Updated irc/ircd-ratbox to ircd-ratbox-3.0.8 (security update release). A Denial of Service vulnerability has been discovered that impacts ircd-ratbox and its derivatives. Improper assumptions in the server handshake code (CAPAB module) leave the IRCd vulnerable to a remote crash. Versions 2.0.x to 3.0.7 are affected. Admins are advised to upgrade immediately. For further details see: http://www.ratbox.org/ASA-2012-12-31.txt Port changes: - Update for optionsng. - Correct an error preventing the services module from being deinstalled. - Fix a typo during ircd.motd copy.
Responsible Changed From-To: freebsd-ports-bugs->crees I'll take it.
Author: crees Date: Wed Jan 2 12:07:39 2013 New Revision: 309810 URL: http://svnweb.freebsd.org/changeset/ports/309810 Log: Security update to 3.0.8, to fix a remote DoS crash Admins are advised to upgrade immediately. PR: ports/174878 Submitted by: moggie <moggie@elasticmind.net> (maintainer) Security: http://www.ratbox.org/ASA-2012-12-31.txt Modified: head/irc/ircd-ratbox/Makefile head/irc/ircd-ratbox/files/patch-include_config.h head/irc/ircd-ratbox/pkg-plist Modified: head/irc/ircd-ratbox/Makefile ============================================================================== --- head/irc/ircd-ratbox/Makefile Wed Jan 2 10:05:06 2013 (r309809) +++ head/irc/ircd-ratbox/Makefile Wed Jan 2 12:07:39 2013 (r309810) @@ -49,56 +49,61 @@ PORTDOCS= [^i]*.txt README.* technical/[ #-- Options ------------------------------------------------------------ -OPTIONS= OPENSSL "Enable openssl support" on \ - IPV6 "Enable IPv6 support" on \ - ZIPLINKS "Enable ziplinks support" on \ - SHARED_MODULES "Enable shared modules support" on \ - ASSERT "Enable debugging code" off \ - SMALL_NET "Tune server for small networks" off \ - SERVICES "Enable ratbox-services compatibility code" off \ - SHORTCUTS "Build with ircd-shortcut commands" off +OPTIONS_DEFINE= OPENSSL IPV6 ZIPLINKS SHARED_MODS ASSERT SMALL_NET \ + SERVICES SHORTCUTS +OPENSSL_DESC= Support OpenSSL encrypted connections +IPV6_DESC= Enable IPv6 support +ZIPLINKS_DESC= Support compressed server links +SHARED_MODS_DESC= Support shared modules +ASSERT_DESC= Enable debugging code +SMALL_NET_DESC= Tune server internals for small networks +SERVICES_DESC= Enable ratbox-services compatibility code +SHORTCUTS_DESC= Build with ircd-shortcut commands + +OPTIONS_DEFAULT= OPENSSL IPV6 ZIPLINKS SHARED_MODS +OPTIONS_EXCLUDE= NLS EXAMPLES #---------------------------------------------------------------------- -.include <bsd.port.pre.mk> +.include <bsd.port.options.mk> -.if defined(WITH_OPENSSL) -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +.if ${PORT_OPTIONS:MOPENSSL} +WITH_OPENSSL_BASE=yes CONFIGURE_ARGS+= --enable-openssl .else CONFIGURE_ARGS+= --disable-openssl .endif -.if defined(WITHOUT_IPV6) +.if ${PORT_OPTIONS:MIPV6} CONFIGURE_ARGS+= --disable-ipv6 .endif -.if defined(WITHOUT_ZIPLINKS) +.if ${PORT_OPTIONS:MZIPLINKS} CONFIGURE_ARGS+= --disable-zlib .endif -.if defined(WITHOUT_SHARED_MODULES) +.if ${PORT_OPTIONS:MSHARED_MODS} CONFIGURE_ARGS+= --disable-shared-modules .endif -.if defined(WITH_ASSERT) +.if ${PORT_OPTIONS:MASSERT} CONFIGURE_ARGS+= --enable-assert .else CONFIGURE_ARGS+= --disable-assert .endif -.if defined(WITH_SMALL_NET) +.if ${PORT_OPTIONS:MSMALL_NET} CONFIGURE_ARGS+= --enable-small-net .endif -.if defined(WITH_SERVICES) +.if ${PORT_OPTIONS:MSERVICES} CONFIGURE_ARGS+= --enable-services PLIST_SUB+= SERVICES="" .else PLIST_SUB+= SERVICES="@comment " .endif -.if defined(WITH_SHORTCUTS) +.if ${PORT_OPTIONS:MSHORTCUTS} USE_PERL5_BUILD= yes PLIST_SUB+= SHORTCUTS="" .else @@ -107,7 +112,7 @@ PLIST_SUB+= SHORTCUTS="@comment " #-- User Configuration ------------------------------------------------- -.if defined(NICKLEN) +.if !empty(NICKLEN) CONFIGURE_ARGS+= --with-nicklen=${NICKLEN} .endif @@ -148,45 +153,45 @@ pre-build: #-- ircd-shortcut.pl ratbox-services commands -------------------------------------- -.if defined(SERVER_NAME) +.if !empty(SERVER_NAME) @${REINPLACE_CMD} -e "s#services.ircd-ratbox.org#${SERVER_NAME}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(USER_SERV) +.if !empty(USER_SERV) @${REINPLACE_CMD} -e "s#USERSERV#${USER_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(CHAN_SERV) +.if !empty(CHAN_SERV) @${REINPLACE_CMD} -e "s#CHANSERV#${CHAN_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(NICK_SERV) +.if !empty(NICK_SERV) @${REINPLACE_CMD} -e "s#NICKSERV#${NICK_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(ALIS_SERV) +.if !empty(ALIS_SERV) @${REINPLACE_CMD} -e "s#ALIS#${ALIS_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(OPER_BOT) +.if !empty(OPER_BOT) @${REINPLACE_CMD} -e "s#OPERBOT#${OPER_BOT}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(OPER_SERV) +.if !empty(OPER_SERV) @${REINPLACE_CMD} -e "s#OPERSERV#${OPER_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(JUPE_SERV) +.if !empty(JUPE_SERV) @${REINPLACE_CMD} -e "s#JUPESERV#${JUPE_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif -.if defined(GLOBAL_SERV) +.if !empty(GLOBAL_SERV) @${REINPLACE_CMD} -e "s#GLOBAL#${GLOBAL_SERV}#" \ ${WRKSRC}/contrib/ircd-shortcut.pl .endif # ----- Execute ircd-shortcut perl script to generate the .c file. ----- -.if defined(WITH_SHORTCUTS) +.if ${PORT_OPTIONS:MSHORTCUTS} @${ECHO_MSG} "Executing ircd-shortcut.pl for ircd-shortcuts generation." ${PERL} ${WRKSRC}/contrib/ircd-shortcut.pl .endif @@ -196,7 +201,7 @@ post-build: ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} # ----- Need to build the m_rsshortcut.so module for ircd-shortcut.pl ---- -.if defined(WITH_SHORTCUTS) +.if ${PORT_OPTIONS:MSHORTCUTS} @${ECHO_MSG} "Building m_rsshortcut.la for ircd-shortcuts." @cd ${INSTALL_WRKSRC}/contrib && ${SETENV} ${MAKE_ENV} ${MAKE} \ ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} m_rsshortcut.la @@ -208,7 +213,7 @@ pre-su-install: ${MKDIR} ${PREFIX}/lib/${PORTNAME}/modules post-install: -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR} cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} .endif @@ -220,7 +225,7 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/doc/genssl.sh ${PREFIX}/etc/${PORTNAME}/genssl.sh # ----- We need to install the shortcut.pl module ---- -.if defined(WITH_SHORTCUTS) +.if ${PORT_OPTIONS:MSHORTCUTS} @${ECHO_MSG} "Executing install-mod.sh for ircd-shortcuts module installation." ${SH} ${WRKSRC}/install-mod.sh ${WRKSRC}/contrib/m_rsshortcut.la \ ${PREFIX}/lib/${PORTNAME}/modules/contrib @@ -241,4 +246,4 @@ post-install: #----------------------------------------------------------------------- -.include <bsd.port.post.mk> +.include <bsd.port.mk> Modified: head/irc/ircd-ratbox/files/patch-include_config.h ============================================================================== --- head/irc/ircd-ratbox/files/patch-include_config.h Wed Jan 2 10:05:06 2013 (r309809) +++ head/irc/ircd-ratbox/files/patch-include_config.h Wed Jan 2 12:07:39 2013 (r309810) @@ -1,6 +1,6 @@ ---- ./include/config.h.orig 2012-04-13 15:02:51.000000000 +0100 -+++ ./include/config.h 2012-04-13 15:06:23.000000000 +0100 -@@ -54,15 +54,17 @@ +--- ./include/config.h.orig 2012-03-16 05:33:15.000000000 +0000 ++++ ./include/config.h 2013-01-01 05:56:38.000000000 +0000 +@@ -54,14 +54,16 @@ #define LOGPATH LOG_DIR #define UHPATH HELP_DIR "/users" #define HPATH HELP_DIR "/opers" @@ -14,9 +14,8 @@ +#define DBPATH DBPTH "/ban.db" #define MPATH ETCPATH "/ircd.motd" /* MOTD file */ #define LPATH LOGPATH "/ircd.log" /* ircd logfile */ - #define PPATH ETCPATH "/ircd.pid" /* pid file */ --#define OPATH ETCPATH "/opers.motd" /* oper MOTD file */ -+#define OPATH RUNPATH "/opers.motd" /* oper MOTD file */ +-#define PPATH ETCPATH "/ircd.pid" /* pid file */ ++#define PPATH RUNPATH "/ircd.pid" /* pid file */ + #define OPATH ETCPATH "/opers.motd" /* oper MOTD file */ /* HANGONGOODLINK and HANGONGOODLINK - * Often net breaks for a short time and it's useful to try to Modified: head/irc/ircd-ratbox/pkg-plist ============================================================================== --- head/irc/ircd-ratbox/pkg-plist Wed Jan 2 10:05:06 2013 (r309809) +++ head/irc/ircd-ratbox/pkg-plist Wed Jan 2 12:07:39 2013 (r309810) @@ -142,8 +142,8 @@ lib/ircd-ratbox/libcore.la lib/ircd-ratbox/libcore.so lib/ircd-ratbox/libratbox.la lib/ircd-ratbox/libratbox.so -%%SERVICES%%/lib/ircd-ratbox/modules/autoload/m_services.so -%%SERVICES%%/lib/ircd-ratbox/modules/autoload/m_services.la +%%SERVICES%%lib/ircd-ratbox/modules/autoload/m_services.so +%%SERVICES%%lib/ircd-ratbox/modules/autoload/m_services.la lib/ircd-ratbox/modules/autoload/m_accept.so lib/ircd-ratbox/modules/autoload/m_admin.so lib/ircd-ratbox/modules/autoload/m_adminwall.so @@ -245,7 +245,7 @@ etc/ircd-ratbox/ircd.conf.sample @exec if [ ! -f "%D/etc/ircd-ratbox/ircd.conf" ] ; then cp -p "%D/%F" "%B/ircd.conf"; fi @unexec if cmp -s "%D/etc/ircd-ratbox/ircd.motd.sample" "%D/etc/ircd-ratbox/ircd.motd"; then rm -f "%D/etc/ircd-ratbox/ircd.motd"; fi etc/ircd-ratbox/ircd.motd.sample -@exec if [ ! -f "%D/etc/ircd-ratbox/ircd.motd" ] ; then cp -p "%D/%F %B/ircd.motd"; fi +@exec if [ ! -f "%D/etc/ircd-ratbox/ircd.motd" ] ; then cp -p "%D/%F" "%B/ircd.motd"; fi @dirrmtry etc/ircd-ratbox @cwd / @dirrmtry %%LOGDIR%% _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks for the quick reaction!
Author: crees Date: Wed Jan 2 12:28:47 2013 New Revision: 309813 URL: http://svnweb.freebsd.org/changeset/ports/309813 Log: Note charybdis and ircd-ratbox vulnerabilities PR: ports/174878 Security: http://www.ratbox.org/ASA-2012-12-31.txt Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jan 2 12:23:17 2013 (r309812) +++ head/security/vuxml/vuln.xml Wed Jan 2 12:28:47 2013 (r309813) @@ -51,6 +51,38 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4108cc57-54d7-11e2-9483-14dae938ec40"> + <topic>ircd-ratbox and charybdis -- remote DoS vulnerability</topic> + <affects> + <package> + <name>ircd-ratbox</name> + <range><gt>2.*</gt><lt>3.0.8</lt></range> + </package> + <package> + <name>charybdis</name> + <range><lt>3.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>atheme.org reports:</p> + <blockquote cite="http://www.ratbox.org/ASA-2012-12-31.txt"> + <p>All versions of Charybdis are vulnerable to a remotely-triggered + crash bug caused by code originating from ircd-ratbox 2.0. + (Incidentally, this means all versions since ircd-ratbox 2.0 are + also vulnerable.)</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.ratbox.org/ASA-2012-12-31.txt</url> + </references> + <dates> + <discovery>2012-12-31</discovery> + <entry>2013-01-02</entry> + </dates> + </vuln> + <vuln vid="101f0aae-52d1-11e2-87fe-f4ce46b9ace8"> <topic>puppet -- multiple vulnerabilities</topic> <affects> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
The PORTVERSION still on 3.0.7? Is it correct?
Indeed it is not correct.... I have no idea what happened, I expect that the first hunk of the patch conflicted somehow, and I didn't notice it. I'm really sorry, I'll fix it once my test has run. Chris
Author: crees Date: Fri Jan 4 12:29:46 2013 New Revision: 309927 URL: http://svnweb.freebsd.org/changeset/ports/309927 Log: Really update to 3.0.8 this time. It appears that the first hunk of the patch caused a conflict that wasn't resolved. PR: ports/174878 Submitted by: Moggie <moggie@elasticmind.net> (maintainer) Submitted by: Gasol Wu <gasol.wu@gmail.com> Submitted by: Chris Petrik Submitted by: sbz Pointyhat to: crees Modified: head/irc/ircd-ratbox/Makefile head/irc/ircd-ratbox/distinfo Modified: head/irc/ircd-ratbox/Makefile ============================================================================== --- head/irc/ircd-ratbox/Makefile Fri Jan 4 11:14:36 2013 (r309926) +++ head/irc/ircd-ratbox/Makefile Fri Jan 4 12:29:46 2013 (r309927) @@ -1,13 +1,8 @@ -# New ports collection makefile for: ircd-ratbox -# Date Created: 2006-01-27 -# Whom: Shaun Amott <shaun@inerd.com> -# +# Created by: Shaun Amott <shaun@inerd.com> # $FreeBSD$ -# -# ex: ts=8 PORTNAME= ircd-ratbox -PORTVERSION= 3.0.7 +PORTVERSION= 3.0.8 CATEGORIES= irc ipv6 MASTER_SITES= http://www.ratbox.org/download/ \ http://www.ratbox.org/download/old/ Modified: head/irc/ircd-ratbox/distinfo ============================================================================== --- head/irc/ircd-ratbox/distinfo Fri Jan 4 11:14:36 2013 (r309926) +++ head/irc/ircd-ratbox/distinfo Fri Jan 4 12:29:46 2013 (r309927) @@ -1,2 +1,2 @@ -SHA256 (ircd-ratbox-3.0.7.tar.bz2) = 71626a0eadc41822afb93a7abb374e38ec425129df6a20ee2fc431df0e5c4f6e -SIZE (ircd-ratbox-3.0.7.tar.bz2) = 2379425 +SHA256 (ircd-ratbox-3.0.8.tar.bz2) = 6d871030ed6fba2b6f46c3e2f3bd37f375fae5dc91441081f9aabc8ccbe2d603 +SIZE (ircd-ratbox-3.0.8.tar.bz2) = 2419597 _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"