Compare commits
1 Commits
imports/c8
...
c8
| Author | SHA1 | Date | |
|---|---|---|---|
|
ec8fb40027 |
43
SOURCES/irssi-1.1.1-CVE-2019-13045.patch
Normal file
43
SOURCES/irssi-1.1.1-CVE-2019-13045.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
diff --git a/src/irc/core/irc-core.c b/src/irc/core/irc-core.c
|
||||||
|
index a9221e0..9cffc86 100644
|
||||||
|
--- a/src/irc/core/irc-core.c
|
||||||
|
+++ b/src/irc/core/irc-core.c
|
||||||
|
@@ -75,6 +75,8 @@ static void destroy_server_connect(SERVER_CONNECT_REC *conn)
|
||||||
|
|
||||||
|
g_free_not_null(ircconn->usermode);
|
||||||
|
g_free_not_null(ircconn->alternate_nick);
|
||||||
|
+ g_free_not_null(ircconn->sasl_username);
|
||||||
|
+ g_free_not_null(ircconn->sasl_password);
|
||||||
|
}
|
||||||
|
|
||||||
|
void irc_core_init(void)
|
||||||
|
diff --git a/src/irc/core/irc-servers-reconnect.c b/src/irc/core/irc-servers-reconnect.c
|
||||||
|
index ca61492..715ab38 100644
|
||||||
|
--- a/src/irc/core/irc-servers-reconnect.c
|
||||||
|
+++ b/src/irc/core/irc-servers-reconnect.c
|
||||||
|
@@ -49,8 +49,8 @@ static void sig_server_connect_copy(SERVER_CONNECT_REC **dest,
|
||||||
|
rec->usermode = g_strdup(src->usermode);
|
||||||
|
rec->alternate_nick = g_strdup(src->alternate_nick);
|
||||||
|
rec->sasl_mechanism = src->sasl_mechanism;
|
||||||
|
- rec->sasl_username = src->sasl_username;
|
||||||
|
- rec->sasl_password = src->sasl_password;
|
||||||
|
+ rec->sasl_username = g_strdup(src->sasl_username);
|
||||||
|
+ rec->sasl_password = g_strdup(src->sasl_password);
|
||||||
|
*dest = (SERVER_CONNECT_REC *) rec;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
|
||||||
|
index e79557a..5fb5c2b 100644
|
||||||
|
--- a/src/irc/core/irc-servers-setup.c
|
||||||
|
+++ b/src/irc/core/irc-servers-setup.c
|
||||||
|
@@ -101,8 +101,8 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
|
||||||
|
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
|
||||||
|
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
|
||||||
|
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
||||||
|
- conn->sasl_username = ircnet->sasl_username;
|
||||||
|
- conn->sasl_password = ircnet->sasl_password;
|
||||||
|
+ conn->sasl_username = g_strdup(ircnet->sasl_username);
|
||||||
|
+ conn->sasl_password = g_strdup(ircnet->sasl_password);
|
||||||
|
} else
|
||||||
|
g_warning("The fields sasl_username and sasl_password are either missing or empty");
|
||||||
|
}
|
||||||
@ -3,7 +3,7 @@
|
|||||||
Summary: Modular text mode IRC client with Perl scripting
|
Summary: Modular text mode IRC client with Perl scripting
|
||||||
Name: irssi
|
Name: irssi
|
||||||
Version: 1.1.1
|
Version: 1.1.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: Applications/Communications
|
Group: Applications/Communications
|
||||||
@ -15,6 +15,7 @@ BuildRequires: pkgconfig glib2-devel perl-devel perl-generators perl(ExtUtils::E
|
|||||||
BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||||
Patch0: irssi-1.1.1-coverity-scan-fix.patch
|
Patch0: irssi-1.1.1-coverity-scan-fix.patch
|
||||||
|
Patch1: irssi-1.1.1-CVE-2019-13045.patch
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development package for irssi
|
Summary: Development package for irssi
|
||||||
@ -37,6 +38,7 @@ being maintained.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .coverity-scan-fix
|
%patch0 -p1 -b .coverity-scan-fix
|
||||||
|
%patch1 -p1 -b .CVE-2019-13045
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -i
|
autoreconf -i
|
||||||
@ -85,6 +87,10 @@ chmod -R u+w $RPM_BUILD_ROOT%{perl_vendorarch}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 1 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-3
|
||||||
|
- Fixed use after free when sending SASL login to server
|
||||||
|
Resolves: CVE-2019-13045
|
||||||
|
|
||||||
* Thu Dec 6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-2
|
* Thu Dec 6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 1.1.1-2
|
||||||
- Fixed issue found by coverity scan
|
- Fixed issue found by coverity scan
|
||||||
Resolves: rhbz#1602558
|
Resolves: rhbz#1602558
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user