[pkgsrc/trunk]: pkgsrc/chat/eggdrop Fix for the following:

[lkundrak <lkundrak%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2259ed897a51
branches:  trunk
changeset: 529000:2259ed897a51
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Tue May 22 16:47:04 2007 +0000

description:
Fix for the following:
eggdrop<=1.6.18         arbitrary-code-execution        http://www.eggheads.org/bugzilla/show_bug.cgi?id=462

diffstat:

 chat/eggdrop/Makefile         |   3 ++-
 chat/eggdrop/distinfo         |   4 +++-
 chat/eggdrop/patches/patch-al |  16 ++++++++++++++++
 chat/eggdrop/patches/patch-am |  16 ++++++++++++++++
 4 files changed, 37 insertions(+), 2 deletions(-)

diffs (68 lines):

diff -r 5a21d4e48c3d -r 2259ed897a51 chat/eggdrop/Makefile
--- a/chat/eggdrop/Makefile     Tue May 22 16:17:15 2007 +0000
+++ b/chat/eggdrop/Makefile     Tue May 22 16:47:04 2007 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2007/02/22 19:26:11 wiz Exp $
+# $NetBSD: Makefile,v 1.26 2007/05/22 16:47:04 lkundrak Exp $
 
 DISTNAME=      eggdrop1.6.17
 PKGNAME=       eggdrop-1.6.17
+PKGREVISION=   1
 CATEGORIES=    chat
 MASTER_SITES=  ftp://ftp.eggheads.org/pub/eggdrop/source/1.6/
 EXTRACT_SUFX=  .tar.bz2
diff -r 5a21d4e48c3d -r 2259ed897a51 chat/eggdrop/distinfo
--- a/chat/eggdrop/distinfo     Tue May 22 16:17:15 2007 +0000
+++ b/chat/eggdrop/distinfo     Tue May 22 16:47:04 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/12/01 20:42:42 joerg Exp $
+$NetBSD: distinfo,v 1.11 2007/05/22 16:47:04 lkundrak Exp $
 
 SHA1 (eggdrop1.6.17.tar.bz2) = 0e8a0b5506dde4a99f2be9f0700d6da65f54357f
 RMD160 (eggdrop1.6.17.tar.bz2) = 206d6d055b8efa66fde4a79c4cb3eacc4418ff01
@@ -13,3 +13,5 @@
 SHA1 (patch-ah) = a5360c748e16cbc3d6ae4f2968799e96007971f1
 SHA1 (patch-ai) = ee0cfe95a1aa9a883fd95db0fbc0cef60deb8e3a
 SHA1 (patch-ak) = 92f269a3f382a9f917d7e58c2cee5bb1d500ab6d
+SHA1 (patch-al) = 744ef092d0a25d4a267a968f139468361bda4f7d
+SHA1 (patch-am) = 19df141bab53fb1079f76fe6d880a44778c50c68
diff -r 5a21d4e48c3d -r 2259ed897a51 chat/eggdrop/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/eggdrop/patches/patch-al     Tue May 22 16:47:04 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-al,v 1.1 2007/05/22 16:47:04 lkundrak Exp $
+
+Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462
+
+--- src/mod/irc.mod/chan.c.orig        2007-05-22 18:29:41.000000000 +0200
++++ src/mod/irc.mod/chan.c
+@@ -2204,7 +2204,8 @@ static int gotmsg(char *from, char *msg)
+   if (!chan)
+     return 0;                   /* Private msg to an unknown channel?? */
+   fixcolon(msg);
+-  strcpy(uhost, from);
++  strncpy(uhost, from, UHOSTMAX);
++  uhost[UHOSTMAX] = '\0';
+   nick = splitnick(&uhost);
+   /* Only check if flood-ctcp is active */
+   if (flud_ctcp_thr && detect_avalanche(msg)) {
diff -r 5a21d4e48c3d -r 2259ed897a51 chat/eggdrop/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/eggdrop/patches/patch-am     Tue May 22 16:47:04 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-am,v 1.1 2007/05/22 16:47:05 lkundrak Exp $
+
+Fix for http://www.eggheads.org/bugzilla/show_bug.cgi?id=462
+
+--- src/mod/server.mod/servmsg.c.orig  2007-05-22 18:29:49.000000000 +0200
++++ src/mod/server.mod/servmsg.c
+@@ -424,7 +424,8 @@ static int gotmsg(char *from, char *msg)
+   to = newsplit(&msg);
+   fixcolon(msg);
+   /* Only check if flood-ctcp is active */
+-  strcpy(uhost, from);
++  strncpy(uhost, from, UHOSTMAX);
++  uhost[UHOSTMAX] = '\0';
+   nick = splitnick(&uhost);
+   if (flud_ctcp_thr && detect_avalanche(msg)) {
+     if (!ignoring) {