE4}")"
DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\""
TIME="\"$(date -d "${modified}" "+%%R")\""
@@ -144,7 +146,7 @@
-DENABLE_JAVASCRIPT=OFF \
-DENABLE_PHP=OFF \
-DCA_FILE=%{_sysconfdir}/ssl/ca-bundle.pem
-%make_jobs
+%cmake_build
%install
%cmake_install
@@ -154,8 +156,6 @@
%find_lang "%{name}" --with-man
-
-
%files
%doc AUTHORS.adoc ChangeLog.adoc Contributing.adoc
%doc README.adoc ReleaseNotes.adoc
++++++ CVE-2020-8955.patch ++++++
>From 6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashc...@flashtux.org>
Date: Sat, 8 Feb 2020 20:24:50 +0100
Subject: [PATCH] irc: fix crash when receiving a malformed message 324
(channel mode)
Thanks to Stuart Nevans Locke for reporting the issue.
---
ChangeLog.adoc | 1 +
src/plugins/irc/irc-mode.c | 21 ++++++++++++---------
2 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/src/plugins/irc/irc-mode.c b/src/plugins/irc/irc-mode.c
index 2237a344b..e79f0deb7 100644
--- a/src/plugins/irc/irc-mode.c
+++ b/src/plugins/irc/irc-mode.c
@@ -224,17 +224,20 @@ irc_mode_channel_update (struct t_irc_server *server,
current_arg++;
if (pos[0] == chanmode)
{
- chanmode_found = 1;
- if (set_flag == '+')
+ if (!chanmode_found)
{
- str_mode[0] = pos[0];
- str_mode[1] = '\0';
- strcat (new_modes, str_mode);
- if (argument)
+ chanmode_found = 1;
+ if (set_flag == '+')
{
- if (new_args[0])
- strcat (new_args, " ");
- strcat (new_args, argument);
+ str_mode[0] = pos[0];
+ str_mode[1] = '\0';
+ strcat (new_modes, str_mode);
+ if (argument)
+ {
+ if (new_args[0])
+ strcat (new_args, " ");
+ strcat (new_args, argument);
+ }
}
}
}
