rpms/eggdrop/F-11 eggdrop-1.6.19-ctcpfix.patch, NONE, 1.1 eggdrop.spec, 1.22, 1.23

Tue May 26 20:40:42 UTC 2009

Author: robert

Update of /cvs/extras/rpms/eggdrop/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32127/F-11

Modified Files:
	eggdrop.spec 
Added Files:
	eggdrop-1.6.19-ctcpfix.patch 
Log Message:
Added upstream ctcpfix to solve CVE-2009-1789 (#502650)


eggdrop-1.6.19-ctcpfix.patch:

--- NEW FILE eggdrop-1.6.19-ctcpfix.patch ---
Patch by Eggheads team: mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19
and earlier allows remote attackers to cause a denial of service (crash) via a crafted
PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this
issue exists because of an incorrect fix for CVE-2007-2807.

Further information:
 - https://bugzilla.redhat.com/show_bug.cgi?id=502650
 - http://secunia.com/advisories/35104
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807

--- eggdrop1.6.19/doc/UPDATES1.6			2008-04-19 06:23:06.000000000 +0200
+++ eggdrop1.6.19/doc/UPDATES1.6.ctcpfix		2009-05-15 04:27:58.000000000 +0200
@@ -10,6 +10,11 @@
 
     ftp://ftp.eggheads.org/pub/eggdrop/UPDATES/
 
+  1.6.19+ctcpfix (14 May 2009):
+    - Fixed another bug in the CTCP parsing code introduced by the servmsg.c
+      buffer overflow patch in 1.6.19.
+    * Patch by: thommey
+
 
   1.6.19 (18 April 2008):
     - Update the recommended TCL version to 8.5
--- eggdrop1.6.19/src/mod/server.mod/servmsg.c		2008-02-16 22:41:10.000000000 +0100
+++ eggdrop1.6.19/src/mod/server.mod/servmsg.c.ctcpfix	2009-05-15 04:27:58.000000000 +0200
@@ -488,9 +488,9 @@
       *p = 0;
       strncpyz(ctcpbuf, p1, sizeof(ctcpbuf));
       ctcp = ctcpbuf;
-      /* copy the part after the second : in front of it after
-       * the first :, this is temporary copied to ctcpbuf */
-      strncpy(p1 - 1, p + 1, strlen(ctcpbuf) - 1);
+
+      /* remove the ctcp in msg */
+      memmove(p1 - 1, p + 1, strlen(p + 1) + 1);
 
       if (!ignoring)
         detect_flood(nick, uhost, from,
--- eggdrop1.6.19/src/patch.h				2008-04-19 06:21:20.000000000 +0200
+++ eggdrop1.6.19/src/patch.h.ctcpfix			2009-05-15 04:27:58.000000000 +0200
@@ -36,7 +36,7 @@
  *
  *
  */
-/* PATCH GOES HERE */
+patch("ctcpfix");
 /*
  *
  *


Index: eggdrop.spec
===================================================================
RCS file: /cvs/extras/rpms/eggdrop/F-11/eggdrop.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -p -r1.22 -r1.23
--- eggdrop.spec	23 Feb 2009 20:04:06 -0000	1.22
+++ eggdrop.spec	26 May 2009 20:40:12 -0000	1.23
@@ -1,7 +1,7 @@
 Summary:	The world's most popular Open Source IRC bot
 Name:		eggdrop
 Version:	1.6.19
-Release:	3%{?dist}
+Release:	4%{?dist}
 License:	GPLv2+
 Group:		Applications/Communications
 URL:		http://www.eggheads.org/
@@ -10,6 +10,7 @@ Patch0:		eggdrop-1.6.19-conf.patch
 Patch1:		eggdrop-1.6.17-langdir.patch
 Patch2:		eggdrop-1.6.19-no_libdns.patch
 Patch3:		eggdrop-1.6.18-suzi_sp0007.patch
+Patch4:		eggdrop-1.6.19-ctcpfix.patch
 BuildRequires:	tcl-devel >= 8.3, zlib-devel, autoconf
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -25,6 +26,7 @@ able to form botnets, share partylines a
 %patch1 -p1 -b .langdir
 %patch2 -p1 -b .no_libdns
 %patch3 -p1 -b .suzi_sp0007
+%patch4 -p1 -b .ctcpfix
 autoconf
 
 %build
@@ -75,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man?/*
 
 %changelog
+* Tue May 26 2009 Robert Scheck <robert at fedoraproject.org> 1.6.19-4
+- Added upstream ctcpfix to solve CVE-2009-1789 (#502650)
+
 * Mon Feb 23 2009 Robert Scheck <robert at fedoraproject.org> 1.6.19-3
 - Rebuild for gcc 4.4 and rpm 4.6
 


