main/irssi: fix for CVE-2017-10965 and CVE-2017-10966. Fixes #7517

author: Francesco Colista <fcolista@alpinelinux.org> 2017-08-09 08:44:10 +0000
committer: Francesco Colista <fcolista@alpinelinux.org> 2017-08-09 08:44:59 +0000
commit: 52d4d14ef14530f33217fa687536a6af4f680de9 (patch)
tree: 6bc78598639186e709d482a94a3fbe3decfa4f0b
parent: 330f754f59d7cc8bdd3c7e4ecf31978eaa613129 (diff)
download: aports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.bz2
aports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.xz
2 files changed, 83 insertions, 4 deletions
diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index 39916a1f95..afc63c69f2 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Kiyoshi Aman <kiyoshi.aman@gmail.com>
 pkgname=irssi
 pkgver=0.8.21
-pkgrel=1
+pkgrel=2
 pkgdesc="A modular textUI IRC client with IPv6 support"
 url="http://irssi.org/"
 arch="all"
@@ -12,10 +12,14 @@ makedepends="glib-dev openssl-dev ncurses-dev perl-dev automake autoconf libtool
 subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
 source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz
 	CVE-2017-9468.patch
+	CVE-2017-10965-10966.patch
 	"
 _builddir="$srcdir"/$pkgname-$pkgver
 
 # secfixes:
+#   0.8.21.r2:
+#     - CVE-2017-10965
+#     - CVE-2017-10966
 #   0.8.21-r1:
 #     - CVE-2017-9468
 #   0.8.21-r0:
@@ -84,8 +88,11 @@ proxy() {
 }
 
 md5sums="b820760c3b4f3b0c24abe4db82b6366a  irssi-0.8.21.tar.xz
-09307e506db9deef2d678101041ac79a  CVE-2017-9468.patch"
+09307e506db9deef2d678101041ac79a  CVE-2017-9468.patch
+f3c8acd17229df9c19fab1691217982f  CVE-2017-10965-10966.patch"
 sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a  irssi-0.8.21.tar.xz
-8d032e96ff6273de052dfc203fb2b16b90cfd029b71805fda9cfda0ce1a053ba  CVE-2017-9468.patch"
+8d032e96ff6273de052dfc203fb2b16b90cfd029b71805fda9cfda0ce1a053ba  CVE-2017-9468.patch
+a54c17663204b8a928e65fe136d57f473ac8b59437e6741a2a018aab60954a7a  CVE-2017-10965-10966.patch"
 sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642  irssi-0.8.21.tar.xz
-9fe90deea2002c976678739bda7a58f88c611969a1800bf2e15e152fff3075b63117f3dddc3f491ef845b84dc928503b95f7db13b6a23d80a2f9bb8aef3f2bb6  CVE-2017-9468.patch"
+9fe90deea2002c976678739bda7a58f88c611969a1800bf2e15e152fff3075b63117f3dddc3f491ef845b84dc928503b95f7db13b6a23d80a2f9bb8aef3f2bb6  CVE-2017-9468.patch
+166833d0008b2555d1bf787835a06663f4ffc7cde9138f7b1690b18d59018df56329ef361c42e5b1f0064aa490e21829a25791d13f92cc5d0b06f7802282951c  CVE-2017-10965-10966.patch"
diff --git a/main/irssi/CVE-2017-10965-10966.patch b/main/irssi/CVE-2017-10965-10966.patch
new file mode 100644
index 0000000000..30b5192231
--- /dev/null
+++ b/main/irssi/CVE-2017-10965-10966.patch
@@ -0,0 +1,72 @@
+From 29ebac987da1da2c892aed5ed329256b7bc94bca Mon Sep 17 00:00:00 2001
+From: Nei <ailin.nemui@gmail.com>
+Date: Thu, 29 Jun 2017 13:48:44 +0000
+Subject: [PATCH 1/2] Check return value of localtime
+
+Fixes #10
+---
+ src/core/misc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/misc.c b/src/core/misc.c
+index ce49925b1..0b2d8e776 100644
+--- a/src/core/misc.c
++++ b/src/core/misc.c
+@@ -560,6 +560,9 @@ char *my_asctime(time_t t)
+         int len;
+ 
+ 	tm = localtime(&t);
++	if (tm == NULL)
++	    return g_strdup("???");
++
+ 	str = g_strdup(asctime(tm));
+ 
+ 	len = strlen(str);
+
+From 73b851c39c11d01199e6c040749fb20e468f6c8d Mon Sep 17 00:00:00 2001
+From: ailin-nemui <ailin-nemui@users.noreply.github.com>
+Date: Tue, 4 Jul 2017 16:10:55 +0200
+Subject: [PATCH 2/2] correct GHashTable usage
+
+---
+ src/core/nicklist.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/src/core/nicklist.c b/src/core/nicklist.c
+index 54dfb5fb2..0bc88ab8d 100644
+--- a/src/core/nicklist.c
++++ b/src/core/nicklist.c
+@@ -54,23 +54,26 @@ static void nick_hash_add(CHANNEL_REC *channel, NICK_REC *nick)
+ 
+ static void nick_hash_remove(CHANNEL_REC *channel, NICK_REC *nick)
+ {
+-	NICK_REC *list;
++	NICK_REC *list, *newlist;
+ 
+ 	list = g_hash_table_lookup(channel->nicks, nick->nick);
+ 	if (list == NULL)
+ 		return;
+ 
+-	if (list == nick || list->next == NULL) {
+-		g_hash_table_remove(channel->nicks, nick->nick);
+-		if (list->next != NULL) {
+-			g_hash_table_insert(channel->nicks, nick->next->nick,
+-					    nick->next);
+-		}
++	if (list == nick) {
++		newlist = nick->next;
+ 	} else {
++		newlist = list;
+ 		while (list->next != nick)
+ 			list = list->next;
+ 		list->next = nick->next;
+ 	}
++
++	g_hash_table_remove(channel->nicks, nick->nick);
++	if (newlist != NULL) {
++		g_hash_table_insert(channel->nicks, newlist->nick,
++				    newlist);
++	}
+ }
+ 
+ /* Add new nick to list */
author	Francesco Colista <fcolista@alpinelinux.org>	2017-08-09 08:44:10 +0000
committer	Francesco Colista <fcolista@alpinelinux.org>	2017-08-09 08:44:59 +0000
commit	52d4d14ef14530f33217fa687536a6af4f680de9 (patch)
tree	6bc78598639186e709d482a94a3fbe3decfa4f0b
parent	330f754f59d7cc8bdd3c7e4ecf31978eaa613129 (diff)
download	aports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.bz2 aports-52d4d14ef14530f33217fa687536a6af4f680de9.tar.xz