# HG changeset patch # User Rich Burridge # Date 1485981997 28800 # Node ID 6571f4c52a4ae189317a89bdd111245da839a930 # Parent a1bbaa35d1baea4c24764485bc46c332d27d81aa 25353371 Update irssi to version 0.8.21 25353359 problem in UTILITY/IRSSI diff -r a1bbaa35d1ba -r 6571f4c52a4a components/irssi/Makefile --- a/components/irssi/Makefile Tue Jan 31 11:21:23 2017 -0800 +++ b/components/irssi/Makefile Wed Feb 01 12:46:37 2017 -0800 @@ -20,20 +20,20 @@ # # -# Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. # BUILD_BITS= 64 include ../../make-rules/shared-macros.mk COMPONENT_NAME= irssi -COMPONENT_VERSION= 0.8.20 +COMPONENT_VERSION= 0.8.21 COMPONENT_PROJECT_URL= https://irssi.org/ COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH=\ - sha256:f5e20f76aa8237303c463e08adb3a3e3a400a24ba95acf73e9b068d634173f66 + sha256:42c1a35a70b51fecc0d46bc1af0a922ec8ca9ed812d73004b083fe069b62aa3b COMPONENT_ARCHIVE_URL= https://github.com/irssi/irssi/releases/download/$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE) -TPNO= 31831 +TPNO= 33225 TEST_TARGET= $(NO_TESTS) include $(WS_MAKE_RULES)/common.mk diff -r a1bbaa35d1ba -r 6571f4c52a4a components/irssi/patches/02-CVE-2016-7553.patch --- a/components/irssi/patches/02-CVE-2016-7553.patch Tue Jan 31 11:21:23 2017 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,110 +0,0 @@ -Fix Irssi Security Advisory CVE-2016-7553 - -See: - https://irssi.org/2016/09/22/buf.pl-update/ - https://bugs.debian.org/838762 -for more details. - -Upstream fix at: - https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a - ---- irssi-0.8.20/scripts/buf.pl.orig 2016-09-26 07:11:00.851577101 +0000 -+++ irssi-0.8.20/scripts/buf.pl 2016-09-26 07:09:56.469539888 +0000 -@@ -5,7 +5,7 @@ - settings_get_str settings_get_bool channels windows - settings_add_str settings_add_bool get_irssi_dir - window_find_refnum signal_stop); --$VERSION = '2.13'; -+$VERSION = '2.20'; - %IRSSI = ( - authors => 'Juerd', - contact => 'juerd@juerd.nl', -@@ -13,10 +13,8 @@ - description => 'Saves the buffer for /upgrade, so that no information is lost', - license => 'Public Domain', - url => 'http://juerd.nl/irssi/', -- changed => 'Mon May 13 19:41 CET 2002', -- changes => 'Severe formatting bug removed * oops, I ' . -- 'exposed Irssi to ircII foolishness * sorry ' . -- '** removed logging stuff (this is a fix)', -+ changed => 'Thu Sep 22 01:37 CEST 2016', -+ changes => 'Fixed file permissions (leaked everything via filesystem)', - note1 => 'This script HAS TO BE in your scripts/autorun!', - note2 => 'Perl support must be static or in startup', - ); -@@ -39,9 +37,15 @@ - - my %suppress; - -+sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir } -+ - sub upgrade { -- open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; -- print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; -+ my $fn = _filename; -+ my $old_umask = umask 0077; -+ open my $fh, q{>}, $fn or die "open $fn: $!"; -+ umask $old_umask; -+ -+ print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; - for my $window (windows) { - next unless defined $window; - next if $window->{name} eq 'status'; -@@ -57,36 +61,39 @@ - redo if defined $line; - } - } -- printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf; -+ printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf; - } -- close BUF; -+ close $fh; - unlink sprintf("%s/sessionconfig", get_irssi_dir); - command 'layout save'; - command 'save'; - } - - sub restore { -- open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; -- my @suppress = split /\0/, ; -+ my $fn = _filename; -+ open my $fh, q{<}, $fn or die "open $fn: $!"; -+ unlink $fn or warn "unlink $fn: $!"; -+ -+ my @suppress = split /\0/, readline $fh; - if (settings_get_bool 'upgrade_suppress_join') { - chomp $suppress[-1]; - @suppress{@suppress} = (2) x @suppress; - } - active_win->command('^window scroll off'); -- while (my $bla = ){ -+ while (my $bla = readline $fh){ - chomp $bla; - my ($refnum, $lines) = split /:/, $bla; - next unless $lines; - my $window = window_find_refnum $refnum; - unless (defined $window){ -- for 1..$lines; -+ readline $fh for 1..$lines; - next; - } - my $view = $window->view; - $view->remove_all_lines(); - $view->redraw(); - my $buf = ''; -- $buf .= for 1..$lines; -+ $buf .= readline $fh for 1..$lines; - my $sep = settings_get_str 'upgrade_separator'; - $sep .= "\n" if $sep ne ''; - $window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep"); -@@ -119,3 +126,10 @@ - unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) { - Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!'); - } -+ -+# Remove any left-over file. If 'session' doesn't exist (created by irssi -+# during /UPGRADE), neither should our file. -+unless (-e sprintf('%s/session', get_irssi_dir)) { -+ my $fn = _filename; -+ unlink $fn or warn "unlink $fn: $!" if -e $fn; -+}