From e95a9d72318294998e0776c45965ed3a1deb97b1 Mon Sep 17 00:00:00 2001 From: James Antill Date: Thu, 26 May 2022 09:51:21 -0400 Subject: [PATCH] Auto sync2gitlab import of irssi-1.1.1-3.el8.src.rpm --- .gitignore | 1 + EMPTY | 1 - irssi-1.1.1-CVE-2019-13045.patch | 43 +++ irssi-1.1.1-coverity-scan-fix.patch | 12 + irssi-config.h | 9 + irssi.spec | 437 ++++++++++++++++++++++++++++ sources | 1 + 7 files changed, 503 insertions(+), 1 deletion(-) create mode 100644 .gitignore delete mode 100644 EMPTY create mode 100644 irssi-1.1.1-CVE-2019-13045.patch create mode 100644 irssi-1.1.1-coverity-scan-fix.patch create mode 100644 irssi-config.h create mode 100644 irssi.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9fb5dbb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/irssi-1.1.1.tar.xz diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/irssi-1.1.1-CVE-2019-13045.patch b/irssi-1.1.1-CVE-2019-13045.patch new file mode 100644 index 0000000..084a15a --- /dev/null +++ b/irssi-1.1.1-CVE-2019-13045.patch @@ -0,0 +1,43 @@ +diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c +index a9221e0..9cffc86 100644 +--- a/src/irc/core/irc-core.c ++++ b/src/irc/core/irc-core.c +@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn) + + g_free_not_null(ircconn->usermode); + g_free_not_null(ircconn->alternate_nick); ++ g_free_not_null(ircconn->sasl_username); ++ g_free_not_null(ircconn->sasl_password); + } + + void irc_core_init(void) +diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c +index ca61492..715ab38 100644 +--- a/src/irc/core/irc-servers-reconnect.c ++++ b/src/irc/core/irc-servers-reconnect.c +@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest, + rec->usermode = g_strdup(src->usermode); + rec->alternate_nick = g_strdup(src->alternate_nick); + rec->sasl_mechanism = src->sasl_mechanism; +- rec->sasl_username = src->sasl_username; +- rec->sasl_password = src->sasl_password; ++ rec->sasl_username = g_strdup(src->sasl_username); ++ rec->sasl_password = g_strdup(src->sasl_password); + *dest = (SERVER_CONNECT_REC *) rec; + } + +diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c +index e79557a..5fb5c2b 100644 +--- a/src/irc/core/irc-servers-setup.c ++++ b/src/irc/core/irc-servers-setup.c +@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn, + if (ircnet->sasl_username != NULL && *ircnet->sasl_username && + ircnet->sasl_password != NULL && *ircnet->sasl_password) { + conn->sasl_mechanism = SASL_MECHANISM_PLAIN; +- conn->sasl_username = ircnet->sasl_username; +- conn->sasl_password = ircnet->sasl_password; ++ conn->sasl_username = g_strdup(ircnet->sasl_username); ++ conn->sasl_password = g_strdup(ircnet->sasl_password); + } else + g_warning("The fields sasl_username and sasl_password are either missing or empty"); + } diff --git a/irssi-1.1.1-coverity-scan-fix.patch b/irssi-1.1.1-coverity-scan-fix.patch new file mode 100644 index 0000000..fce3492 --- /dev/null +++ b/irssi-1.1.1-coverity-scan-fix.patch @@ -0,0 +1,12 @@ +diff --git a/src/irc/dcc/dcc-send.c b/src/irc/dcc/dcc-send.c +index 912129b..5000928 100644 +--- a/src/irc/dcc/dcc-send.c ++++ b/src/irc/dcc/dcc-send.c +@@ -425,6 +425,7 @@ static int dcc_send_one_file(int queue, const char *target, const char *fname, + g_free(str); + if (dcc == NULL) { + g_warn_if_reached(); ++ close(hfile); + return FALSE; + } + diff --git a/irssi-config.h b/irssi-config.h new file mode 100644 index 0000000..b393e7a --- /dev/null +++ b/irssi-config.h @@ -0,0 +1,9 @@ +#include + +#if __WORDSIZE == 32 +#include "irssi-config-32.h" +#elif __WORDSIZE == 64 +#include "irssi-config-64.h" +#else +#error "Unknown word size" +#endif diff --git a/irssi.spec b/irssi.spec new file mode 100644 index 0000000..abd413e --- /dev/null +++ b/irssi.spec @@ -0,0 +1,437 @@ +%define perl_vendorarch %(eval "`perl -V:installvendorarch`"; echo $installvendorarch) + +Summary: Modular text mode IRC client with Perl scripting +Name: irssi +Version: 1.1.1 +Release: 3%{?dist} + +License: GPLv2+ +Group: Applications/Communications +URL: http://irssi.org/ +Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz +Source1: irssi-config.h +BuildRequires: ncurses-devel openssl-devel zlib-devel +BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::Embed) +BuildRequires: autoconf automake libtool +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Patch0: irssi-1.1.1-coverity-scan-fix.patch +Patch1: irssi-1.1.1-CVE-2019-13045.patch + +%package devel +Summary: Development package for irssi +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description +Irssi is a modular IRC client with Perl scripting. Only text-mode +frontend is currently supported. The GTK/GNOME frontend is no longer +being maintained. + +%description devel +This package contains headers needed to develop irssi plugins. + +Irssi is a modular IRC client with Perl scripting. Only text-mode +frontend is currently supported. The GTK/GNOME frontend is no longer +being maintained. + + +%prep +%setup -q +%patch0 -p1 -b .coverity-scan-fix +%patch1 -p1 -b .CVE-2019-13045 + +%build +autoreconf -i +%configure --enable-ipv6 --with-textui \ + --with-proxy \ + --with-bot \ + --with-perl=yes \ + --with-perl-lib=vendor \ + --enable-true-color + +make %{_smp_mflags} CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +mv irssi-config.h irssi-config-$(getconf LONG_BIT).h +cp -p %{SOURCE1} irssi-config.h + + +%install +rm -rf $RPM_BUILD_ROOT +%makeinstall PERL_INSTALL_ROOT=$RPM_BUILD_ROOT INSTALL="%{__install} -p" +install -p irssi-config-$(getconf LONG_BIT).h $RPM_BUILD_ROOT%{_includedir}/%{name}/irssi-config-$(getconf LONG_BIT).h + +rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/modules/lib*.*a +rm -Rf $RPM_BUILD_ROOT/%{_docdir}/%{name} +find $RPM_BUILD_ROOT%{perl_vendorarch} -type f -a -name '*.bs' -a -empty -exec rm -f {} ';' +find $RPM_BUILD_ROOT%{perl_vendorarch} -type f -a -name .packlist -exec rm {} ';' +chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch} + + + + +%files +%defattr(-,root,root,-) +%doc docs/*.txt docs/*.html AUTHORS COPYING NEWS README.md TODO +%config(noreplace) %{_sysconfdir}/%{name}.conf +%{_bindir}/%{name} +%{_bindir}/botti +%{_datadir}/%{name} +%{_libdir}/%{name} +%{_mandir}/man1/%{name}.1* +%{perl_vendorarch}/Irssi* +%{perl_vendorarch}/auto/Irssi + + +%files devel +%defattr(-,root,root,-) +%{_includedir}/irssi/ + + +%changelog +* Fri Nov 1 2019 Jaroslav Škarvada - 1.1.1-3 +- Fixed use after free when sending SASL login to server + Resolves: CVE-2019-13045 + +* Thu Dec 6 2018 Jaroslav Škarvada - 1.1.1-2 +- Fixed issue found by coverity scan + Resolves: rhbz#1602558 + +* Fri Feb 16 2018 Jaroslav Škarvada - 1.1.1-1 +- New version + Resolves: rhbz#1534795 + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 1.0.6-2 +- Rebuilt for switch to libxcrypt + +* Mon Jan 8 2018 Jaroslav Škarvada - 1.0.6-1 +- New version + Resolves: rhbz#1531973 + +* Mon Oct 23 2017 Jaroslav Škarvada - 1.0.5-1 +- New version + Resolves: rhbz#1505182 + +* Wed Aug 02 2017 Fedora Release Engineering - 1.0.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 10 2017 Jaroslav Škarvada - 1.0.4-1 +- New version + Resolves: rhbz#1468785 + Resolves: CVE-2017-10965 + Resolves: CVE-2017-10966 +- Dropped allow-negative-values-in-settings patch (not needed) + +* Tue Jun 27 2017 Jaroslav Škarvada - 1.0.3-1 +- New version + Resolves: rhbz#1459539 + Resolves: CVE-2017-9468 + Resolves: CVE-2017-9469 + +* Sun Jun 04 2017 Jitka Plesnikova - 1.0.2-2 +- Perl 5.26 rebuild + +* Mon Mar 13 2017 Jaroslav Škarvada - 1.0.2-1 +- New version + Resolves: rhbz#1431388 + +* Mon Feb 6 2017 Jaroslav Škarvada - 1.0.1-1 +- New version + Resolves: rhbz#1419372 + +* Thu Jan 19 2017 Jaroslav Škarvada - 1.0.0-1 +- New version + Resolves: rhbz#1410770 + +* Thu Jan 19 2017 Jaroslav Škarvada - 0.8.21-1 +- New version + Resolves: CVE-2017-5193 + Resolves: CVE-2017-5194 + Resolves: CVE-2017-5195 + Resolves: CVE-2017-5196 + Resolves: CVE-2017-5356 +- Dropped CVE-2016-7553 patch (upstreamed) + +* Mon Sep 26 2016 Jaroslav Škarvada - 0.8.20-2 +- Fixed buf.pl not to disclosure information through the filesystem + Resolves: CVE-2016-7553 + +* Thu Sep 22 2016 Jaroslav Škarvada - 0.8.20-1 +- New version + Resolves: rhbz#1378261 + Resolves: CVE-2016-7044 + Resolves: CVE-2016-7045 + +* Sun May 15 2016 Jitka Plesnikova - 0.8.19-2 +- Perl 5.24 rebuild + +* Tue Mar 29 2016 Jaroslav Škarvada - 0.8.19-1 +- New version + Resolves: rhbz#1316054 +- New download URL, switched to XZ compressed sources + +* Thu Feb 04 2016 Fedora Release Engineering - 0.8.17-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.8.17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Jitka Plesnikova - 0.8.17-3 +- Perl 5.22 rebuild + +* Thu Apr 09 2015 Marcin Juszkiewicz - 0.8.17-2 +- Enable 24bit colour support + +* Mon Oct 13 2014 Jaroslav Škarvada - 0.8.17-1 +- New version + Resolves: rhbz#1152060 +- Dropped no-static-unload and man-fix patches (both upstreamed) + +* Wed Aug 27 2014 Jitka Plesnikova - 0.8.16-3 +- Perl 5.20 rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 0.8.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Jun 10 2014 Jaroslav Škarvada - 0.8.16-1 +- New version + Resolves: rhbz#1107342 +- Dropped format-security patch (not needed) + +* Sat Jun 07 2014 Fedora Release Engineering - 0.8.16-0.4.rc1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Dec 4 2013 Jaroslav Škarvada - 0.8.16-0.3.rc1 +- Fixed change log + +* Wed Dec 4 2013 Jaroslav Škarvada - 0.8.16-0.2.rc1 +- Fixed compilation with -Werror=format-security + Resolves: rhbz#1037139 + +* Mon Sep 16 2013 Jaroslav Škarvada - 0.8.16-0.1.rc1 +- New version +- Dropped init-resize-crash-fix (upstreamed) +- Fixed bogus date in changelog (best effort) +- Disabled unloading static modules (by no-static-unload patch) + +* Sat Aug 03 2013 Fedora Release Engineering - 0.8.15-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 0.8.15-14 +- Perl 5.18 rebuild + +* Mon Mar 25 2013 Jaroslav Škarvada - 0.8.15-13 +- Added support for aarch64 + Resolves: rhbz#925598 + +* Thu Feb 14 2013 Fedora Release Engineering - 0.8.15-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Aug 3 2012 Jaroslav Škarvada - 0.8.15-11 +- Removed usage parameter from the man page (popt leftover) + +* Thu Jul 19 2012 Fedora Release Engineering - 0.8.15-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 07 2012 Petr Pisar - 0.8.15-9 +- Perl 5.16 rebuild + +* Fri Feb 24 2012 Jaroslav Škarvada - 0.8.15-8 +- Fixed crash that can occur if term is resized during irssi init + (init-resize-crash-fix patch) + Resolves: rhbz#796457 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.8.15-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Jun 20 2011 Marcela Mašláňová - 0.8.15-6 +- Perl mass rebuild + +* Thu Jun 09 2011 Marcela Mašláňová - 0.8.15-5 +- Perl 5.14 mass rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 0.8.15-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jun 01 2010 Marcela Maslanova - 0.8.15-3 +- Mass rebuild with perl-5.12.0 + +* Mon May 31 2010 Jaroslav Škarvada - 0.8.15-2 +- Rebuilt with -fno-strict-aliasing + +* Tue Apr 13 2010 Jaroslav Škarvada - 0.8.15-1 +- Update to new version: irssi-0.8.15 + +* Fri Dec 4 2009 Stepan Kasal - 0.8.14-4 +- rebuild against perl 5.10.1 + +* Fri Aug 21 2009 Tomas Mraz - 0.8.14-3 +- rebuilt with new openssl + +* Tue Aug 11 2009 Ville Skyttä - 0.8.14-2 +- Use bzipped upstream tarball. + +* Mon Aug 3 2009 Marek Mahut - 0.8.14-1 +- Upstream release 0.8.14 + +* Fri Jul 24 2009 Fedora Release Engineering - 0.8.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jun 23 2009 Huzaifa Sidhpurwala - 0.8.13-2 +- Resolve CVE-2009-1959 + +* Fri May 1 2009 Marek Mahut - 0.8.13-1 +- Upstream release + +* Wed Feb 25 2009 Fedora Release Engineering - 0.8.12-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 17 2009 Tomas Mraz - 0.8.12-12 +- rebuild with new openssl + +* Fri Aug 29 2008 Michael Schwendt - 0.8.12-11 +- Don't include any C header files in main package. + +* Fri Mar 7 2008 Tom "spot" Callaway - 0.8.12-10 +- BR: perl(ExtUtils::Embed) + +* Thu Mar 06 2008 Tom "spot" Callaway - 0.8.12-9 +- Rebuild for new perl + +* Sat Mar 1 2008 Marek Mahut - 0.8.12-8 +- Fix for multiarch conflict (BZ#341591) + +* Tue Feb 19 2008 Fedora Release Engineering - 0.8.12-5 +- Autorebuild for GCC 4.3 + +* Sun Nov 11 2007 Marek Mahut - 0.8.12-3 +- Enabling perl build-in support as per request in BZ#375121 + +* Mon Oct 08 2007 Marek Mahut - 0.8.12-1 +- New release +- Fixes bug from BZ#239511, dropping patch + +* Sun Aug 19 2007 Marek Mahut - 0.8.11-5 +- Fixing properly irssi-support-meta-cursor-xterm.patch + +* Thu Aug 16 2007 Marek Mahut - 0.8.11-4 +- Added irssi-support-meta-cursor-xterm.patch (BZ#239511) + +* Thu Aug 16 2007 Marek Mahut - 0.8.11-2 +- Updating license tag +- Rebuild for 0.8.11 + +* Wed May 2 2007 Dams - 0.8.11-1 +- Updated to 0.8.11 +- Dropped patch0 + +* Sat Apr 21 2007 Dams - 0.8.10-7.a +- Release bump + +* Sun Sep 17 2006 Dams - 0.8.10-6.a +- Bumped release + +* Sun Sep 17 2006 Dams - 0.8.10-5.a +- Updated to 0.8.10a +- Fixed tarball name.. +- Updated Patch0 still from Saleem + +* Wed Mar 15 2006 Dams - 0.8.10-4 +- Added patch from Saleem Abdulrasool to fix invalid pointer. + +* Sat Jan 28 2006 Dams - 0.8.10-3 +- Fixed changelog -_- + +* Sat Jan 28 2006 Dams - 0.8.10-2 +- Disabled gc support + +* Sun Dec 11 2005 Dams - 0.8.10-1 +- Updated to final 0.8.10 + +* Wed Dec 7 2005 Dams - 0.8.10-0.2.rc8 +- Updated to rc8 + +* Tue Nov 15 2005 Dams - 0.8.10-0.1.rc7 +- Dropped patch 2 (seems applied upstream) and 3 (no longer needed) +- Removed conditionnal build against glib1 parts + +* Sun Nov 13 2005 Luke Macken 0.8.9-8 +- Rebuild against new openssl + +* Mon Apr 11 2005 Michael Schwendt 0.8.9-7 +- Two patches to fix build for GCC4 and new Perl with config.h. + +* Thu Apr 7 2005 Michael Schwendt +- rebuilt + +* Fri Dec 24 2004 Michael Schwendt 0:0.8.9-5 +- Reduce Perl dir ownership and add MODULE_COMPAT dependency. + +* Fri Apr 2 2004 Dams 0:0.8.9-0.fdr.4 +- Rebuilt to use new perl to prevent random segmentation fault at load + time + +* Fri Feb 6 2004 Dams 0:0.8.9-0.fdr.3 +- Patch from Michael Schwendt to fix convert-replace-trigger script + (bug #1120 comment #3) + +* Sat Dec 20 2003 Dams 0:0.8.9-0.fdr.2 +- Fixed changelog typo +- Added trigger.pl as replace.pl wont be maintained anymore +- Updated replace.pl to 0.1.4 version +- Added replace.pl URL in Source tag +- Removed .packlist files +- Added as doc a script to convert pref from replace.pl to trigger.pl + +* Thu Dec 11 2003 Dams 0:0.8.9-0.fdr.1 +- Updated to 0.8.9 + +* Mon Nov 24 2003 Dams 0:0.8.8-0.fdr.1 +- Updated to 0.8.8 +- Enabled gc + +* Sun Sep 14 2003 Dams 0:0.8.6-0.fdr.13 +- Rebuild + +* Sun Sep 14 2003 Michael Schwendt 0:0.8.6-0.fdr.12 +- apply openssl patch only if openssl-devel supports pkgconfig + +* Thu Sep 11 2003 Dams 0:0.8.6-0.fdr.11 +- Installing replace.pl in good directory + +* Thu Sep 11 2003 Dams 0:0.8.6-0.fdr.10 +- Rebuild + +* Thu Sep 11 2003 Dams 0:0.8.6-0.fdr.9 +- Using vendor perl directories + +* Thu Sep 11 2003 Dams 0:0.8.6-0.fdr.8 +- Added missing unowned directories +- Added an additionnal useful perl script (replace.pl) + +* Tue Aug 5 2003 Dams 0:0.8.6-0.fdr.7 +- Added zlib-devel buildrequires + +* Sat Jul 12 2003 Dams 0:0.8.6-0.fdr.6 +- Applied Patches from Ville Skyttä (bug #277 comment #11 and + comment #12) + +* Mon Jun 23 2003 Dams 0:0.8.6-0.fdr.5 +- Modified BuildRequires for ssl + +* Wed Jun 11 2003 Dams 0:0.8.6-0.fdr.4 +- Added another dir entry + +* Sun Jun 8 2003 Dams 0:0.8.6-0.fdr.3 +- Added some dir entry in file section + +* Tue May 20 2003 Dams 0:0.8.6-0.fdr.2 +- Exclude modules ".a" files +- Include more files as doc + +* Sat May 10 2003 Dams +- Initial build. diff --git a/sources b/sources new file mode 100644 index 0000000..3012963 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (irssi-1.1.1.tar.xz) = b2fc0805d6213c31bc34c48237baf2e33ac509c0fa09c483fd39f1473e32eee227ff4532efc60fb495c2ec263c05290578bca7ad6d39149e0594f864da5986c0