OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 19-Oct-2003 09:12:52 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003101908125001 Added files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/ircd ircd.patch Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/ircd ircd.spec Log: SA-2003.045-ircd; CAN-2003-0864 Summary: Revision Changes Path 1.1.4.1 +62 -0 openpkg-src/ircd/ircd.patch 1.28.2.1.2.2+4 -2 openpkg-src/ircd/ircd.spec 1.7056 +1 -0 openpkg-web/news.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/ircd/ircd.patch ============================================================================ $ cvs diff -u -r0 -r1.1.4.1 ircd.patch --- /dev/null 2003-10-19 09:12:52.000000000 +0200 +++ ircd.patch 2003-10-19 09:12:52.000000000 +0200 @@ -0,0 +1,62 @@ + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0864 + Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to + 2.10.3p3 allows local users to cause a denial of service + +http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff + Please be advised, that it is strongly recommended to upgrade to + version 2.10.3p5, not only apply that patch. Thank you. + +--- ircd/channel.c.orig Fri Oct 10 22:34:05 2003 ++++ ircd/channel.c Sat Oct 11 00:03:40 2003 +@@ -2001,7 +2001,7 @@ + Reg Link *lp; + Reg aChannel *chptr; + Reg char *name, *key = NULL; +- int i, flags = 0; ++ int i, tmplen, flags = 0; + char *p = NULL, *p2 = NULL, *s, chop[5]; + + if (parc < 2 || *parv[1] == '\0') +@@ -2150,10 +2150,20 @@ + parv[0]), name); + continue; + } ++ tmplen = strlen(name); ++ if (i + tmplen + 2 /* comma and \0 */ ++ >= sizeof(jbuf) ) ++ { ++ ++ break; ++ ++ } + if (*jbuf) +- (void)strcat(jbuf, ","); +- (void)strncat(jbuf, name, sizeof(jbuf) - i - 1); +- i += strlen(name)+1; ++ { ++ jbuf[i++] = ','; ++ } ++ (void)strcpy(jbuf + i, name); ++ i += tmplen; + } + + p = NULL; +@@ -2305,6 +2315,16 @@ + parv[0], name, chop); + else if (*chptr->chname != '&') + { ++ /* ":" (1) "nick" (NICKLEN) " JOIN :" (7), comma (1) ++ ** possible chop (4), ending \r\n\0 (3) = 16 ++ ** must fit in the cbuf as well! --B. */ ++ if (strlen(cbuf) + strlen(name) + NICKLEN + 16 ++ >= sizeof(cbuf)) ++ { ++ sendto_serv_butone(cptr, ":%s JOIN :%s", ++ parv[0], cbuf); ++ cbuf[0] = '\0'; ++ } + if (*cbuf) + strcat(cbuf, ","); + strcat(cbuf, name); + @@ . patch -p0 <<'@@ .' Index: openpkg-src/ircd/ircd.spec ============================================================================ $ cvs diff -u -r1.28.2.1.2.1 -r1.28.2.1.2.2 ircd.spec --- openpkg-src/ircd/ircd.spec 18 Jan 2003 17:20:14 -0000 1.28.2.1.2.1 +++ openpkg-src/ircd/ircd.spec 19 Oct 2003 07:12:51 -0000 1.28.2.1.2.2 @@ -26,14 +26,14 @@ # package information Name: ircd Summary: IRCnet Internet Relay Chat (IRC) Server -URL: http://www.irc.org/~irc/server/ +URL: http://www.irc.org/servers.html Vendor: Jarkko Oikarinen Packager: The OpenPKG Project Distribution: OpenPKG [BASE] Group: Network License: BSD Version: 2.10.3p3 -Release: 1.2.0 +Release: 1.2.1 # list of sources Source0: ftp://ftp.irc.org/irc/server/irc%{version}.tgz @@ -41,6 +41,7 @@ Source2: ircd.conf Patch0: irc%{version}.patch Patch1: ircd.freebsd.patch +Patch2: ircd.patch # build information Prefix: %{l_prefix} @@ -65,6 +66,7 @@ %patch1 -p1 ;; esac + %patch2 -p0 %build CC="%{l_cc}" \ @@ . patch -p0 <<'@@ .' Index: openpkg-web/news.txt ============================================================================ $ cvs diff -u -r1.7055 -r1.7056 news.txt --- openpkg-web/news.txt 19 Oct 2003 07:09:41 -0000 1.7055 +++ openpkg-web/news.txt 19 Oct 2003 07:12:50 -0000 1.7056 @@ -1,3 +1,4 @@ +19-Oct-2003: Upgraded package: P<ircd-2.10.3p3-1.2.1> 19-Oct-2003: Upgraded package: P<ircd-2.10.3p3-1.3.1> 18-Oct-2003: Upgraded package: P<perl-mail-20031018-20031018> 18-Oct-2003: Upgraded package: P<perl-parse-20031018-20031018> @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]