Commit e4138339 authored by Leonardo Arena's avatar Leonardo Arena
Browse files

main/weechat: security fixes #7197 (CVE-2017-8073)

parent ce40a69a
......@@ -2,7 +2,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=weechat
pkgver=1.3
pkgrel=3
pkgrel=4
pkgdesc="A fast, light, extensible ncurses-based chat client"
url="http://www.weechat.org"
arch="all"
......@@ -14,12 +14,23 @@ makedepends="$depends_dev asciidoc"
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-aspell:_plugin $pkgname-lua:_plugin
$pkgname-perl:_plugin $pkgname-python:_plugin $pkgname-ruby:_plugin"
source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz"
source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz
CVE-2017-8073.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 1.3-r4:
# - CVE-2017-8073.patch
prepare() {
cd "$_builddir"
# apply patches here
local i
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
build() {
......@@ -50,6 +61,9 @@ _plugin() {
}
md5sums="30e19794b121a4aca16f58135952d85f weechat-1.3.tar.gz"
sha256sums="5c6c8f21f4835034c78c9f86f70c8df76afa73897481e84261e1583db46b678d weechat-1.3.tar.gz"
sha512sums="5c28a89f3050e813bf18eb5a15197384700b4131ec6f65665027316eec84ffaeb850a7053bfd4dcbb97e05541e34f862eeb5c04707b360b63da0730a12bffd55 weechat-1.3.tar.gz"
md5sums="30e19794b121a4aca16f58135952d85f weechat-1.3.tar.gz
7d991bd4ff456d80166b59f19ead0053 CVE-2017-8073.patch"
sha256sums="5c6c8f21f4835034c78c9f86f70c8df76afa73897481e84261e1583db46b678d weechat-1.3.tar.gz
11004a3ffeac5a4701f648f11079b404b86048825b5733caaf3bf8aa713ac6ff CVE-2017-8073.patch"
sha512sums="5c28a89f3050e813bf18eb5a15197384700b4131ec6f65665027316eec84ffaeb850a7053bfd4dcbb97e05541e34f862eeb5c04707b360b63da0730a12bffd55 weechat-1.3.tar.gz
dda1e2f12c418acb8b0a63d9da2e2506c9f5c57654bf3699841c976b4a56ebd729578a777ec871c70015588133362582bd719d5f3cae38c01f329cfc49c739cc CVE-2017-8073.patch"
--- a/src/plugins/irc/irc-ctcp.c
+++ b/src/plugins/irc/irc-ctcp.c
@@ -510,7 +510,7 @@
int length;
length = strlen (filename);
- if (length > 0)
+ if (length > 1)
{
if ((filename[0] == '\"') && (filename[length - 1] == '\"'))
return weechat_strndup (filename + 1, length - 2);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment