New version

Resolves: CVE-2017-5193
  Resolves: CVE-2017-5194
  Resolves: CVE-2017-5195
  Resolves: CVE-2017-5196
  Resolves: CVE-2017-5356
Dropped CVE-2016-7553 patch (upstreamed)

irssi-0.8.20-CVE-2016-7553.patch

@@ -1,125 +0,0 @@
-From f1b1eb154baa684fad5d65bf4dff79c8ded8b65a Mon Sep 17 00:00:00 2001
-From: Juerd Waalboer <juerd@tnx.nl>
-Date: Thu, 22 Sep 2016 02:26:09 +0200
-Subject: [PATCH] Fix disclosure via filesystem
-
-buf.pl restores the scrollbuffer between "/upgrade"s by writing the
-contents to a file, and reading that after the new process was spawned.
-Through that file, the contents of (private) chat conversations may leak to
-other users.
-
-Careful users with a limited umask (e.g. 077) are not affected by this bug.
-However, most Linux systems default to a umask of 022, meaning that files
-written without further restricting the permissions, are readable by any
-user.
-
-This patch sets a safer umask of 077 for the scrollbuffer dump, and will
-remove the temporary file after use to further reduce the attack surface.
-Additionally, it will remove any remaining temporary scrollbuffer file left
-in place, like those written by previous versions of the script.
----
- scripts/buf.pl | 42 ++++++++++++++++++++++++++++--------------
- 1 file changed, 28 insertions(+), 14 deletions(-)
-
-diff --git a/scripts/buf.pl b/scripts/buf.pl
-index da50e82..6d907f1 100644
---- a/scripts/buf.pl
-+++ b/scripts/buf.pl
-@@ -5,7 +5,7 @@
-              settings_get_str settings_get_bool channels windows
- 	     settings_add_str settings_add_bool get_irssi_dir
- 	     window_find_refnum signal_stop);
--$VERSION = '2.13';
-+$VERSION = '2.20';
- %IRSSI = (
-     authors	=> 'Juerd',
-     contact	=> 'juerd@juerd.nl',
-@@ -13,10 +13,8 @@
-     description	=> 'Saves the buffer for /upgrade, so that no information is lost',
-     license	=> 'Public Domain',
-     url		=> 'http://juerd.nl/irssi/',
--    changed	=> 'Mon May 13 19:41 CET 2002',
--    changes	=> 'Severe formatting bug removed * oops, I ' .
--                   'exposed Irssi to ircII foolishness * sorry ' .
--		   '** removed logging stuff (this is a fix)',
-+    changed	=> 'Thu Sep 22 01:37 CEST 2016',
-+    changes	=> 'Fixed file permissions (leaked everything via filesystem)',
-     note1	=> 'This script HAS TO BE in your scripts/autorun!',
-     note2	=> 'Perl support must be static or in startup',
- );
-@@ -39,9 +37,15 @@
- 
- my %suppress;
- 
-+sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir }
-+
- sub upgrade {
--    open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
--    print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
-+    my $fn = _filename;
-+    my $old_umask = umask 0077;
-+    open my $fh, q{>}, $fn or die "open $fn: $!";
-+    umask $old_umask;
-+
-+    print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
-     for my $window (windows) {
- 	next unless defined $window;
- 	next if $window->{name} eq 'status';
-@@ -57,36 +61,39 @@ sub upgrade {
- 		redo if defined $line;
- 	    }
- 	}
--	printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf;
-+	printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf;
-     }
--    close BUF;
-+    close $fh;
-     unlink sprintf("%s/sessionconfig", get_irssi_dir);
-     command 'layout save';
-     command 'save';
- }
- 
- sub restore {
--    open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
--    my @suppress = split /\0/, <BUF>;
-+    my $fn = _filename;
-+    open my $fh, q{<}, $fn or die "open $fn: $!";
-+    unlink $fn or warn "unlink $fn: $!";
-+
-+    my @suppress = split /\0/, readline $fh;
-     if (settings_get_bool 'upgrade_suppress_join') {
- 	chomp $suppress[-1];
- 	@suppress{@suppress} = (2) x @suppress;
-     }
-     active_win->command('^window scroll off');
--    while (my $bla = <BUF>){
-+    while (my $bla = readline $fh){
- 	chomp $bla;
- 	my ($refnum, $lines) = split /:/, $bla;
- 	next unless $lines;
- 	my $window = window_find_refnum $refnum;
- 	unless (defined $window){
--	    <BUF> for 1..$lines;
-+	    readline $fh for 1..$lines;
- 	    next;
- 	}
- 	my $view = $window->view;
- 	$view->remove_all_lines();
- 	$view->redraw();
- 	my $buf = '';
--	$buf .= <BUF> for 1..$lines;
-+	$buf .= readline $fh for 1..$lines;
- 	my $sep = settings_get_str 'upgrade_separator';
- 	$sep .= "\n" if $sep ne '';
- 	$window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep");
-@@ -119,3 +126,10 @@ sub suppress {
- unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) {
-     Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!');
- }
-+
-+# Remove any left-over file. If 'session' doesn't exist (created by irssi
-+# during /UPGRADE), neither should our file.
-+unless (-e sprintf('%s/session', get_irssi_dir)) {
-+    my $fn = _filename;
-+    unlink $fn or warn "unlink $fn: $!" if -e $fn;
-+}

irssi.spec

@@ -2,8 +2,8 @@
 
 Summary:	Modular text mode IRC client with Perl scripting
 Name:		irssi
-Version:	0.8.20
+Version:	0.8.21
-Release:	2%{?dist}
+Release:	1%{?dist}
 
 License:	GPLv2+
 Group:		Applications/Communications
@@ -15,7 +15,6 @@ BuildRequires:	ncurses-devel openssl-devel zlib-devel
 BuildRequires:	pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed)
 BuildRequires:	autoconf automake libtool
 Requires:	perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
-Patch0:	irssi-0.8.20-CVE-2016-7553.patch
 
 %package devel
 Summary:	Development package for irssi
@@ -37,7 +36,6 @@ being maintained.
 
 %prep
 %setup -q
-%patch0 -p1 -b .CVE-2016-7553
 
 %build
 autoreconf -i
@@ -89,6 +87,15 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Jan 19 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 0.8.21-1
+- New version
+  Resolves: CVE-2017-5193
+  Resolves: CVE-2017-5194
+  Resolves: CVE-2017-5195
+  Resolves: CVE-2017-5196
+  Resolves: CVE-2017-5356
+- Dropped CVE-2016-7553 patch (upstreamed)
+
 * Mon Sep 26 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 0.8.20-2
 - Fixed buf.pl not to disclosure information through the filesystem
   Resolves: CVE-2016-7553

sources

@@ -1 +1 @@
-67d48c5feec2d3b949d088aa4abc3601  irssi-0.8.20.tar.xz
+SHA512 (irssi-0.8.21.tar.xz) = 110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642