rpms/eggdrop/F-10 eggdrop-1.6.19-ctcpfix.patch, NONE, 1.1 eggdrop.spec, 1.20, 1.21

Robert Scheck robert at fedoraproject.org
Tue May 26 20:40:42 UTC 2009


Author: robert

Update of /cvs/extras/rpms/eggdrop/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32127/F-10

Modified Files:
	eggdrop.spec 
Added Files:
	eggdrop-1.6.19-ctcpfix.patch 
Log Message:
Added upstream ctcpfix to solve CVE-2009-1789 (#502650)


eggdrop-1.6.19-ctcpfix.patch:

--- NEW FILE eggdrop-1.6.19-ctcpfix.patch ---
Patch by Eggheads team: mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19
and earlier allows remote attackers to cause a denial of service (crash) via a crafted
PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this
issue exists because of an incorrect fix for CVE-2007-2807.

Further information:
 - https://bugzilla.redhat.com/show_bug.cgi?id=502650
 - http://secunia.com/advisories/35104
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807

--- eggdrop1.6.19/doc/UPDATES1.6			2008-04-19 06:23:06.000000000 +0200
+++ eggdrop1.6.19/doc/UPDATES1.6.ctcpfix		2009-05-15 04:27:58.000000000 +0200
@@ -10,6 +10,11 @@
 
     ftp://ftp.eggheads.org/pub/eggdrop/UPDATES/
 
+  1.6.19+ctcpfix (14 May 2009):
+    - Fixed another bug in the CTCP parsing code introduced by the servmsg.c
+      buffer overflow patch in 1.6.19.
+    * Patch by: thommey
+
 
   1.6.19 (18 April 2008):
     - Update the recommended TCL version to 8.5
--- eggdrop1.6.19/src/mod/server.mod/servmsg.c		2008-02-16 22:41:10.000000000 +0100
+++ eggdrop1.6.19/src/mod/server.mod/servmsg.c.ctcpfix	2009-05-15 04:27:58.000000000 +0200
@@ -488,9 +488,9 @@
       *p = 0;
       strncpyz(ctcpbuf, p1, sizeof(ctcpbuf));
       ctcp = ctcpbuf;
-      /* copy the part after the second : in front of it after
-       * the first :, this is temporary copied to ctcpbuf */
-      strncpy(p1 - 1, p + 1, strlen(ctcpbuf) - 1);
+
+      /* remove the ctcp in msg */
+      memmove(p1 - 1, p + 1, strlen(p + 1) + 1);
 
       if (!ignoring)
         detect_flood(nick, uhost, from,
--- eggdrop1.6.19/src/patch.h				2008-04-19 06:21:20.000000000 +0200
+++ eggdrop1.6.19/src/patch.h.ctcpfix			2009-05-15 04:27:58.000000000 +0200
@@ -36,7 +36,7 @@
  *
  *
  */
-/* PATCH GOES HERE */
+patch("ctcpfix");
 /*
  *
  *


Index: eggdrop.spec
===================================================================
RCS file: /cvs/extras/rpms/eggdrop/F-10/eggdrop.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- eggdrop.spec	30 Aug 2008 12:38:01 -0000	1.20
+++ eggdrop.spec	26 May 2009 20:40:11 -0000	1.21
@@ -1,7 +1,7 @@
 Summary:	The world's most popular Open Source IRC bot
 Name:		eggdrop
 Version:	1.6.19
-Release:	2%{?dist}
+Release:	4%{?dist}
 License:	GPLv2+
 Group:		Applications/Communications
 URL:		http://www.eggheads.org/
@@ -10,6 +10,7 @@ Patch0:		eggdrop-1.6.19-conf.patch
 Patch1:		eggdrop-1.6.17-langdir.patch
 Patch2:		eggdrop-1.6.19-no_libdns.patch
 Patch3:		eggdrop-1.6.18-suzi_sp0007.patch
+Patch4:		eggdrop-1.6.19-ctcpfix.patch
 BuildRequires:	tcl-devel >= 8.3, zlib-devel, autoconf
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -25,6 +26,7 @@ able to form botnets, share partylines a
 %patch1 -p1 -b .langdir
 %patch2 -p1 -b .no_libdns
 %patch3 -p1 -b .suzi_sp0007
+%patch4 -p1 -b .ctcpfix
 autoconf
 
 %build
@@ -34,7 +36,7 @@ make %{_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make DEST=$RPM_BUILD_ROOT%{_datadir}/%{name} install
+make DEST=$RPM_BUILD_ROOT%{_datadir}/%{name} INSTALL='install -p' install
 
 rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/{README,doc,eggdrop*,filesys,logs,modules}
 install -D -m 755 %{name} $RPM_BUILD_ROOT%{_bindir}/%{name}
@@ -46,14 +48,16 @@ mv -f $RPM_BUILD_ROOT%{_datadir}/%{name}
 
 # Documentation cleanups
 find doc -name "Makefile*" -exec rm {} \;
-mv doc/html .
-rm -rf doc/man1
+mv doc/html . ; rm -rf doc/man1
 chmod -x doc/WEIRD-MESSAGES eggdrop.conf src/mod/transfer.mod/*.c
 
 # Convert everything to UTF-8
 iconv -f iso-8859-1 -t utf-8 -o doc/KNOWN-PROBLEMS.utf8 doc/KNOWN-PROBLEMS
+touch -c -r doc/KNOWN-PROBLEMS doc/KNOWN-PROBLEMS.utf8
 mv -f doc/KNOWN-PROBLEMS.utf8 doc/KNOWN-PROBLEMS
+
 iconv -f iso-8859-1 -t utf-8 -o doc/UPDATES1.6.utf8 doc/UPDATES1.6
+touch -c -r doc/UPDATES1.6 doc/UPDATES1.6.utf8
 mv -f doc/UPDATES1.6.utf8 doc/UPDATES1.6
 
 # Fix paths of example eggdrop.conf
@@ -73,6 +77,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man?/*
 
 %changelog
+* Tue May 26 2009 Robert Scheck <robert at fedoraproject.org> 1.6.19-4
+- Added upstream ctcpfix to solve CVE-2009-1789 (#502650)
+
+* Mon Feb 23 2009 Robert Scheck <robert at fedoraproject.org> 1.6.19-3
+- Rebuild for gcc 4.4 and rpm 4.6
+
 * Sat Aug 30 2008 Robert Scheck <robert at fedoraproject.org> 1.6.19-2
 - Re-diffed eggdrop configuration patch for no fuzz
 




More information about the fedora-extras-commits mailing list