From owner-freebsd-ports-bugs@FreeBSD.ORG Wed May 20 11:40:01 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CDA691065675; Wed, 20 May 2009 11:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A86D38FC19; Wed, 20 May 2009 11:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4KBe1Wj004718; Wed, 20 May 2009 11:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4KBe1bI004717; Wed, 20 May 2009 11:40:01 GMT (envelope-from gnats) Resent-Date: Wed, 20 May 2009 11:40:01 GMT Resent-Message-Id: <200905201140.n4KBe1bI004717@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@freebsd.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: beech@freebsd.org, miwi@freebsd.org Resent-Reply-To: FreeBSD-gnats-submit@freebsd.org, Eygene Ryabinkin Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C2291065679 for ; Wed, 20 May 2009 11:33:17 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id AFA428FC1A for ; Wed, 20 May 2009 11:33:16 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1M6k2s-000K1I-PN for FreeBSD-gnats-submit@freebsd.org; Wed, 20 May 2009 15:33:14 +0400 Message-Id: <20090520113314.AB94BDA81E@void.codelabs.ru> Date: Wed, 20 May 2009 15:33:14 +0400 (MSD) From: Eygene Ryabinkin To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: beech@freebsd.org, miwi@freebsd.org Cc: Subject: ports/134748: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 11:40:02 -0000 >Number: 134748 >Category: ports >Synopsis: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 20 11:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eygene Ryabinkin >Release: FreeBSD 7.2-STABLE amd64 >Organization: Code Labs >Environment: System: FreeBSD 7.2-STABLE amd64 >Description: There is remote crash in eggdrop >= 1.6.19 < 1.6.19+ctcpfix: [1], [2]. >How-To-Repeat: [1] http://www.eggheads.org/news/2009/05/14/35 [2] http://www.securityfocus.com/archive/1/503574/30/30/threaded >Fix: The following patch adds upstream fix to the FreeBSD port. Patched port compiles fine, but I can't test its actual operations because of lack of the IRC stuff at hand, sorry. --- 1.6.19-apply-ctcpfix.diff begins here --- >From 5457a18e9144e3194d3f6a21cff837cf7e76aa54 Mon Sep 17 00:00:00 2001 From: Eygene Ryabinkin Date: Wed, 20 May 2009 15:18:20 +0400 ...and thus fix remote crash possibility. Signed-off-by: Eygene Ryabinkin --- irc/eggdrop/Makefile | 10 ++++++---- irc/eggdrop/distinfo | 3 +++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/irc/eggdrop/Makefile b/irc/eggdrop/Makefile index 7c20798..9da4602 100644 --- a/irc/eggdrop/Makefile +++ b/irc/eggdrop/Makefile @@ -7,15 +7,17 @@ PORTNAME= eggdrop PORTVERSION= 1.6.19 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= irc MASTER_SITES= ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/ \ LOCAL/beech DISTNAME= ${PORTNAME}${PORTVERSION} -PATCHFILES= ${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz -PATCH_SITES= http://www.egghelp.org/files/patches/ \ - LOCAL/beech +PATCHFILES= ${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz:ssl \ + eggdrop1.6.19+ctcpfix.patch.gz:ctcpfix +PATCH_SITES= http://www.egghelp.org/files/patches/:ssl \ + LOCAL/beech:ssl \ + ftp://ftp.eggheads.org/pub/eggdrop/patches/official/1.6/:ctcpfix MAINTAINER= beech@FreeBSD.org COMMENT= The most popular open source Internet Relay Chat bot diff --git a/irc/eggdrop/distinfo b/irc/eggdrop/distinfo index e3e062b..1b379ee 100644 --- a/irc/eggdrop/distinfo +++ b/irc/eggdrop/distinfo @@ -4,3 +4,6 @@ SIZE (eggdrop1.6.19.tar.bz2) = 811072 MD5 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 6d477d54e16afff3215b9b53e34a0521 SHA256 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 94b06c392da5f13c04cc1d3e87b52e3c2ed9af8ba58cf360f121bb0a06f49ce3 SIZE (eggdrop-1.6.19-ssl-rootie.patch.gz) = 9285 +MD5 (eggdrop1.6.19+ctcpfix.patch.gz) = 86d159a5e3460ec8fb30cb1a27a32acc +SHA256 (eggdrop1.6.19+ctcpfix.patch.gz) = 2f01f00692c29fb9568721d80cf38289031a09bc15d2fac483ad16aec4b788a7 +SIZE (eggdrop1.6.19+ctcpfix.patch.gz) = 666 -- 1.6.3.1 --- 1.6.19-apply-ctcpfix.diff ends here --- The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- eggdrop -- remote crash 1.6.191.6.19_2

SecurityFocus reports:

Eggdrop is prone to a remote denial-of-service vulnerability because it fails to adequately validate user-supplied input.

An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition.

 34985 http://www.securityfocus.com/archive/1/503574/30/30/threaded http://www.eggheads.org/news/2009/05/14/35 2009-05-20 TODAY --- vuln.xml ends here --- >Release-Note: >Audit-Trail: >Unformatted: