134748 – [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash

Bug 134748 - [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash

Summary: [patch][vuxml] irc/eggdrop: apply 1.6.19/ctcpfix and eliminate remote crash

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Beech Rintoul

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-05-20 12:40 UTC by Eygene Ryabinkin
Modified:	2009-05-30 22:00 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eygene Ryabinkin 2009-05-20 12:40:01 UTC

There is remote crash in eggdrop >= 1.6.19 < 1.6.19+ctcpfix: [1], [2].

Fix: The following patch adds upstream fix to the FreeBSD port.  Patched port
compiles fine, but I can't test its actual operations because of lack of
the IRC stuff at hand, sorry.


The following VuXML entry should be evaluated and added:
  <vuln vid="22876fd9-4530-11de-9b62-0022156e8794">
    <topic>eggdrop -- remote crash</topic>
    <affects>
      <package>
        <name></name>
        <range><ge>1.6.19</ge><lt>1.6.19_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>SecurityFocus reports:</p>
        <blockquote
          cite="http://www.securityfocus.com/bid/34985/discuss">
          <p>Eggdrop is prone to a remote denial-of-service
          vulnerability because it fails to adequately validate
          user-supplied input.</p>
          <p>An attacker may exploit this issue to crash the
          application, resulting in a denial-of-service condition.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <bid>34985</bid>
      <url>http://www.securityfocus.com/archive/1/503574/30/30/threaded</url>
      <url>http://www.eggheads.org/news/2009/05/14/35</url>
    </references>
    <dates>
      <discovery>2009-05-20</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln.xml ends here -----tFRhbO8FI8WJUHQNrSKMg4bx5Q2DGqMJORrt7BCwDisGOQdw
Content-Type: text/plain; name="1.6.19-apply-ctcpfix.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="1.6.19-apply-ctcpfix.diff"

From 5457a18e9144e3194d3f6a21cff837cf7e76aa54 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Wed, 20 May 2009 15:18:20 +0400

...and thus fix remote crash possibility.

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 irc/eggdrop/Makefile |   10 ++++++----
 irc/eggdrop/distinfo |    3 +++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/irc/eggdrop/Makefile b/irc/eggdrop/Makefile
index 7c20798..9da4602 100644
--- a/irc/eggdrop/Makefile
+++ b/irc/eggdrop/Makefile
@@ -7,15 +7,17 @@
 
 PORTNAME=	eggdrop
 PORTVERSION=	1.6.19
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	irc
 MASTER_SITES=	ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/ \
 		LOCAL/beech
 DISTNAME=	${PORTNAME}${PORTVERSION}
 
-PATCHFILES=	${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz
-PATCH_SITES=	http://www.egghelp.org/files/patches/ \
-		LOCAL/beech
+PATCHFILES=	${PORTNAME}-${PORTVERSION}-ssl-rootie.patch.gz:ssl \
+		eggdrop1.6.19+ctcpfix.patch.gz:ctcpfix
+PATCH_SITES=	http://www.egghelp.org/files/patches/:ssl \
+		LOCAL/beech:ssl \
+		ftp://ftp.eggheads.org/pub/eggdrop/patches/official/1.6/:ctcpfix
 
 MAINTAINER=	beech@FreeBSD.org
 COMMENT=	The most popular open source Internet Relay Chat bot
diff --git a/irc/eggdrop/distinfo b/irc/eggdrop/distinfo
index e3e062b..1b379ee 100644
--- a/irc/eggdrop/distinfo
+++ b/irc/eggdrop/distinfo
@@ -4,3 +4,6 @@ SIZE (eggdrop1.6.19.tar.bz2) = 811072
 MD5 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 6d477d54e16afff3215b9b53e34a0521
 SHA256 (eggdrop-1.6.19-ssl-rootie.patch.gz) = 94b06c392da5f13c04cc1d3e87b52e3c2ed9af8ba58cf360f121bb0a06f49ce3
 SIZE (eggdrop-1.6.19-ssl-rootie.patch.gz) = 9285
+MD5 (eggdrop1.6.19+ctcpfix.patch.gz) = 86d159a5e3460ec8fb30cb1a27a32acc
+SHA256 (eggdrop1.6.19+ctcpfix.patch.gz) = 2f01f00692c29fb9568721d80cf38289031a09bc15d2fac483ad16aec4b788a7
+SIZE (eggdrop1.6.19+ctcpfix.patch.gz) = 666
-- 
1.6.3.1
How-To-Repeat: 
[1] http://www.eggheads.org/news/2009/05/14/35
[2] http://www.securityfocus.com/archive/1/503574/30/30/threaded

Comment 1 Edwin Groothuis freebsd_committer

2009-05-20 12:40:16 UTC

Responsible Changed
From-To: freebsd-ports-bugs->beech

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 dfilter service freebsd_committer

2009-05-30 21:57:51 UTC

miwi        2009-05-30 20:57:42 UTC

  FreeBSD ports repository

  Modified files:
    irc/eggdrop          Makefile distinfo 
  Log:
  - Fix CVE-2009-1789
  
  PR:             134748
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  Approved by:    maintainer implicit
  Security:       http://www.freebsd.org/ports/portaudit/399f4cd7-4d59-11de-8811-0030843d3802.html
  
  Revision  Changes    Path
  1.20      +5 -4      ports/irc/eggdrop/Makefile
  1.9       +3 -0      ports/irc/eggdrop/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"

Comment 3 Martin Wilke freebsd_committer

2009-05-30 21:57:55 UTC

State Changed
From-To: open->closed

Committed. Thanks!