ports/134748: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Wed May 20 11:40:02 UTC 2009
>Number: 134748
>Category: ports
>Synopsis: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 20 11:40:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.2-STABLE amd64
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.2-STABLE amd64
>Description:
There is remote crash in eggdrop >= 1.6.19 < 1.6.19+ctcpfix: [1], [2].
>How-To-Repeat:
[1] http://www.eggheads.org/news/2009/05/14/35
[2] http://www.securityfocus.com/archive/1/503574/30/30/threaded
>Fix:
The following patch adds upstream fix to the FreeBSD port. Patched port
compiles fine, but I can't test its actual operations because of lack of
the IRC stuff at hand, sorry.
--- 1.6.19-apply-ctcpfix.diff begins here ---
>From 5457a18e9144e3194d3f6a21cff837cf7e76aa54 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
Date: Wed, 20 May 2009 15:18:20 +0400
...and thus fix remote crash possibility.
Signed-off-by: Eygene Ryabinkin <rea-fbsd at codelabs.ru>
---
irc/eggdrop/Makefile | 10 ++++++----
irc/eggdrop/distinfo | 3 +++
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/irc/eggdrop/Makefile b/irc/eggdrop/Makefile
index 7c20798..9da4602 100644
--- a/irc/eggdrop/Makefile
+++ b/irc/eggdrop/Makefile
@@ -7,15 +7,17 @@
PORTNAME= eggdrop
PORTVERSION= 1.6.19
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= irc
MASTER_SITES= ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/ \
LOCAL/beech
DISTNAME= ${PORTNAME}${PORTVERSION}
-PATCHFILES= ${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz
-PATCH_SITES= http://www.egghelp.org/files/patches/ \
- LOCAL/beech
+PATCHFILES= ${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz:ssl \
+ eggdrop1.6.19+ctcpfix.patch.gz:ctcpfix
+PATCH_SITES= http://www.egghelp.org/files/patches/:ssl \
+ LOCAL/beech:ssl \
+ ftp://ftp.eggheads.org/pub/eggdrop/patches/official/1.6/:ctcpfix
MAINTAINER= beech at FreeBSD.org
COMMENT= The most popular open source Internet Relay Chat bot
diff --git a/irc/eggdrop/distinfo b/irc/eggdrop/distinfo
index e3e062b..1b379ee 100644
--- a/irc/eggdrop/distinfo
+++ b/irc/eggdrop/distinfo
@@ -4,3 +4,6 @@ SIZE (eggdrop1.6.19.tar.bz2) = 811072
MD5 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 6d477d54e16afff3215b9b53e34a0521
SHA256 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 94b06c392da5f13c04cc1d3e87b52e3c2ed9af8ba58cf360f121bb0a06f49ce3
SIZE (eggdrop-1.6.19-ssl-rootie.patch.gz) = 9285
+MD5 (eggdrop1.6.19+ctcpfix.patch.gz) = 86d159a5e3460ec8fb30cb1a27a32acc
+SHA256 (eggdrop1.6.19+ctcpfix.patch.gz) = 2f01f00692c29fb9568721d80cf38289031a09bc15d2fac483ad16aec4b788a7
+SIZE (eggdrop1.6.19+ctcpfix.patch.gz) = 666
--
1.6.3.1
--- 1.6.19-apply-ctcpfix.diff ends here ---
The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="22876fd9-4530-11de-9b62-0022156e8794">
<topic>eggdrop -- remote crash</topic>
<affects>
<package>
<name></name>
<range><ge>1.6.19</ge><lt>1.6.19_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote
cite="http://www.securityfocus.com/bid/34985/discuss">
<p>Eggdrop is prone to a remote denial-of-service
vulnerability because it fails to adequately validate
user-supplied input.</p>
<p>An attacker may exploit this issue to crash the
application, resulting in a denial-of-service condition.</p>
</blockquote>
</body>
</description>
<references>
<bid>34985</bid>
<url>http://www.securityfocus.com/archive/1/503574/30/30/threaded</url>
<url>http://www.eggheads.org/news/2009/05/14/35</url>
</references>
<dates>
<discovery>2009-05-20</discovery>
<entry>TODAY</entry>
</dates>
</vuln>
--- vuln.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list