import irssi-1.1.1-3.el8
This commit is contained in:
parent
b8ca18e4a3
commit
ec8fb40027
43
SOURCES/irssi-1.1.1-CVE-2019-13045.patch
Normal file
43
SOURCES/irssi-1.1.1-CVE-2019-13045.patch
Normal file
@ -0,0 +1,43 @@
|
||||
diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c
|
||||
index a9221e0..9cffc86 100644
|
||||
--- a/src/irc/core/irc-core.c
|
||||
+++ b/src/irc/core/irc-core.c
|
||||
@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn)
|
||||
|
||||
g_free_not_null(ircconn->usermode);
|
||||
g_free_not_null(ircconn->alternate_nick);
|
||||
+ g_free_not_null(ircconn->sasl_username);
|
||||
+ g_free_not_null(ircconn->sasl_password);
|
||||
}
|
||||
|
||||
void irc_core_init(void)
|
||||
diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c
|
||||
index ca61492..715ab38 100644
|
||||
--- a/src/irc/core/irc-servers-reconnect.c
|
||||
+++ b/src/irc/core/irc-servers-reconnect.c
|
||||
@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest,
|
||||
rec->usermode = g_strdup(src->usermode);
|
||||
rec->alternate_nick = g_strdup(src->alternate_nick);
|
||||
rec->sasl_mechanism = src->sasl_mechanism;
|
||||
- rec->sasl_username = src->sasl_username;
|
||||
- rec->sasl_password = src->sasl_password;
|
||||
+ rec->sasl_username = g_strdup(src->sasl_username);
|
||||
+ rec->sasl_password = g_strdup(src->sasl_password);
|
||||
*dest = (SERVER_CONNECT_REC *) rec;
|
||||
}
|
||||
|
||||
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
|
||||
index e79557a..5fb5c2b 100644
|
||||
--- a/src/irc/core/irc-servers-setup.c
|
||||
+++ b/src/irc/core/irc-servers-setup.c
|
||||
@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
|
||||
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
|
||||
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
|
||||
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
||||
- conn->sasl_username = ircnet->sasl_username;
|
||||
- conn->sasl_password = ircnet->sasl_password;
|
||||
+ conn->sasl_username = g_strdup(ircnet->sasl_username);
|
||||
+ conn->sasl_password = g_strdup(ircnet->sasl_password);
|
||||
} else
|
||||
g_warning("The fields sasl_username and sasl_password are either missing or empty");
|
||||
}
|
@ -3,7 +3,7 @@
|
||||
Summary: Modular text mode IRC client with Perl scripting
|
||||
Name: irssi
|
||||
Version: 1.1.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
License: GPLv2+
|
||||
Group: Applications/Communications
|
||||
@ -15,6 +15,7 @@ BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::E
|
||||
BuildRequires: autoconf automake libtool
|
||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||
Patch0: irssi-1.1.1-coverity-scan-fix.patch
|
||||
Patch1: irssi-1.1.1-CVE-2019-13045.patch
|
||||
|
||||
%package devel
|
||||
Summary: Development package for irssi
|
||||
@ -37,6 +38,7 @@ being maintained.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .coverity-scan-fix
|
||||
%patch1 -p1 -b .CVE-2019-13045
|
||||
|
||||
%build
|
||||
autoreconf -i
|
||||
@ -85,6 +87,10 @@ chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch}
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 1 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-3
|
||||
- Fixed use after free when sending SASL login to server
|
||||
Resolves: CVE-2019-13045
|
||||
|
||||
* Thu Dec 6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-2
|
||||
- Fixed issue found by coverity scan
|
||||
Resolves: rhbz#1602558
|
||||
|
Loading…
Reference in New Issue
Block a user