Mail archive
alpine-aports

[alpine-aports] [PATCH v3.5] main/irssi: security upgrade to 0.8.21 - fixes #6691

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Wed, 18 Jan 2017 11:11:06 +0000

CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.
---
This release fixes four remote crash issues in older Irssi releases.
There are no new features compared to 0.8.20
https://irssi.org/2017/01/05/irssi-0.8.21-released
 main/irssi/APKBUILD | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index b7340a2a2d..2dcf94bc04 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
_at_@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Kiyoshi Aman <kiyoshi.aman_at_gmail.com>
 pkgname=irssi
-pkgver=0.8.20
-pkgrel=1
+pkgver=0.8.21
+pkgrel=0
 pkgdesc="A modular textUI IRC client with IPv6 support"
 url="http://irssi.org/"
 arch="all"
_at_@ -11,10 +12,18 @@ makedepends="glib-dev libressl-dev ncurses-dev perl-dev automake autoconf libtoo
 subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
 source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz"
 
-_builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+#   0.8.21-r0:
+#     - CVE-2017-5193
+#     - CVE-2017-5194
+#     - CVE-2017-5356
+#     - CVE-2017-5195
+#     - CVE-2017-5196
+
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	local i
-	cd "$_builddir"
+	cd "$builddir"
 	for i in $source; do
 		case $i in
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
_at_@ -23,7 +32,7 @@ prepare() {
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
_at_@ -38,7 +47,7 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	find "$pkgdir" -name perllocal.pod -delete
 }
_at_@ -67,6 +76,6 @@ proxy() {
 	mv "$pkgdir"/usr/lib/irssi/modules/libirc_proxy.* "$subpkgdir"/usr/lib/irssi/modules/
 }
 
-md5sums="67d48c5feec2d3b949d088aa4abc3601  irssi-0.8.20.tar.xz"
-sha256sums="7882c4e821f5aac469c5e69e69d7e235f4986101285c675e81a9a95bfb20505a  irssi-0.8.20.tar.xz"
-sha512sums="ace39022a3e7461fc33cbd0e8c6635aa84c67fc4f6364b66747f860a4538a4b17bbd677e342fbfa9ae7e97783745f8d7dab350a27330ce14f1702386231296b1  irssi-0.8.20.tar.xz"
+md5sums="b820760c3b4f3b0c24abe4db82b6366a  irssi-0.8.21.tar.xz"
+sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a  irssi-0.8.21.tar.xz"
+sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642  irssi-0.8.21.tar.xz"
-- 
2.11.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed Jan 18 2017 - 11:11:06 GMT