ports/143242: [maintainer-update|patch] irc/ircd-ratbox: Security fix release

Tue Jan 26 03:30:09 UTC 2010

>Number:         143242
>Category:       ports
>Synopsis:       [maintainer-update|patch] irc/ircd-ratbox: Security fix release
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 26 03:30:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     moggie
>Release:        FreeBSD 7.2-RELEASE-p5 amd64
>Organization:
>Environment:
System: FreeBSD 7.2-RELEASE-p5 FreeBSD 7.2-RELEASE-p5 #0: Thu Dec 3 18:59:41 GMT 2009 amd64

	
>Description:
Two vulnerabilities have been discovered in the 2.2.x branch of ratbox:

o The first affects the '/quote HELP' module and allows a user to trigger an IRCD crash on some platforms.
o The second affects the '/links' processing module when the flatten_links configuration option is not enabled.

Both of these issues have been corrected in the most recent ircd-ratbox-2.2.9 release for the 2.2.x branch. As a temporary work-around, the m_help.so and m_links.so modules can be unloaded until the IRCD itself is upgraded.

Note that the 2.2.x branch of ircd-ratbox is expected to be deprecated within the not too distant future. Admins wishing to keep up-to-date with developments may wish to consider moving to ratbox-3 (irc/ircd-ratbox-devel).

	
>How-To-Repeat:
	
>Fix:

--- ircd-ratbox-2.2.9.diff begins here ---
diff -ruN ircd-ratbox.orig/Makefile ircd-ratbox/Makefile
--- ircd-ratbox.orig/Makefile	2010-01-25 21:13:14.000000000 +0000
+++ ircd-ratbox/Makefile	2010-01-26 01:34:07.000000000 +0000
@@ -7,20 +7,20 @@
 # ex: ts=8
 
 PORTNAME=	ircd-ratbox
-PORTVERSION=	2.2.8
+PORTVERSION=	2.2.9
 CATEGORIES=	irc ipv6
 MASTER_SITES=	ftp://ftp.ircd-ratbox.org/pub/ircd-ratbox/		\
 		ftp://ftp.demon.co.uk/pub/mirrors/ircd-ratbox/		\
 		http://www.ircd-ratbox.org/download/			\
 		ftp://ftp.parodius.com/pub/ircd-ratbox/			\
 		http://www.ircd-ratbox.org/download/old/
-EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	moggie at elasticmind.net
 COMMENT=	An advanced, stable IRC daemon, used on many EFnet servers
 
 CONFLICTS=	ircd-ratbox-devel-[0-9]*
 
+USE_BZIP2=	yes
 MAN8=		ircd.8
 USE_RC_SUBR=	ircd-ratbox.sh
 USE_PERL5_BUILD=	yes
@@ -124,10 +124,10 @@
 	@${ECHO_MSG} "Press CTRL+C now if you wish to set them."
 	@${ECHO_MSG} ""
 
-post-patch:
+pre-build:
 	@${REINPLACE_CMD} -e "s#-O2##" ${WRKSRC}/configure
-	@${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g"		  \
-			${WRKSRC}/doc/example.conf		  \
+	@${REINPLACE_CMD} -e "s#%%PREFIX%%#${PREFIX}#g"		\
+			${WRKSRC}/doc/example.conf		\
 			${WRKSRC}/doc/example.efnet.conf
 	@${REINPLACE_CMD} -e "s#%%LOGDIR%%#${LOGDIR}#g"		\
 				${WRKSRC}/doc/example.conf	\
@@ -174,7 +174,8 @@
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
 
-#-- execute ircd-shortcut perl script to generate the .c file. -----
+#------ Execute ircd-shortcut perl script to generate the .c file. -----
+	@${ECHO_MSG} "Executing ircd-shortcut.pl for ircd-shortcuts generation."
 	${PERL} ${WRKSRC}/contrib/ircd-shortcut.pl
 
 pre-su-install:
diff -ruN ircd-ratbox.orig/distinfo ircd-ratbox/distinfo
--- ircd-ratbox.orig/distinfo	2010-01-25 21:13:14.000000000 +0000
+++ ircd-ratbox/distinfo	2010-01-25 21:19:06.000000000 +0000
@@ -1,3 +1,3 @@
-MD5 (ircd-ratbox-2.2.8.tgz) = d4cccf7dd1523e362b5c38c1a20884e2
-SHA256 (ircd-ratbox-2.2.8.tgz) = f5d53e4821437f7d196af6a89f44edc2a1c39afed33a640c42c99f4f76c7b787
-SIZE (ircd-ratbox-2.2.8.tgz) = 730097
+MD5 (ircd-ratbox-2.2.9.tar.bz2) = 8f280d65ed6f246499944e6f00e4dcf6
+SHA256 (ircd-ratbox-2.2.9.tar.bz2) = 8586f1cbc8f4633603fef6ecc587e917ecf7e868d8c068e259ceadfab274449a
+SIZE (ircd-ratbox-2.2.9.tar.bz2) = 578844
--- ircd-ratbox-2.2.9.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

