24710031 Update irssi to version 0.8.20
authorRich Burridge <rich.burridge@oracle.com>
Fri, 30 Sep 2016 14:07:25 -0700
changeset 7009 5679650830e7
parent 7008 a33a24a8fc91
child 7011 10c58c99afd6
24710031 Update irssi to version 0.8.20 24710004 problem in UTILITY/IRSSI 24735696 problem in UTILITY/IRSSI
components/irssi/Makefile
components/irssi/irssi.p5m
components/irssi/patches/02-CVE-2016-7553.patch
--- a/components/irssi/Makefile	Fri Sep 30 21:38:41 2016 +0100
+++ b/components/irssi/Makefile	Fri Sep 30 14:07:25 2016 -0700
@@ -26,14 +26,14 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=         irssi
-COMPONENT_VERSION=	0.8.19
+COMPONENT_VERSION=	0.8.20
 COMPONENT_PROJECT_URL=	https://irssi.org/
 COMPONENT_ARCHIVE=      $(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=\
-	sha256:fe4f4b778698de8e1c319b9cd9b9ed5534f0ece7ac2bfa0af351a3157c6ec85b
+    sha256:f5e20f76aa8237303c463e08adb3a3e3a400a24ba95acf73e9b068d634173f66
 COMPONENT_ARCHIVE_URL=	https://github.com/irssi/irssi/releases/download/$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE)
 
-TPNO=		28118
+TPNO=		31831
 
 TEST_TARGET= $(NO_TESTS)
 include $(WS_MAKE_RULES)/common.mk
--- a/components/irssi/irssi.p5m	Fri Sep 30 21:38:41 2016 +0100
+++ b/components/irssi/irssi.p5m	Fri Sep 30 14:07:25 2016 -0700
@@ -259,8 +259,10 @@
 file path=usr/share/irssi/help/script
 file path=usr/share/irssi/help/scrollback
 file path=usr/share/irssi/help/server
+file path=usr/share/irssi/help/servlist
 file path=usr/share/irssi/help/set
 file path=usr/share/irssi/help/silence
+file path=usr/share/irssi/help/squery
 file path=usr/share/irssi/help/squit
 file path=usr/share/irssi/help/stats
 file path=usr/share/irssi/help/statusbar
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/irssi/patches/02-CVE-2016-7553.patch	Fri Sep 30 14:07:25 2016 -0700
@@ -0,0 +1,110 @@
+Fix Irssi Security Advisory CVE-2016-7553
+
+See:
+  https://irssi.org/2016/09/22/buf.pl-update/
+  https://bugs.debian.org/838762
+for more details.
+
+Upstream fix at:
+  https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
+
+--- irssi-0.8.20/scripts/buf.pl.orig	2016-09-26 07:11:00.851577101 +0000
++++ irssi-0.8.20/scripts/buf.pl	2016-09-26 07:09:56.469539888 +0000
[email protected]@ -5,7 +5,7 @@
+              settings_get_str settings_get_bool channels windows
+ 	     settings_add_str settings_add_bool get_irssi_dir
+ 	     window_find_refnum signal_stop);
+-$VERSION = '2.13';
++$VERSION = '2.20';
+ %IRSSI = (
+     authors	=> 'Juerd',
+     contact	=> '[email protected]',
[email protected]@ -13,10 +13,8 @@
+     description	=> 'Saves the buffer for /upgrade, so that no information is lost',
+     license	=> 'Public Domain',
+     url		=> 'http://juerd.nl/irssi/',
+-    changed	=> 'Mon May 13 19:41 CET 2002',
+-    changes	=> 'Severe formatting bug removed * oops, I ' .
+-                   'exposed Irssi to ircII foolishness * sorry ' .
+-		   '** removed logging stuff (this is a fix)',
++    changed	=> 'Thu Sep 22 01:37 CEST 2016',
++    changes	=> 'Fixed file permissions (leaked everything via filesystem)',
+     note1	=> 'This script HAS TO BE in your scripts/autorun!',
+     note2	=> 'Perl support must be static or in startup',
+ );
[email protected]@ -39,9 +37,15 @@
+ 
+ my %suppress;
+ 
++sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir }
++
+ sub upgrade {
+-    open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+-    print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
++    my $fn = _filename;
++    my $old_umask = umask 0077;
++    open my $fh, q{>}, $fn or die "open $fn: $!";
++    umask $old_umask;
++
++    print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
+     for my $window (windows) {
+ 	next unless defined $window;
+ 	next if $window->{name} eq 'status';
[email protected]@ -57,36 +61,39 @@
+ 		redo if defined $line;
+ 	    }
+ 	}
+-	printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf;
++	printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf;
+     }
+-    close BUF;
++    close $fh;
+     unlink sprintf("%s/sessionconfig", get_irssi_dir);
+     command 'layout save';
+     command 'save';
+ }
+ 
+ sub restore {
+-    open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+-    my @suppress = split /\0/, <BUF>;
++    my $fn = _filename;
++    open my $fh, q{<}, $fn or die "open $fn: $!";
++    unlink $fn or warn "unlink $fn: $!";
++
++    my @suppress = split /\0/, readline $fh;
+     if (settings_get_bool 'upgrade_suppress_join') {
+ 	chomp $suppress[-1];
+ 	@suppress{@suppress} = (2) x @suppress;
+     }
+     active_win->command('^window scroll off');
+-    while (my $bla = <BUF>){
++    while (my $bla = readline $fh){
+ 	chomp $bla;
+ 	my ($refnum, $lines) = split /:/, $bla;
+ 	next unless $lines;
+ 	my $window = window_find_refnum $refnum;
+ 	unless (defined $window){
+-	    <BUF> for 1..$lines;
++	    readline $fh for 1..$lines;
+ 	    next;
+ 	}
+ 	my $view = $window->view;
+ 	$view->remove_all_lines();
+ 	$view->redraw();
+ 	my $buf = '';
+-	$buf .= <BUF> for 1..$lines;
++	$buf .= readline $fh for 1..$lines;
+ 	my $sep = settings_get_str 'upgrade_separator';
+ 	$sep .= "\n" if $sep ne '';
+ 	$window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep");
[email protected]@ -119,3 +126,10 @@
+ unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) {
+     Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!');
+ }
++
++# Remove any left-over file. If 'session' doesn't exist (created by irssi
++# during /UPGRADE), neither should our file.
++unless (-e sprintf('%s/session', get_irssi_dir)) {
++    my $fn = _filename;
++    unlink $fn or warn "unlink $fn: $!" if -e $fn;
++}