Commit 19098c30 authored by Leonardo Arena's avatar Leonardo Arena
Browse files

main/weechat: security fixes #7196 (CVE-2017-8073)

parent 03b2c13a
......@@ -2,7 +2,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=weechat
pkgver=1.5
pkgrel=1
pkgrel=2
pkgdesc="A fast, light, extensible ncurses-based chat client"
url="http://www.weechat.org"
arch="all"
......@@ -14,9 +14,20 @@ makedepends="$depends_dev asciidoc"
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-aspell:_plugin $pkgname-lua:_plugin
$pkgname-perl:_plugin $pkgname-python:_plugin $pkgname-ruby:_plugin"
source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz"
source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz
CVE-2017-8073.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 1.5-r2:
# - CVE-2017-8073.patch
prepare() {
cd "$_builddir"
default_prepare || return 1
}
build() {
cd "$_builddir"
mkdir -p build
......@@ -44,6 +55,9 @@ _plugin() {
mv "$pkgdir"/$_dir/${_name}.so "$subpkgdir"/$_dir
}
md5sums="6e4f9c2ec870aab0696c43936800d733 weechat-1.5.tar.gz"
sha256sums="3174558556a20ae8f9ee3abbf66b7d42b657d3370322555501a707e339e10771 weechat-1.5.tar.gz"
sha512sums="9ac7cb7ccab7348abbe65dc7069bc5609272107fbc15b0660cdc59dfb157f360178b26636061914f8c469433303990b94a19ef7f35b1a40aecec62a0ce955624 weechat-1.5.tar.gz"
md5sums="6e4f9c2ec870aab0696c43936800d733 weechat-1.5.tar.gz
f390999b30cb67c85a879aec4d180a64 CVE-2017-8073.patch"
sha256sums="3174558556a20ae8f9ee3abbf66b7d42b657d3370322555501a707e339e10771 weechat-1.5.tar.gz
03c9167feac5c7385aa75e9daac74476a3946755ea5738ca3c0ea4805623cac2 CVE-2017-8073.patch"
sha512sums="9ac7cb7ccab7348abbe65dc7069bc5609272107fbc15b0660cdc59dfb157f360178b26636061914f8c469433303990b94a19ef7f35b1a40aecec62a0ce955624 weechat-1.5.tar.gz
5d4c0cf70ddb7c8f8ca8bbfc55e5c7b3d82be59034fd92a1896880540fcf90c2c9f6683c42b0482904bddfcfae5fa7b2e6239dacb573d77420888ffdda6c9fc7 CVE-2017-8073.patch"
From 2fb346f25f79e412cf0ed314fdf791763c19b70b Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 22 Apr 2017 15:10:53 +0200
Subject: [PATCH] irc: fix parsing of DCC filename
---
src/plugins/irc/irc-ctcp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/plugins/irc/irc-ctcp.c b/src/plugins/irc/irc-ctcp.c
index e62832b..8afee68 100644
--- a/src/plugins/irc/irc-ctcp.c
+++ b/src/plugins/irc/irc-ctcp.c
@@ -512,7 +512,7 @@ irc_ctcp_dcc_filename_without_quotes (const char *filename)
int length;
length = strlen (filename);
- if (length > 0)
+ if (length > 1)
{
if ((filename[0] == '\"') && (filename[length - 1] == '\"'))
return weechat_strndup (filename + 1, length - 2);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment