Commit fab6af54 authored by Leonardo Arena's avatar Leonardo Arena
Browse files

main/weechat: security fixes #7198 (CVE-2017-8073)

parent 2e939e62
......@@ -2,7 +2,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=weechat
pkgver=1.2
pkgrel=0
pkgrel=1
pkgdesc="A fast, light, extensible ncurses-based chat client"
url="http://www.weechat.org"
arch="all"
......@@ -13,12 +13,23 @@ depends_dev="cmake libintl ncurses-dev gnutls-dev libgcrypt-dev
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev"
source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz"
source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz
CVE-2017-8073.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 1.2-r1:
# - CVE-2017-8073.patch
prepare() {
cd "$_builddir"
# apply patches here
local i
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
build() {
......@@ -33,6 +44,9 @@ package() {
make DESTDIR="$pkgdir/" install || return 1
}
md5sums="7e561d9093af164c2ab32634ece0e0ef weechat-1.2.tar.gz"
sha256sums="0f9b00e3fe4d0a4e864111d4231e1756f7be5c1b2b6d17da43bd785ab9f035d8 weechat-1.2.tar.gz"
sha512sums="178dcebb6c8bb3843b6eb0927d4941fbc73a75464f33afcf0c211a4a2e7aa3492a7f4e67ef17f5ac610d56bab27f9b508f5bfc3f22512f3594e0c067c4c89e71 weechat-1.2.tar.gz"
md5sums="7e561d9093af164c2ab32634ece0e0ef weechat-1.2.tar.gz
7d991bd4ff456d80166b59f19ead0053 CVE-2017-8073.patch"
sha256sums="0f9b00e3fe4d0a4e864111d4231e1756f7be5c1b2b6d17da43bd785ab9f035d8 weechat-1.2.tar.gz
11004a3ffeac5a4701f648f11079b404b86048825b5733caaf3bf8aa713ac6ff CVE-2017-8073.patch"
sha512sums="178dcebb6c8bb3843b6eb0927d4941fbc73a75464f33afcf0c211a4a2e7aa3492a7f4e67ef17f5ac610d56bab27f9b508f5bfc3f22512f3594e0c067c4c89e71 weechat-1.2.tar.gz
dda1e2f12c418acb8b0a63d9da2e2506c9f5c57654bf3699841c976b4a56ebd729578a777ec871c70015588133362582bd719d5f3cae38c01f329cfc49c739cc CVE-2017-8073.patch"
--- a/src/plugins/irc/irc-ctcp.c
+++ b/src/plugins/irc/irc-ctcp.c
@@ -510,7 +510,7 @@
int length;
length = strlen (filename);
- if (length > 0)
+ if (length > 1)
{
if ((filename[0] == '\"') && (filename[length - 1] == '\"'))
return weechat_strndup (filename + 1, length - 2);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment