diff options
| author | eadler <eadler@FreeBSD.org> | 2012-11-10 12:55:47 +0800 |
|---|---|---|
| committer | eadler <eadler@FreeBSD.org> | 2012-11-10 12:55:47 +0800 |
| commit | 8916483675b83382dfdc60aea17f02425171024f (patch) | |
| tree | d2f26326933d8f8a23682b85ee20b2e9dcbbc6b6 | |
| parent | 5f50d36bd66bcb259e49ebbaef5380e2e0d80d53 (diff) | |
| download | freebsd-ports-gnome-8916483675b83382dfdc60aea17f02425171024f.tar.gz freebsd-ports-gnome-8916483675b83382dfdc60aea17f02425171024f.tar.zst freebsd-ports-gnome-8916483675b83382dfdc60aea17f02425171024f.zip | |
Apply an upstream patch that fixes a security hole
when receiving a special colored message.
The maintainer was contacted but due to the nature of
the issue apply the patch ASAP.
Approved by: secteam-ports (swills)
Security: e02c572f-2af0-11e2-bb44-003067b2972c
Feature safe: yes
| -rw-r--r-- | irc/weechat-devel/Makefile | 1 | ||||
| -rw-r--r-- | irc/weechat-devel/files/patch-src-plugins-irc-irc-color.c | 133 | ||||
| -rw-r--r-- | irc/weechat/Makefile | 1 | ||||
| -rw-r--r-- | irc/weechat/files/patch-src-plugins-irc-irc-color.c | 133 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
5 files changed, 298 insertions, 0 deletions
diff --git a/irc/weechat-devel/Makefile b/irc/weechat-devel/Makefile index b3ba24e2879b..912e6980d956 100644 --- a/irc/weechat-devel/Makefile +++ b/irc/weechat-devel/Makefile @@ -2,6 +2,7 @@ PORTNAME= weechat PORTVERSION= 20121103 +PORTREVISION= 1 CATEGORIES= irc MASTER_SITES= http://perturb.me.uk/distfiles/ \ ${MASTER_SITE_LOCAL} diff --git a/irc/weechat-devel/files/patch-src-plugins-irc-irc-color.c b/irc/weechat-devel/files/patch-src-plugins-irc-irc-color.c new file mode 100644 index 000000000000..9703ff679641 --- /dev/null +++ b/irc/weechat-devel/files/patch-src-plugins-irc-irc-color.c @@ -0,0 +1,133 @@ +From 9453e81baa7935db82a0b765a47cba772aba730d Mon Sep 17 00:00:00 2001 +--- src/plugins/irc/irc-color.c ++++ src/plugins/irc/irc-color.c +@@ -62,13 +62,15 @@ char *irc_color_to_weechat[IRC_NUM_COLORS] = + char * + irc_color_decode (const char *string, int keep_colors) + { +- unsigned char *out, *ptr_string; +- int out_length, length, out_pos; +- char str_fg[3], str_bg[3], str_color[128], str_key[128]; ++ unsigned char *out, *out2, *ptr_string; ++ int out_length, length, out_pos, length_to_add; ++ char str_fg[3], str_bg[3], str_color[128], str_key[128], str_to_add[128]; + const char *remapped_color; + int fg, bg, bold, reverse, italic, underline, rc; + + out_length = (strlen (string) * 2) + 1; ++ if (out_length < 128) ++ out_length = 128; + out = malloc (out_length); + if (!out) + return NULL; +@@ -80,20 +82,27 @@ irc_color_decode (const char *string, int keep_colors) + + ptr_string = (unsigned char *)string; + out[0] = '\0'; ++ out_pos = 0; + while (ptr_string && ptr_string[0]) + { ++ str_to_add[0] = '\0'; + switch (ptr_string[0]) + { + case IRC_COLOR_BOLD_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((bold) ? "-bold" : "bold")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((bold) ? "-bold" : "bold")); ++ } + bold ^= 1; + ptr_string++; + break; + case IRC_COLOR_RESET_CHAR: + if (keep_colors) +- strcat ((char *)out, weechat_color("reset")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ("reset")); ++ } + bold = 0; + reverse = 0; + italic = 0; +@@ -106,22 +115,28 @@ irc_color_decode (const char *string, int keep_colors) + case IRC_COLOR_REVERSE_CHAR: + case IRC_COLOR_REVERSE2_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((reverse) ? "-reverse" : "reverse")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((reverse) ? "-reverse" : "reverse")); ++ } + reverse ^= 1; + ptr_string++; + break; + case IRC_COLOR_ITALIC_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((italic) ? "-italic" : "italic")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((italic) ? "-italic" : "italic")); ++ } + italic ^= 1; + ptr_string++; + break; + case IRC_COLOR_UNDERLINE_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((underline) ? "-underline" : "underline")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((underline) ? "-underline" : "underline")); ++ } + underline ^= 1; + ptr_string++; + break; +@@ -194,22 +209,39 @@ irc_color_decode (const char *string, int keep_colors) + (bg >= 0) ? "," : "", + (bg >= 0) ? irc_color_to_weechat[bg] : ""); + } +- strcat ((char *)out, weechat_color(str_color)); ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color (str_color)); + } + else +- strcat ((char *)out, weechat_color("resetcolor")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ("resetcolor")); ++ } + } + break; + default: + length = weechat_utf8_char_size ((char *)ptr_string); + if (length == 0) + length = 1; +- out_pos = strlen ((char *)out); +- memcpy (out + out_pos, ptr_string, length); +- out[out_pos + length] = '\0'; ++ memcpy (str_to_add, ptr_string, length); ++ str_to_add[length] = '\0'; + ptr_string += length; + break; + } ++ if (str_to_add[0]) ++ { ++ length_to_add = strlen (str_to_add); ++ if (out_pos + length_to_add >= out_length) ++ { ++ out_length *= 2; ++ out2 = realloc (out, out_length); ++ if (!out2) ++ return (char *)out; ++ out = out2; ++ } ++ memcpy (out + out_pos, str_to_add, length_to_add + 1); ++ out_pos += length_to_add; ++ } + } + + return (char *)out; diff --git a/irc/weechat/Makefile b/irc/weechat/Makefile index f3decffc6835..5ea81d60f7bb 100644 --- a/irc/weechat/Makefile +++ b/irc/weechat/Makefile @@ -3,6 +3,7 @@ PORTNAME= weechat PORTVERSION= 0.3.9 +PORTREVISION= 1 CATEGORIES= irc MASTER_SITES= http://weechat.org/files/src/ diff --git a/irc/weechat/files/patch-src-plugins-irc-irc-color.c b/irc/weechat/files/patch-src-plugins-irc-irc-color.c new file mode 100644 index 000000000000..9703ff679641 --- /dev/null +++ b/irc/weechat/files/patch-src-plugins-irc-irc-color.c @@ -0,0 +1,133 @@ +From 9453e81baa7935db82a0b765a47cba772aba730d Mon Sep 17 00:00:00 2001 +--- src/plugins/irc/irc-color.c ++++ src/plugins/irc/irc-color.c +@@ -62,13 +62,15 @@ char *irc_color_to_weechat[IRC_NUM_COLORS] = + char * + irc_color_decode (const char *string, int keep_colors) + { +- unsigned char *out, *ptr_string; +- int out_length, length, out_pos; +- char str_fg[3], str_bg[3], str_color[128], str_key[128]; ++ unsigned char *out, *out2, *ptr_string; ++ int out_length, length, out_pos, length_to_add; ++ char str_fg[3], str_bg[3], str_color[128], str_key[128], str_to_add[128]; + const char *remapped_color; + int fg, bg, bold, reverse, italic, underline, rc; + + out_length = (strlen (string) * 2) + 1; ++ if (out_length < 128) ++ out_length = 128; + out = malloc (out_length); + if (!out) + return NULL; +@@ -80,20 +82,27 @@ irc_color_decode (const char *string, int keep_colors) + + ptr_string = (unsigned char *)string; + out[0] = '\0'; ++ out_pos = 0; + while (ptr_string && ptr_string[0]) + { ++ str_to_add[0] = '\0'; + switch (ptr_string[0]) + { + case IRC_COLOR_BOLD_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((bold) ? "-bold" : "bold")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((bold) ? "-bold" : "bold")); ++ } + bold ^= 1; + ptr_string++; + break; + case IRC_COLOR_RESET_CHAR: + if (keep_colors) +- strcat ((char *)out, weechat_color("reset")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ("reset")); ++ } + bold = 0; + reverse = 0; + italic = 0; +@@ -106,22 +115,28 @@ irc_color_decode (const char *string, int keep_colors) + case IRC_COLOR_REVERSE_CHAR: + case IRC_COLOR_REVERSE2_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((reverse) ? "-reverse" : "reverse")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((reverse) ? "-reverse" : "reverse")); ++ } + reverse ^= 1; + ptr_string++; + break; + case IRC_COLOR_ITALIC_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((italic) ? "-italic" : "italic")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((italic) ? "-italic" : "italic")); ++ } + italic ^= 1; + ptr_string++; + break; + case IRC_COLOR_UNDERLINE_CHAR: + if (keep_colors) +- strcat ((char *)out, +- weechat_color((underline) ? "-underline" : "underline")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ((underline) ? "-underline" : "underline")); ++ } + underline ^= 1; + ptr_string++; + break; +@@ -194,22 +209,39 @@ irc_color_decode (const char *string, int keep_colors) + (bg >= 0) ? "," : "", + (bg >= 0) ? irc_color_to_weechat[bg] : ""); + } +- strcat ((char *)out, weechat_color(str_color)); ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color (str_color)); + } + else +- strcat ((char *)out, weechat_color("resetcolor")); ++ { ++ snprintf (str_to_add, sizeof (str_to_add), "%s", ++ weechat_color ("resetcolor")); ++ } + } + break; + default: + length = weechat_utf8_char_size ((char *)ptr_string); + if (length == 0) + length = 1; +- out_pos = strlen ((char *)out); +- memcpy (out + out_pos, ptr_string, length); +- out[out_pos + length] = '\0'; ++ memcpy (str_to_add, ptr_string, length); ++ str_to_add[length] = '\0'; + ptr_string += length; + break; + } ++ if (str_to_add[0]) ++ { ++ length_to_add = strlen (str_to_add); ++ if (out_pos + length_to_add >= out_length) ++ { ++ out_length *= 2; ++ out2 = realloc (out, out_length); ++ if (!out2) ++ return (char *)out; ++ out = out2; ++ } ++ memcpy (out + out_pos, str_to_add, length_to_add + 1); ++ out_pos += length_to_add; ++ } + } + + return (char *)out; diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1b0eb10ed12e..96ba109b14b9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e02c572f-2af0-11e2-bb44-003067b2972c"> + <topic>weechat -- crash bug from specially crafted messages</topic> + <affects> + <package> + <name>weechat</name> + <range><le>0.3.9</le></range> + </package> + <package> + <name>weechat-devel</name> + <range><le>20121103</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Sebastien Helleu reports:</p> + <blockquote cite="https://savannah.nongnu.org/bugs/?37704"> + <p>weechat is vulnerable to a crash when sending a special coloured + message.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/173513</freebsdpr> + </references> + <dates> + <discovery>2012-11-09</discovery> + <entry>2012-11-10</entry> + </dates> + </vuln> + <vuln vid="5e647ca3-2aea-11e2-b745-001fd0af1a4c"> <topic>lang/ruby19 -- Hash-flooding DoS vulnerability for ruby 1.9</topic> <affects> |