pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/chat/irssi irssi: add patch for buf.pl update as it is...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/07c452e98c9d
branches:  trunk
changeset: 353022:07c452e98c9d
user:      maya <maya%pkgsrc.org@localhost>
date:      Thu Sep 22 09:07:08 2016 +0000

description:
irssi: add patch for buf.pl update as it is shipped with irssi.

previously it would create a world readable file containing chat
logs when /upgrade was used.

while a security fix, you have to jump through many hoops to be
affected by it - we don't enable perl scripts by default, we
don't run that perl script by default, and you'd have to know that
/upgrade exists in the first place, and run on a system where world
readability of files is a concern.

still, grab upstream update, bump PKGREVISION.

diffstat:

 chat/irssi/Makefile                     |    3 +-
 chat/irssi/distinfo                     |    3 +-
 chat/irssi/patches/patch-scripts_buf.pl |  105 ++++++++++++++++++++++++++++++++
 3 files changed, 109 insertions(+), 2 deletions(-)

diffs (137 lines):

diff -r 6be842c0957b -r 07c452e98c9d chat/irssi/Makefile
--- a/chat/irssi/Makefile       Thu Sep 22 06:44:21 2016 +0000
+++ b/chat/irssi/Makefile       Thu Sep 22 09:07:08 2016 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.72 2016/08/14 21:10:35 maya Exp $
+# $NetBSD: Makefile,v 1.73 2016/09/22 09:07:08 maya Exp $
 
 DISTNAME=              ${IRSSI_DISTNAME}
 CATEGORIES=            chat
 EXTRACT_SUFX=          ${IRSSI_EXTRACT_SUFX}
+PKGREVISION=           1
 
 MAINTAINER=            maya%NetBSD.org@localhost
 HOMEPAGE=              http://www.irssi.org/
diff -r 6be842c0957b -r 07c452e98c9d chat/irssi/distinfo
--- a/chat/irssi/distinfo       Thu Sep 22 06:44:21 2016 +0000
+++ b/chat/irssi/distinfo       Thu Sep 22 09:07:08 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36 2016/09/21 20:53:57 maya Exp $
+$NetBSD: distinfo,v 1.37 2016/09/22 09:07:08 maya Exp $
 
 SHA1 (irssi-0.8.20.tar.gz) = 080be963f79be5921a0a5c359e163bb8c8fd9fbc
 RMD160 (irssi-0.8.20.tar.gz) = 4425bfc55f07b8113cd0d31055d5ad1d8e51e1e3
@@ -6,3 +6,4 @@
 Size (irssi-0.8.20.tar.gz) = 1565952 bytes
 SHA1 (patch-aa) = 83a0f6def09cb283aa55b63a249a81121748232b
 SHA1 (patch-ad) = 8cb41612afcd6088b869235166da9a6eb37e6ec7
+SHA1 (patch-scripts_buf.pl) = bd18e2b416f163849845fd14b5135c640a89d659
diff -r 6be842c0957b -r 07c452e98c9d chat/irssi/patches/patch-scripts_buf.pl
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/irssi/patches/patch-scripts_buf.pl   Thu Sep 22 09:07:08 2016 +0000
@@ -0,0 +1,105 @@
+$NetBSD: patch-scripts_buf.pl,v 1.1 2016/09/22 09:07:08 maya Exp $
+
+Don't create a world readable file containing chat contents.
+https://irssi.org/2016/09/22/buf.pl-update/
+
+--- scripts/buf.pl.orig        2016-08-11 12:59:21.000000000 +0000
++++ scripts/buf.pl
+@@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_a
+              settings_get_str settings_get_bool channels windows
+            settings_add_str settings_add_bool get_irssi_dir
+            window_find_refnum signal_stop);
+-$VERSION = '2.13';
++$VERSION = '2.20';
+ %IRSSI = (
+     authors   => 'Juerd',
+     contact   => 'juerd%juerd.nl@localhost',
+@@ -13,10 +13,8 @@ $VERSION = '2.13';
+     description       => 'Saves the buffer for /upgrade, so that no information is lost',
+     license   => 'Public Domain',
+     url               => 'http://juerd.nl/irssi/',
+-    changed   => 'Mon May 13 19:41 CET 2002',
+-    changes   => 'Severe formatting bug removed * oops, I ' .
+-                   'exposed Irssi to ircII foolishness * sorry ' .
+-                 '** removed logging stuff (this is a fix)',
++    changed   => 'Thu Sep 22 01:37 CEST 2016',
++    changes   => 'Fixed file permissions (leaked everything via filesystem)',
+     note1     => 'This script HAS TO BE in your scripts/autorun!',
+     note2     => 'Perl support must be static or in startup',
+ );
+@@ -39,9 +37,15 @@ use Data::Dumper;
+ 
+ my %suppress;
+ 
++sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir }
++
+ sub upgrade {
+-    open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+-    print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
++    my $fn = _filename;
++    my $old_umask = umask 0077;
++    open my $fh, q{>}, $fn or die "open $fn: $!";
++    umask $old_umask;
++
++    print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n";
+     for my $window (windows) {
+       next unless defined $window;
+       next if $window->{name} eq 'status';
+@@ -57,36 +61,39 @@ sub upgrade {
+               redo if defined $line;
+           }
+       }
+-      printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf;
++      printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf;
+     }
+-    close BUF;
++    close $fh;
+     unlink sprintf("%s/sessionconfig", get_irssi_dir);
+     command 'layout save';
+     command 'save';
+ }
+ 
+ sub restore {
+-    open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!;
+-    my @suppress = split /\0/, <BUF>;
++    my $fn = _filename;
++    open my $fh, q{<}, $fn or die "open $fn: $!";
++    unlink $fn or warn "unlink $fn: $!";
++
++    my @suppress = split /\0/, readline $fh;
+     if (settings_get_bool 'upgrade_suppress_join') {
+       chomp $suppress[-1];
+       @suppress{@suppress} = (2) x @suppress;
+     }
+     active_win->command('^window scroll off');
+-    while (my $bla = <BUF>){
++    while (my $bla = readline $fh){
+       chomp $bla;
+       my ($refnum, $lines) = split /:/, $bla;
+       next unless $lines;
+       my $window = window_find_refnum $refnum;
+       unless (defined $window){
+-          <BUF> for 1..$lines;
++          readline $fh for 1..$lines;
+           next;
+       }
+       my $view = $window->view;
+       $view->remove_all_lines();
+       $view->redraw();
+       my $buf = '';
+-      $buf .= <BUF> for 1..$lines;
++      $buf .= readline $fh for 1..$lines;
+       my $sep = settings_get_str 'upgrade_separator';
+       $sep .= "\n" if $sep ne '';
+       $window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep");
+@@ -119,3 +126,10 @@ signal_add       'event join'      => 's
+ unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) {
+     Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!');
+ }
++
++# Remove any left-over file. If 'session' doesn't exist (created by irssi
++# during /UPGRADE), neither should our file.
++unless (-e sprintf('%s/session', get_irssi_dir)) {
++    my $fn = _filename;
++    unlink $fn or warn "unlink $fn: $!" if -e $fn;
++}



Home | Main Index | Thread Index | Old Index