Date: Tue, 26 Jan 2010 03:25:03 +0000 (GMT) From: moggie <moggie@elasticmind.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/143242: [maintainer-update|patch] irc/ircd-ratbox: Security fix release Message-ID: <20100126032503.755E626D29F@mail.elasticmind.net> Resent-Message-ID: <201001260330.o0Q3U8SR003103@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 143242 >Category: ports >Synopsis: [maintainer-update|patch] irc/ircd-ratbox: Security fix release >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Jan 26 03:30:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: moggie >Release: FreeBSD 7.2-RELEASE-p5 amd64 >Organization: >Environment: System: FreeBSD 7.2-RELEASE-p5 FreeBSD 7.2-RELEASE-p5 #0: Thu Dec 3 18:59:41 GMT 2009 amd64 >Description: Two vulnerabilities have been discovered in the 2.2.x branch of ratbox: o The first affects the '/quote HELP' module and allows a user to trigger an IRCD crash on some platforms. o The second affects the '/links' processing module when the flatten_links configuration option is not enabled. Both of these issues have been corrected in the most recent ircd-ratbox-2.2.9 release for the 2.2.x branch. As a temporary work-around, the m_help.so and m_links.so modules can be unloaded until the IRCD itself is upgraded. Note that the 2.2.x branch of ircd-ratbox is expected to be deprecated within the not too distant future. Admins wishing to keep up-to-date with developments may wish to consider moving to ratbox-3 (irc/ircd-ratbox-devel). >How-To-Repeat: >Fix: --- ircd-ratbox-2.2.9.diff begins here --- diff -ruN ircd-ratbox.orig/Makefile ircd-ratbox/Makefile --- ircd-ratbox.orig/Makefile 2010-01-25 21:13:14.000000000 +0000 +++ ircd-ratbox/Makefile 2010-01-26 01:34:07.000000000 +0000 @@ -7,20 +7,20 @@ # ex: ts=8 PORTNAME= ircd-ratbox -PORTVERSION= 2.2.8 +PORTVERSION= 2.2.9 CATEGORIES= irc ipv6 MASTER_SITES= ftp://ftp.ircd-ratbox.org/pub/ircd-ratbox/ \ ftp://ftp.demon.co.uk/pub/mirrors/ircd-ratbox/ \ http://www.ircd-ratbox.org/download/ \ ftp://ftp.parodius.com/pub/ircd-ratbox/ \ http://www.ircd-ratbox.org/download/old/ -EXTRACT_SUFX= .tgz MAINTAINER= moggie@elasticmind.net COMMENT= An advanced, stable IRC daemon, used on many EFnet servers CONFLICTS= ircd-ratbox-devel-[0-9]* +USE_BZIP2= yes MAN8= ircd.8 USE_RC_SUBR= ircd-ratbox.sh USE_PERL5_BUILD= yes @@ -124,10 +124,10 @@ @${ECHO_MSG} "Press CTRL+C now if you wish to set them." @${ECHO_MSG} "" -post-patch: +pre-build: @${REINPLACE_CMD} -e "s#-O2##" ${WRKSRC}/configure - @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \ - ${WRKSRC}/doc/example.conf \ + @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \ + ${WRKSRC}/doc/example.conf \ ${WRKSRC}/doc/example.efnet.conf @${REINPLACE_CMD} -e "s#%%LOGDIR%%#${LOGDIR}#g" \ ${WRKSRC}/doc/example.conf \ @@ -174,7 +174,8 @@ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -#-- execute ircd-shortcut perl script to generate the .c file. ----- +#------ Execute ircd-shortcut perl script to generate the .c file. ----- + @${ECHO_MSG} "Executing ircd-shortcut.pl for ircd-shortcuts generation." ${PERL} ${WRKSRC}/contrib/ircd-shortcut.pl pre-su-install: diff -ruN ircd-ratbox.orig/distinfo ircd-ratbox/distinfo --- ircd-ratbox.orig/distinfo 2010-01-25 21:13:14.000000000 +0000 +++ ircd-ratbox/distinfo 2010-01-25 21:19:06.000000000 +0000 @@ -1,3 +1,3 @@ -MD5 (ircd-ratbox-2.2.8.tgz) = d4cccf7dd1523e362b5c38c1a20884e2 -SHA256 (ircd-ratbox-2.2.8.tgz) = f5d53e4821437f7d196af6a89f44edc2a1c39afed33a640c42c99f4f76c7b787 -SIZE (ircd-ratbox-2.2.8.tgz) = 730097 +MD5 (ircd-ratbox-2.2.9.tar.bz2) = 8f280d65ed6f246499944e6f00e4dcf6 +SHA256 (ircd-ratbox-2.2.9.tar.bz2) = 8586f1cbc8f4633603fef6ecc587e917ecf7e868d8c068e259ceadfab274449a +SIZE (ircd-ratbox-2.2.9.tar.bz2) = 578844 --- ircd-ratbox-2.2.9.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100126032503.755E626D29F>