X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65])
	by lists.alpinelinux.org (Postfix) with ESMTP id CB0025C4185
	for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 11:11:14 +0000 (GMT)
Received: by mail-lf0-f65.google.com with SMTP id v186so1263799lfa.2
        for <alpine-aports@lists.alpinelinux.org>; Wed, 18 Jan 2017 03:11:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=P+3bA8OLzpI6232m2EyvrGQKYOSAZ+YxXGLtyae6qbY=;
        b=EzO0awxN5aQk3MfoZaRZd2z/ehLi82i3aVPSpXqylv8Y82n8dAGmLj4hvt8wOOu67n
         txYCkWZeIi0JsGNkM4RFSmn2CeKJVWoLav+qrbzCPw8qsfKfYyAWb/RMpylzl+ISlZET
         ljXbC7lM1CTPE6KQxsgY8YRx38OAkV256iI7Eb86B8T3cydTvFBmgsiEHYZ8MCP09B2F
         sfP2XQPn3MA174XYDYWgmW1RATKwrtP2SPNAOEL8yXwnPEDPfsRDKxHio6bN55yz2xCZ
         /NZ/HNLoe0wN8/HC38N0gGyLxSPVWBM63uYKMKbH+Q2YTUzvGwyhn4NiK8kn7WkZHZG1
         Bd7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=P+3bA8OLzpI6232m2EyvrGQKYOSAZ+YxXGLtyae6qbY=;
        b=O2tBVE5TpWQwfi/BPOM60l/awqL/7qk+kOtBs6nAi5fYu6Wk9j6PO97CEGnFmIKcct
         1mTOUFSA3qUnFBPRF+5qURvHOVoYDxvK2cCKDtNcr+UBrdVTMpqrLb0GpZuOK9pXYXQN
         AqFlxa/wMgL8tRlw5+RKphoae6cJP3vn53DwOQoTarCplNX7tOYayFsvM0EQCDpYjJCR
         hqTGNSQhz/fGxJN9xifW3otqNXH5GfRuaptwjmfSDpcfXcAzmxvjs7BxiD7h/W5TmJrm
         V1m8vwJil6O7LAbeh6lh99SJrQQZYrmzDNCJ/SRFzdXsj1teq1oxqv3mUpT1hOtPr0DB
         GerA==
X-Gm-Message-State: AIkVDXLHwmBszFdH4z+b/JklmVjgYGg8Im8DDIX0Z9DiNr5DDYPok8QcqkikrzTYXrVG7Q==
X-Received: by 10.25.72.20 with SMTP id v20mr905078lfa.46.1484737874020;
        Wed, 18 Jan 2017 03:11:14 -0800 (PST)
Received: from v3-5.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id 25sm2142584ljo.43.2017.01.18.03.11.13
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 18 Jan 2017 03:11:13 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.5] main/irssi: security upgrade to 0.8.21 - fixes #6691
Date: Wed, 18 Jan 2017 11:11:06 +0000
Message-Id: <20170118111106.7468-1-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.11.0
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2017-5193: A NULL pointer dereference in the nickcmp function.
CVE-2017-5194: Use after free when receiving invalid nick message.
CVE-2017-5356: Out of bounds read when Printing the value.
CVE-2017-5195: Out of bounds read in certain incomplete control codes.
CVE-2017-5196: Out of bounds read in certain incomplete character sequences.
---
This release fixes four remote crash issues in older Irssi releases.
There are no new features compared to 0.8.20
https://irssi.org/2017/01/05/irssi-0.8.21-released

 main/irssi/APKBUILD | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
index b7340a2a2d..2dcf94bc04 100644
--- a/main/irssi/APKBUILD
+++ b/main/irssi/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Kiyoshi Aman <kiyoshi.aman@gmail.com>
 pkgname=irssi
-pkgver=0.8.20
-pkgrel=1
+pkgver=0.8.21
+pkgrel=0
 pkgdesc="A modular textUI IRC client with IPv6 support"
 url="http://irssi.org/"
 arch="all"
@@ -11,10 +12,18 @@ makedepends="glib-dev libressl-dev ncurses-dev perl-dev automake autoconf libtoo
 subpackages="$pkgname-doc $pkgname-dev $pkgname-proxy $pkgname-perl"
 source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.tar.xz"
 
-_builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+#   0.8.21-r0:
+#     - CVE-2017-5193
+#     - CVE-2017-5194
+#     - CVE-2017-5356
+#     - CVE-2017-5195
+#     - CVE-2017-5196
+
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	local i
-	cd "$_builddir"
+	cd "$builddir"
 	for i in $source; do
 		case $i in
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
@@ -23,7 +32,7 @@ prepare() {
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -38,7 +47,7 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
 	find "$pkgdir" -name perllocal.pod -delete
 }
@@ -67,6 +76,6 @@ proxy() {
 	mv "$pkgdir"/usr/lib/irssi/modules/libirc_proxy.* "$subpkgdir"/usr/lib/irssi/modules/
 }
 
-md5sums="67d48c5feec2d3b949d088aa4abc3601  irssi-0.8.20.tar.xz"
-sha256sums="7882c4e821f5aac469c5e69e69d7e235f4986101285c675e81a9a95bfb20505a  irssi-0.8.20.tar.xz"
-sha512sums="ace39022a3e7461fc33cbd0e8c6635aa84c67fc4f6364b66747f860a4538a4b17bbd677e342fbfa9ae7e97783745f8d7dab350a27330ce14f1702386231296b1  irssi-0.8.20.tar.xz"
+md5sums="b820760c3b4f3b0c24abe4db82b6366a  irssi-0.8.21.tar.xz"
+sha256sums="e433063b8714dcf17438126902c9a9d5c97944b3185ecd0fc5ae25c4959bf35a  irssi-0.8.21.tar.xz"
+sha512sums="110934ab85c8574fc76bce367c58378e28603898e63a5014a72170ffe441ffe3dbda432531e899176f5c4126f47d929a3a01a2f87bcacbfe0ba4d6d8cb31e642  irssi-0.8.21.tar.xz"
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---