Date: Wed, 20 May 2009 15:33:14 +0400 (MSD) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/134748: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash Message-ID: <20090520113314.AB94BDA81E@void.codelabs.ru> Resent-Message-ID: <200905201140.n4KBe1bI004717@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 134748 >Category: ports >Synopsis: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 20 11:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.2-STABLE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.2-STABLE amd64 >Description: There is remote crash in eggdrop >= 1.6.19 < 1.6.19+ctcpfix: [1], [2]. >How-To-Repeat: [1] http://www.eggheads.org/news/2009/05/14/35 [2] http://www.securityfocus.com/archive/1/503574/30/30/threaded >Fix: The following patch adds upstream fix to the FreeBSD port. Patched port compiles fine, but I can't test its actual operations because of lack of the IRC stuff at hand, sorry. --- 1.6.19-apply-ctcpfix.diff begins here --- >From 5457a18e9144e3194d3f6a21cff837cf7e76aa54 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Date: Wed, 20 May 2009 15:18:20 +0400 ...and thus fix remote crash possibility. Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> --- irc/eggdrop/Makefile | 10 ++++++---- irc/eggdrop/distinfo | 3 +++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/irc/eggdrop/Makefile b/irc/eggdrop/Makefile index 7c20798..9da4602 100644 --- a/irc/eggdrop/Makefile +++ b/irc/eggdrop/Makefile @@ -7,15 +7,17 @@ PORTNAME= eggdrop PORTVERSION= 1.6.19 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= irc MASTER_SITES= ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/ \ LOCAL/beech DISTNAME= ${PORTNAME}${PORTVERSION} -PATCHFILES= ${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz -PATCH_SITES= http://www.egghelp.org/files/patches/ \ - LOCAL/beech +PATCHFILES= ${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz:ssl \ + eggdrop1.6.19+ctcpfix.patch.gz:ctcpfix +PATCH_SITES= http://www.egghelp.org/files/patches/:ssl \ + LOCAL/beech:ssl \ + ftp://ftp.eggheads.org/pub/eggdrop/patches/official/1.6/:ctcpfix MAINTAINER= beech@FreeBSD.org COMMENT= The most popular open source Internet Relay Chat bot diff --git a/irc/eggdrop/distinfo b/irc/eggdrop/distinfo index e3e062b..1b379ee 100644 --- a/irc/eggdrop/distinfo +++ b/irc/eggdrop/distinfo @@ -4,3 +4,6 @@ SIZE (eggdrop1.6.19.tar.bz2) = 811072 MD5 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 6d477d54e16afff3215b9b53e34a0521 SHA256 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 94b06c392da5f13c04cc1d3e87b52e3c2ed9af8ba58cf360f121bb0a06f49ce3 SIZE (eggdrop-1.6.19-ssl-rootie.patch.gz) = 9285 +MD5 (eggdrop1.6.19+ctcpfix.patch.gz) = 86d159a5e3460ec8fb30cb1a27a32acc +SHA256 (eggdrop1.6.19+ctcpfix.patch.gz) = 2f01f00692c29fb9568721d80cf38289031a09bc15d2fac483ad16aec4b788a7 +SIZE (eggdrop1.6.19+ctcpfix.patch.gz) = 666 -- 1.6.3.1 --- 1.6.19-apply-ctcpfix.diff ends here --- The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid="22876fd9-4530-11de-9b62-0022156e8794"> <topic>eggdrop -- remote crash</topic> <affects> <package> <name></name> <range><ge>1.6.19</ge><lt>1.6.19_2</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>SecurityFocus reports:</p> <blockquote cite="http://www.securityfocus.com/bid/34985/discuss">; <p>Eggdrop is prone to a remote denial-of-service vulnerability because it fails to adequately validate user-supplied input.</p> <p>An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition.</p> </blockquote> </body> </description> <references> <bid>34985</bid> <url>http://www.securityfocus.com/archive/1/503574/30/30/threaded</url>; <url>http://www.eggheads.org/news/2009/05/14/35</url>; </references> <dates> <discovery>2009-05-20</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090520113314.AB94BDA81E>