From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Jan 26 03:30:08 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E03131065700 for ; Tue, 26 Jan 2010 03:30:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C0B3B8FC16 for ; Tue, 26 Jan 2010 03:30:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0Q3U8Ix003108 for ; Tue, 26 Jan 2010 03:30:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0Q3U8SR003103; Tue, 26 Jan 2010 03:30:08 GMT (envelope-from gnats) Resent-Date: Tue, 26 Jan 2010 03:30:08 GMT Resent-Message-Id: <201001260330.o0Q3U8SR003103@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, moggie Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EA4E1065693 for ; Tue, 26 Jan 2010 03:25:22 +0000 (UTC) (envelope-from moggie@elasticmind.net) Received: from mail.elasticmind.net (mail.elasticmind.net [85.113.90.11]) by mx1.freebsd.org (Postfix) with ESMTP id 335D98FC12 for ; Tue, 26 Jan 2010 03:25:22 +0000 (UTC) Received: by mail.elasticmind.net (Postfix, from userid 1001) id 755E626D29F; Tue, 26 Jan 2010 03:25:03 +0000 (GMT) Message-Id: <20100126032503.755E626D29F@mail.elasticmind.net> Date: Tue, 26 Jan 2010 03:25:03 +0000 (GMT) From: moggie To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/143242: [maintainer-update|patch] irc/ircd-ratbox: Security fix release X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: moggie List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jan 2010 03:30:09 -0000 >Number: 143242 >Category: ports >Synopsis: [maintainer-update|patch] irc/ircd-ratbox: Security fix release >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Jan 26 03:30:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: moggie >Release: FreeBSD 7.2-RELEASE-p5 amd64 >Organization: >Environment: System: FreeBSD 7.2-RELEASE-p5 FreeBSD 7.2-RELEASE-p5 #0: Thu Dec 3 18:59:41 GMT 2009 amd64 >Description: Two vulnerabilities have been discovered in the 2.2.x branch of ratbox: o The first affects the '/quote HELP' module and allows a user to trigger an IRCD crash on some platforms. o The second affects the '/links' processing module when the flatten_links configuration option is not enabled. Both of these issues have been corrected in the most recent ircd-ratbox-2.2.9 release for the 2.2.x branch. As a temporary work-around, the m_help.so and m_links.so modules can be unloaded until the IRCD itself is upgraded. Note that the 2.2.x branch of ircd-ratbox is expected to be deprecated within the not too distant future. Admins wishing to keep up-to-date with developments may wish to consider moving to ratbox-3 (irc/ircd-ratbox-devel). >How-To-Repeat: >Fix: --- ircd-ratbox-2.2.9.diff begins here --- diff -ruN ircd-ratbox.orig/Makefile ircd-ratbox/Makefile --- ircd-ratbox.orig/Makefile 2010-01-25 21:13:14.000000000 +0000 +++ ircd-ratbox/Makefile 2010-01-26 01:34:07.000000000 +0000 @@ -7,20 +7,20 @@ # ex: ts=8 PORTNAME= ircd-ratbox -PORTVERSION= 2.2.8 +PORTVERSION= 2.2.9 CATEGORIES= irc ipv6 MASTER_SITES= ftp://ftp.ircd-ratbox.org/pub/ircd-ratbox/ \ ftp://ftp.demon.co.uk/pub/mirrors/ircd-ratbox/ \ http://www.ircd-ratbox.org/download/ \ ftp://ftp.parodius.com/pub/ircd-ratbox/ \ http://www.ircd-ratbox.org/download/old/ -EXTRACT_SUFX= .tgz MAINTAINER= moggie@elasticmind.net COMMENT= An advanced, stable IRC daemon, used on many EFnet servers CONFLICTS= ircd-ratbox-devel-[0-9]* +USE_BZIP2= yes MAN8= ircd.8 USE_RC_SUBR= ircd-ratbox.sh USE_PERL5_BUILD= yes @@ -124,10 +124,10 @@ @${ECHO_MSG} "Press CTRL+C now if you wish to set them." @${ECHO_MSG} "" -post-patch: +pre-build: @${REINPLACE_CMD} -e "s#-O2##" ${WRKSRC}/configure - @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \ - ${WRKSRC}/doc/example.conf \ + @${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g" \ + ${WRKSRC}/doc/example.conf \ ${WRKSRC}/doc/example.efnet.conf @${REINPLACE_CMD} -e "s#%%LOGDIR%%#${LOGDIR}#g" \ ${WRKSRC}/doc/example.conf \ @@ -174,7 +174,8 @@ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -#-- execute ircd-shortcut perl script to generate the .c file. ----- +#------ Execute ircd-shortcut perl script to generate the .c file. ----- + @${ECHO_MSG} "Executing ircd-shortcut.pl for ircd-shortcuts generation." ${PERL} ${WRKSRC}/contrib/ircd-shortcut.pl pre-su-install: diff -ruN ircd-ratbox.orig/distinfo ircd-ratbox/distinfo --- ircd-ratbox.orig/distinfo 2010-01-25 21:13:14.000000000 +0000 +++ ircd-ratbox/distinfo 2010-01-25 21:19:06.000000000 +0000 @@ -1,3 +1,3 @@ -MD5 (ircd-ratbox-2.2.8.tgz) = d4cccf7dd1523e362b5c38c1a20884e2 -SHA256 (ircd-ratbox-2.2.8.tgz) = f5d53e4821437f7d196af6a89f44edc2a1c39afed33a640c42c99f4f76c7b787 -SIZE (ircd-ratbox-2.2.8.tgz) = 730097 +MD5 (ircd-ratbox-2.2.9.tar.bz2) = 8f280d65ed6f246499944e6f00e4dcf6 +SHA256 (ircd-ratbox-2.2.9.tar.bz2) = 8586f1cbc8f4633603fef6ecc587e917ecf7e868d8c068e259ceadfab274449a +SIZE (ircd-ratbox-2.2.9.tar.bz2) = 578844 --- ircd-ratbox-2.2.9.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: