Bug 174878 - [maintainer-update|patch] irc/ircd-ratbox: Update to ratbox-3.0.8 for DOS fix
Summary: [maintainer-update|patch] irc/ircd-ratbox: Update to ratbox-3.0.8 for DOS fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Chris Rees
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-01 09:20 UTC by moggie
Modified: 2013-01-04 13:38 UTC (History)
0 users

See Also:


Attachments
ircd-ratbox-3.0.8.diff (8.81 KB, patch)
2013-01-01 09:20 UTC, moggie
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description moggie 2013-01-01 09:20:00 UTC
Updated irc/ircd-ratbox to ircd-ratbox-3.0.8 (security update release).

A Denial of Service vulnerability has been discovered that impacts ircd-ratbox and its derivatives.

Improper assumptions in the server handshake code (CAPAB module) leave the IRCd vulnerable to a
remote crash. Versions 2.0.x to 3.0.7 are affected. Admins are advised to upgrade immediately.

For further details see: http://www.ratbox.org/ASA-2012-12-31.txt

Port changes:
- Update for optionsng.
- Correct an error preventing the services module from being deinstalled.
- Fix a typo during ircd.motd copy.
Comment 1 Chris Rees freebsd_committer 2013-01-02 11:50:07 UTC
Responsible Changed
From-To: freebsd-ports-bugs->crees

I'll take it.
Comment 2 dfilter service freebsd_committer 2013-01-02 12:07:52 UTC
Author: crees
Date: Wed Jan  2 12:07:39 2013
New Revision: 309810
URL: http://svnweb.freebsd.org/changeset/ports/309810

Log:
  Security update to 3.0.8, to fix a remote DoS crash
  
  Admins are advised to upgrade immediately.
  
  PR:		ports/174878
  Submitted by:	moggie <moggie@elasticmind.net> (maintainer)
  Security:	http://www.ratbox.org/ASA-2012-12-31.txt

Modified:
  head/irc/ircd-ratbox/Makefile
  head/irc/ircd-ratbox/files/patch-include_config.h
  head/irc/ircd-ratbox/pkg-plist

Modified: head/irc/ircd-ratbox/Makefile
==============================================================================
--- head/irc/ircd-ratbox/Makefile	Wed Jan  2 10:05:06 2013	(r309809)
+++ head/irc/ircd-ratbox/Makefile	Wed Jan  2 12:07:39 2013	(r309810)
@@ -49,56 +49,61 @@ PORTDOCS=	[^i]*.txt README.* technical/[
 
 #-- Options ------------------------------------------------------------
 
-OPTIONS=	OPENSSL		"Enable openssl support"			on  \
-		IPV6		"Enable IPv6 support"				on  \
-		ZIPLINKS	"Enable ziplinks support"			on  \
-		SHARED_MODULES	"Enable shared modules support"			on  \
-		ASSERT		"Enable debugging code"				off \
-		SMALL_NET	"Tune server for small networks"		off \
-		SERVICES	"Enable ratbox-services compatibility code"	off \
-		SHORTCUTS	"Build with ircd-shortcut commands"		off
+OPTIONS_DEFINE=		OPENSSL IPV6 ZIPLINKS SHARED_MODS ASSERT SMALL_NET	\
+			SERVICES SHORTCUTS
+OPENSSL_DESC=		Support OpenSSL encrypted connections
+IPV6_DESC=		Enable IPv6 support
+ZIPLINKS_DESC=		Support compressed server links
+SHARED_MODS_DESC=	Support shared modules
+ASSERT_DESC=		Enable debugging code
+SMALL_NET_DESC=		Tune server internals for small networks
+SERVICES_DESC=		Enable ratbox-services compatibility code
+SHORTCUTS_DESC=		Build with ircd-shortcut commands
+
+OPTIONS_DEFAULT=	OPENSSL IPV6 ZIPLINKS SHARED_MODS
+OPTIONS_EXCLUDE=	NLS EXAMPLES
 
 #----------------------------------------------------------------------
 
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
 
-.if defined(WITH_OPENSSL)
-.include "${PORTSDIR}/Mk/bsd.openssl.mk"
+.if ${PORT_OPTIONS:MOPENSSL}
+WITH_OPENSSL_BASE=yes
 CONFIGURE_ARGS+=	--enable-openssl
 .else
 CONFIGURE_ARGS+=	--disable-openssl
 .endif
 
-.if defined(WITHOUT_IPV6)
+.if ${PORT_OPTIONS:MIPV6}
 CONFIGURE_ARGS+=	--disable-ipv6
 .endif
 
-.if defined(WITHOUT_ZIPLINKS)
+.if ${PORT_OPTIONS:MZIPLINKS}
 CONFIGURE_ARGS+=	--disable-zlib
 .endif
 
-.if defined(WITHOUT_SHARED_MODULES)
+.if ${PORT_OPTIONS:MSHARED_MODS}
 CONFIGURE_ARGS+=	--disable-shared-modules
 .endif
 
-.if defined(WITH_ASSERT)
+.if ${PORT_OPTIONS:MASSERT}
 CONFIGURE_ARGS+=	--enable-assert
 .else
 CONFIGURE_ARGS+=	--disable-assert
 .endif
 
-.if defined(WITH_SMALL_NET)
+.if ${PORT_OPTIONS:MSMALL_NET}
 CONFIGURE_ARGS+=	--enable-small-net
 .endif
 
-.if defined(WITH_SERVICES)
+.if ${PORT_OPTIONS:MSERVICES}
 CONFIGURE_ARGS+=	--enable-services
 PLIST_SUB+=		SERVICES=""
 .else
 PLIST_SUB+=		SERVICES="@comment "
 .endif
 
-.if defined(WITH_SHORTCUTS)
+.if ${PORT_OPTIONS:MSHORTCUTS}
 USE_PERL5_BUILD=	yes
 PLIST_SUB+=		SHORTCUTS=""
 .else
@@ -107,7 +112,7 @@ PLIST_SUB+=		SHORTCUTS="@comment "
 
 #-- User Configuration -------------------------------------------------
 
-.if defined(NICKLEN)
+.if !empty(NICKLEN)
 CONFIGURE_ARGS+=	--with-nicklen=${NICKLEN}
 .endif
 
@@ -148,45 +153,45 @@ pre-build:
 
 #-- ircd-shortcut.pl ratbox-services commands --------------------------------------
 
-.if defined(SERVER_NAME)
+.if !empty(SERVER_NAME)
 	@${REINPLACE_CMD} -e "s#services.ircd-ratbox.org#${SERVER_NAME}#"       \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(USER_SERV)
+.if !empty(USER_SERV)
 	@${REINPLACE_CMD} -e "s#USERSERV#${USER_SERV}#" \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(CHAN_SERV)
+.if !empty(CHAN_SERV)
 	@${REINPLACE_CMD} -e "s#CHANSERV#${CHAN_SERV}#" \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(NICK_SERV)
+.if !empty(NICK_SERV)
 	@${REINPLACE_CMD} -e "s#NICKSERV#${NICK_SERV}#" \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(ALIS_SERV)
+.if !empty(ALIS_SERV)
 	@${REINPLACE_CMD} -e "s#ALIS#${ALIS_SERV}#"     \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(OPER_BOT)
+.if !empty(OPER_BOT)
 	@${REINPLACE_CMD} -e "s#OPERBOT#${OPER_BOT}#"   \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(OPER_SERV)
+.if !empty(OPER_SERV)
 	@${REINPLACE_CMD} -e "s#OPERSERV#${OPER_SERV}#" \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(JUPE_SERV)
+.if !empty(JUPE_SERV)
 	@${REINPLACE_CMD} -e "s#JUPESERV#${JUPE_SERV}#" \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
-.if defined(GLOBAL_SERV)
+.if !empty(GLOBAL_SERV)
 	@${REINPLACE_CMD} -e "s#GLOBAL#${GLOBAL_SERV}#" \
 	${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
 
 # ----- Execute ircd-shortcut perl script to generate the .c file. -----
-.if defined(WITH_SHORTCUTS)
+.if ${PORT_OPTIONS:MSHORTCUTS}
 	@${ECHO_MSG} "Executing ircd-shortcut.pl for ircd-shortcuts generation."
 	${PERL} ${WRKSRC}/contrib/ircd-shortcut.pl
 .endif
@@ -196,7 +201,7 @@ post-build:
 		${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS}
 
 # ----- Need to build the m_rsshortcut.so module for ircd-shortcut.pl ----
-.if defined(WITH_SHORTCUTS)
+.if ${PORT_OPTIONS:MSHORTCUTS}
 	@${ECHO_MSG} "Building m_rsshortcut.la for ircd-shortcuts."
 	@cd ${INSTALL_WRKSRC}/contrib && ${SETENV} ${MAKE_ENV} ${MAKE} \
 		${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} m_rsshortcut.la
@@ -208,7 +213,7 @@ pre-su-install:
 	${MKDIR} ${PREFIX}/lib/${PORTNAME}/modules
 
 post-install:
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
 .endif
@@ -220,7 +225,7 @@ post-install:
 	${INSTALL_DATA} ${WRKSRC}/doc/genssl.sh ${PREFIX}/etc/${PORTNAME}/genssl.sh
 
 # ----- We need to install the shortcut.pl module ----
-.if defined(WITH_SHORTCUTS)
+.if ${PORT_OPTIONS:MSHORTCUTS}
 	@${ECHO_MSG} "Executing install-mod.sh for ircd-shortcuts module installation."
 	${SH} ${WRKSRC}/install-mod.sh ${WRKSRC}/contrib/m_rsshortcut.la \
 		${PREFIX}/lib/${PORTNAME}/modules/contrib
@@ -241,4 +246,4 @@ post-install:
 
 #-----------------------------------------------------------------------
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>

Modified: head/irc/ircd-ratbox/files/patch-include_config.h
==============================================================================
--- head/irc/ircd-ratbox/files/patch-include_config.h	Wed Jan  2 10:05:06 2013	(r309809)
+++ head/irc/ircd-ratbox/files/patch-include_config.h	Wed Jan  2 12:07:39 2013	(r309810)
@@ -1,6 +1,6 @@
---- ./include/config.h.orig	2012-04-13 15:02:51.000000000 +0100
-+++ ./include/config.h	2012-04-13 15:06:23.000000000 +0100
-@@ -54,15 +54,17 @@
+--- ./include/config.h.orig	2012-03-16 05:33:15.000000000 +0000
++++ ./include/config.h	2013-01-01 05:56:38.000000000 +0000
+@@ -54,14 +54,16 @@
  #define LOGPATH LOG_DIR
  #define UHPATH   HELP_DIR "/users"
  #define HPATH  HELP_DIR "/opers"
@@ -14,9 +14,8 @@
 +#define DBPATH   DBPTH "/ban.db"
  #define MPATH    ETCPATH "/ircd.motd"	/* MOTD file */
  #define LPATH    LOGPATH "/ircd.log"	/* ircd logfile */
- #define PPATH    ETCPATH "/ircd.pid"	/* pid file */
--#define OPATH    ETCPATH "/opers.motd"	/* oper MOTD file */
-+#define OPATH    RUNPATH "/opers.motd"	/* oper MOTD file */
+-#define PPATH    ETCPATH "/ircd.pid"	/* pid file */
++#define PPATH    RUNPATH "/ircd.pid"	/* pid file */
+ #define OPATH    ETCPATH "/opers.motd"	/* oper MOTD file */
  
  /* HANGONGOODLINK and HANGONGOODLINK
-  * Often net breaks for a short time and it's useful to try to

Modified: head/irc/ircd-ratbox/pkg-plist
==============================================================================
--- head/irc/ircd-ratbox/pkg-plist	Wed Jan  2 10:05:06 2013	(r309809)
+++ head/irc/ircd-ratbox/pkg-plist	Wed Jan  2 12:07:39 2013	(r309810)
@@ -142,8 +142,8 @@ lib/ircd-ratbox/libcore.la
 lib/ircd-ratbox/libcore.so
 lib/ircd-ratbox/libratbox.la
 lib/ircd-ratbox/libratbox.so
-%%SERVICES%%/lib/ircd-ratbox/modules/autoload/m_services.so
-%%SERVICES%%/lib/ircd-ratbox/modules/autoload/m_services.la
+%%SERVICES%%lib/ircd-ratbox/modules/autoload/m_services.so
+%%SERVICES%%lib/ircd-ratbox/modules/autoload/m_services.la
 lib/ircd-ratbox/modules/autoload/m_accept.so
 lib/ircd-ratbox/modules/autoload/m_admin.so
 lib/ircd-ratbox/modules/autoload/m_adminwall.so
@@ -245,7 +245,7 @@ etc/ircd-ratbox/ircd.conf.sample
 @exec if [ ! -f "%D/etc/ircd-ratbox/ircd.conf" ] ; then cp -p "%D/%F" "%B/ircd.conf"; fi
 @unexec if cmp -s "%D/etc/ircd-ratbox/ircd.motd.sample" "%D/etc/ircd-ratbox/ircd.motd"; then rm -f "%D/etc/ircd-ratbox/ircd.motd"; fi
 etc/ircd-ratbox/ircd.motd.sample
-@exec if [ ! -f "%D/etc/ircd-ratbox/ircd.motd" ] ; then cp -p "%D/%F %B/ircd.motd"; fi
+@exec if [ ! -f "%D/etc/ircd-ratbox/ircd.motd" ] ; then cp -p "%D/%F" "%B/ircd.motd"; fi
 @dirrmtry etc/ircd-ratbox
 @cwd /
 @dirrmtry %%LOGDIR%%
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Chris Rees freebsd_committer 2013-01-02 12:10:33 UTC
State Changed
From-To: open->closed

Committed.  Thanks for the quick reaction!
Comment 4 dfilter service freebsd_committer 2013-01-02 12:29:02 UTC
Author: crees
Date: Wed Jan  2 12:28:47 2013
New Revision: 309813
URL: http://svnweb.freebsd.org/changeset/ports/309813

Log:
  Note charybdis and ircd-ratbox vulnerabilities
  
  PR:		ports/174878
  Security:	http://www.ratbox.org/ASA-2012-12-31.txt

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jan  2 12:23:17 2013	(r309812)
+++ head/security/vuxml/vuln.xml	Wed Jan  2 12:28:47 2013	(r309813)
@@ -51,6 +51,38 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="4108cc57-54d7-11e2-9483-14dae938ec40">
+    <topic>ircd-ratbox and charybdis -- remote DoS vulnerability</topic>
+    <affects>
+      <package>
+	<name>ircd-ratbox</name>
+	<range><gt>2.*</gt><lt>3.0.8</lt></range>
+      </package>
+      <package>
+	<name>charybdis</name>
+	<range><lt>3.4.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>atheme.org reports:</p>
+	<blockquote cite="http://www.ratbox.org/ASA-2012-12-31.txt">
+	  <p>All versions of Charybdis are vulnerable to a remotely-triggered
+	    crash bug caused by code originating from ircd-ratbox 2.0.
+	    (Incidentally, this means all versions since ircd-ratbox 2.0 are
+	    also vulnerable.)</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.ratbox.org/ASA-2012-12-31.txt</url>
+    </references>
+    <dates>
+      <discovery>2012-12-31</discovery>
+      <entry>2013-01-02</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="101f0aae-52d1-11e2-87fe-f4ce46b9ace8">
     <topic>puppet -- multiple vulnerabilities</topic>
     <affects>
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 5 Gasol Wu 2013-01-04 06:29:47 UTC
The PORTVERSION still on 3.0.7? Is it correct?
Comment 6 Chris Rees freebsd_committer 2013-01-04 12:04:34 UTC
Indeed it is not correct....

I have no idea what happened, I expect that the first hunk of the
patch conflicted somehow, and I didn't notice it.

I'm really sorry, I'll fix it once my test has run.

Chris
Comment 7 dfilter service freebsd_committer 2013-01-04 12:29:54 UTC
Author: crees
Date: Fri Jan  4 12:29:46 2013
New Revision: 309927
URL: http://svnweb.freebsd.org/changeset/ports/309927

Log:
  Really update to 3.0.8 this time.  It appears that the first hunk of the patch
  caused a conflict that wasn't resolved.
  
  PR:		ports/174878
  Submitted by:	Moggie <moggie@elasticmind.net> (maintainer)
  Submitted by:	Gasol Wu <gasol.wu@gmail.com>
  Submitted by:	Chris Petrik
  Submitted by:	sbz
  Pointyhat to:	crees

Modified:
  head/irc/ircd-ratbox/Makefile
  head/irc/ircd-ratbox/distinfo

Modified: head/irc/ircd-ratbox/Makefile
==============================================================================
--- head/irc/ircd-ratbox/Makefile	Fri Jan  4 11:14:36 2013	(r309926)
+++ head/irc/ircd-ratbox/Makefile	Fri Jan  4 12:29:46 2013	(r309927)
@@ -1,13 +1,8 @@
-# New ports collection makefile for:	ircd-ratbox
-# Date Created:				2006-01-27
-# Whom:					Shaun Amott <shaun@inerd.com>
-#
+# Created by: Shaun Amott <shaun@inerd.com>
 # $FreeBSD$
-#
-# ex: ts=8
 
 PORTNAME=	ircd-ratbox
-PORTVERSION=	3.0.7
+PORTVERSION=	3.0.8
 CATEGORIES=	irc ipv6
 MASTER_SITES=	http://www.ratbox.org/download/				\
 		http://www.ratbox.org/download/old/

Modified: head/irc/ircd-ratbox/distinfo
==============================================================================
--- head/irc/ircd-ratbox/distinfo	Fri Jan  4 11:14:36 2013	(r309926)
+++ head/irc/ircd-ratbox/distinfo	Fri Jan  4 12:29:46 2013	(r309927)
@@ -1,2 +1,2 @@
-SHA256 (ircd-ratbox-3.0.7.tar.bz2) = 71626a0eadc41822afb93a7abb374e38ec425129df6a20ee2fc431df0e5c4f6e
-SIZE (ircd-ratbox-3.0.7.tar.bz2) = 2379425
+SHA256 (ircd-ratbox-3.0.8.tar.bz2) = 6d871030ed6fba2b6f46c3e2f3bd37f375fae5dc91441081f9aabc8ccbe2d603
+SIZE (ircd-ratbox-3.0.8.tar.bz2) = 2419597
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"